GIAC Certified Incident Handler (GCIH) — Question 148

An analyst finds that a malicious program contains the instructions add 10, eax followed by sub 10, eax. What technique was the attacker likely using?

Answer options

• A. Ghostwriting
• B. Code signing
• C. Compile After Delivery
• D. Living Off the Land

Correct answer: D

Explanation

The correct answer is D, Living Off the Land, as it refers to the practice of using existing tools in the environment for malicious purposes. The other options do not apply because Ghostwriting relates to deception in code attribution, Code signing is about verifying code integrity, and Compile After Delivery involves compiling code after it has been delivered, which is not relevant here.