{"id":5170,"date":"2026-01-29T20:03:07","date_gmt":"2026-01-29T20:03:07","guid":{"rendered":"https:\/\/bihavadis.com\/?p=5170"},"modified":"2026-01-29T20:03:07","modified_gmt":"2026-01-29T20:03:07","slug":"living-off-the-land-lotl-saldirilarindan-korunma-yontemleri-neler","status":"publish","type":"post","link":"https:\/\/bihavadis.com\/index.php\/2026\/01\/29\/living-off-the-land-lotl-saldirilarindan-korunma-yontemleri-neler\/","title":{"rendered":"Living-off-the-Land (LotL) Sald\u0131r\u0131lar\u0131ndan Korunma Y\u00f6ntemleri Neler?"},"content":{"rendered":"

Siber g\u00fcvenlikte, “Living-off-the-land” (LotL) sald\u0131r\u0131lar\u0131n\u0131n tespiti giderek zorla\u015f\u0131yor. Bu sald\u0131r\u0131lar, harici k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara g\u00fcvenmek yerine PowerShell, WMI veya Office makrolar\u0131 gibi me\u015fru sistem ara\u00e7lar\u0131n\u0131 kullan\u0131yor ve sald\u0131rganlar\u0131n bir a\u011f i\u00e7inde gizlice hareket etmesini sa\u011fl\u0131yor. Geleneksel g\u00fcvenlik \u00f6nlemleri, g\u00fcvenilir, dijital olarak imzalanm\u0131\u015f ara\u00e7lar kulland\u0131klar\u0131 i\u00e7in bu sald\u0131r\u0131lar\u0131 tespit etmekte zorlan\u0131yor. LotL sald\u0131r\u0131lar\u0131, tespit edilmekten ka\u00e7\u0131nd\u0131klar\u0131 ve izlenme riskini de azaltt\u0131klar\u0131 i\u00e7in siber su\u00e7lulara cazip geliyor. Bu yakla\u015f\u0131m, sald\u0131rganlar\u0131n daha uzun s\u00fcre gizli kalmas\u0131n\u0131 sa\u011flad\u0131\u011f\u0131 i\u00e7in ba\u015far\u0131l\u0131 bir ihlal \u015fans\u0131n\u0131 da artt\u0131r\u0131yor. WatchGuard T\u00fcrkiye ve Yunanistan \u00dclke M\u00fcd\u00fcr\u00fc Yusuf Evmez, LotL sald\u0131r\u0131lar\u0131nda kullan\u0131lan yayg\u0131n teknikleri ve bu t\u00fcr sald\u0131r\u0131lara kar\u015f\u0131 korunma yollar\u0131n\u0131 a\u00e7\u0131kl\u0131yor.<\/strong><\/p>\n

\u00a0<\/strong><\/p>\n

Siber g\u00fcvenlik d\u00fcnyas\u0131nda “Living-off-the-land” (LotL) sald\u0131r\u0131lar\u0131, giderek artan bir endi\u015fe kayna\u011f\u0131 haline geliyor. Bu sald\u0131r\u0131 t\u00fcr\u00fc, siber su\u00e7lular\u0131n mevcut sistem ara\u00e7lar\u0131n\u0131 kullanarak hedefe sald\u0131rmalar\u0131n\u0131 ve a\u011flarda fark edilmeden dola\u015fmalar\u0131n\u0131 sa\u011fl\u0131yor. Hali haz\u0131rda bulunan mevcut sistemler, normal i\u015fleyi\u015fin bir par\u00e7as\u0131 olarak kabul edildi\u011finden tespit edilme olas\u0131l\u0131\u011f\u0131 da b\u00fcy\u00fck oranda azal\u0131yor. B\u00f6ylelikle hedef sistemde uzun s\u00fcre kalabilme imkan\u0131 do\u011fuyor. Sistem \u00fczerinde kontrol sa\u011flamak, verilerin \u00e7al\u0131nmas\u0131 ve itibar zedelenmesi gibi bir\u00e7ok amac\u0131 olabilen bu sald\u0131r\u0131, hedefe sistem i\u00e7erisindeki kaynaklar\u0131 kullanarak ula\u015ft\u0131\u011f\u0131ndan \u015f\u00fcphe olu\u015fturmuyor. WatchGuard T\u00fcrkiye ve Yunanistan \u00dclke M\u00fcd\u00fcr\u00fc Yusuf Evmez, siber g\u00fcvenlik alan\u0131nda ba\u015far\u0131 elde etmek i\u00e7in Living-off-the-land sald\u0131r\u0131lar\u0131n\u0131n yayg\u0131n tekniklerini ve korunma yollar\u0131n\u0131 a\u00e7\u0131klarken bu sald\u0131r\u0131lara kar\u015f\u0131 daima haz\u0131rl\u0131kl\u0131 olunmas\u0131 ve proaktif savunma stratejileri geli\u015ftirmesi gerekti\u011fini vurguluyor.<\/p>\n

\u00a0<\/p>\n

LotL Sald\u0131r\u0131lar\u0131ndaki Yayg\u0131n Teknikler Neler?<\/strong><\/p>\n

\u00a0<\/strong><\/p>\n

1. PowerShell<\/strong>:<\/em>\u00a0Sistem y\u00f6neticileri taraf\u0131ndan aktif bir \u015fekilde kullan\u0131lan ve Windows sistemleri i\u00e7in g\u00fc\u00e7l\u00fc bir komut sat\u0131r\u0131 olan PowerShell, siber sald\u0131rganlar taraf\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 komut dosyalar\u0131n\u0131 indirmek ve \u00e7al\u0131\u015ft\u0131rmak, uzak ba\u011flant\u0131lar kurmak veya sistem ayarlar\u0131n\u0131 belirgin izler b\u0131rakmadan de\u011fi\u015ftirmek i\u00e7in kullan\u0131l\u0131r.\u00a0<\/p>\n

\u00a0<\/p>\n

2. WMI<\/strong>:<\/em>\u00a0Windows i\u015fletim sistemleri i\u00e7in bir y\u00f6netim altyap\u0131s\u0131 olan WMI, sistem bilgilerini toplamak ve y\u00f6netim g\u00f6revlerini yerine getirmek i\u00e7in kullan\u0131l\u0131r. Kullan\u0131c\u0131 eri\u015fimi olmaks\u0131z\u0131n uzaktan komutlar\u0131 y\u00fcr\u00fctmek, zay\u0131f noktalar\u0131 belirlemek i\u00e7in sistem verilerini toplamak veya sistemde kal\u0131c\u0131l\u0131\u011f\u0131 sa\u011flamak i\u00e7in kullan\u0131l\u0131r.\u00a0<\/p>\n

\u00a0<\/p>\n

3. Uzaktan Y\u00f6netim Ara\u00e7lar\u0131<\/strong>:<\/em>\u00a0PsExec gibi ara\u00e7lar, k\u00f6t\u00fc ama\u00e7l\u0131 komutlar\u0131 uzaktan y\u00fcr\u00fcterek hedef sistem \u00fczerinde de\u011fi\u015fiklik yapmak i\u00e7in yeniden kullan\u0131labilir.\u00a0<\/p>\n

\u00a0<\/p>\n

4. Office Makrolar\u0131<\/strong>:<\/em>\u00a0Office belgelerine yerle\u015ftirilen k\u00f6t\u00fc ama\u00e7l\u0131 makrolar, a\u00e7\u0131ld\u0131\u011f\u0131nda kodu \u00e7al\u0131\u015ft\u0131rarak kullan\u0131c\u0131 g\u00fcvenini suistimal eder ve sistemlere s\u0131zabilir.<\/p>\n

\u00a0<\/p>\n

Living-off-the-land Sald\u0131r\u0131lar\u0131na Kar\u015f\u0131 Korunman\u0131n 4 Yolu<\/strong><\/p>\n

\u00a0<\/p>\n

1. Uygulama Denetimi:<\/strong><\/em>\u00a0PowerShell ve WMI gibi ara\u00e7lar\u0131 belirli kullan\u0131c\u0131lar ve i\u015flemlerle s\u0131n\u0131rlay\u0131n.<\/p>\n

\u00a0<\/p>\n

2. Remote Shell ile Soru\u015fturma ve H\u0131zl\u0131 M\u00fcdahalenin Geni\u015fletilmesi:<\/strong><\/em>\u00a0WatchGuard Advanced EPDR’nin yeni s\u00fcr\u00fcm\u00fc, dosyalar\u0131 almak, i\u015flemleri incelemek ve hatta Windows, Linux veya macOS olsun u\u00e7 noktada do\u011frudan eylemde bulunmak i\u00e7in uzak bir kabuk a\u00e7ma yetene\u011fini i\u00e7eriyor.<\/p>\n

\u00a0<\/p>\n

3. Risk Olu\u015fturan Ba\u011flant\u0131lar Konusunda Dikkat:<\/strong><\/em>\u00a0<\/strong>A\u011f segmentasyonu kullan\u0131larak farkl\u0131 a\u011f segmentleri veya u\u00e7 noktalar\u0131 aras\u0131ndaki ileti\u015fimin s\u0131n\u0131rland\u0131r\u0131lmas\u0131, sald\u0131rganlar\u0131n LotL tekniklerini kullanarak yanal olarak hareket etmesini \u00f6nleyebilir.<\/p>\n

\u00a0<\/p>\n

4. E\u011fitim ve Fark\u0131ndal\u0131k:<\/strong><\/em>\u00a0\u00c7al\u0131\u015fanlara makrolar\u0131n riskleri ve y\u00f6netim ara\u00e7lar\u0131n\u0131n g\u00fcvenli kullan\u0131m\u0131 konusunda e\u011fitim verilmesi, k\u00f6t\u00fc ama\u00e7l\u0131 komut dosyalar\u0131n\u0131n yanl\u0131\u015fl\u0131kla y\u00fcr\u00fct\u00fclmesinin \u00f6nlenmesine yard\u0131mc\u0131 olabilir.<\/p>\n

\u00a0<\/p>\n

5. \u0130zleme ve Otomatik Davran\u0131\u015f Analizi<\/strong>:<\/em>\u00a0Yaln\u0131zca imzalara veya u\u00e7 nokta teknolojisine g\u00fcvenmek yerine, ola\u011fand\u0131\u015f\u0131 sistem etkinliklerini tespit etmek i\u00e7in bulutta davran\u0131\u015f analiti\u011fini kullan\u0131n. Stratejilerin ba\u015far\u0131l\u0131 bir \u015fekilde uygulanmas\u0131 i\u00e7in, g\u00fcvenilmeyen uygulamalar\u0131 engelleyen ve yaln\u0131zca g\u00fcvenilirliklerini do\u011frulad\u0131ktan sonra y\u00fcr\u00fct\u00fclmelerine izin veren S\u0131f\u0131r G\u00fcven Uygulama Hizmeti ve Tehdit Av\u0131 Hizmetinin yan\u0131 s\u0131ra, WatchGuard Advanced EPDR, g\u00fcvenlik analistlerinin LotL tekniklerini kullanarak bir sald\u0131rgan\u0131n varl\u0131\u011f\u0131n\u0131 h\u0131zla tespit edip yan\u0131t vermesini sa\u011flayan i\u015flevler sunuyor.\u00a0<\/p>\n

Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"

Siber g\u00fcvenlikte, “Living-off-the-land” (LotL) sald\u0131r\u0131lar\u0131n\u0131n tespiti giderek zorla\u015f\u0131yor. Bu sald\u0131r\u0131lar, harici k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara g\u00fcvenmek yerine PowerShell, WMI veya Office makrolar\u0131 gibi me\u015fru sistem ara\u00e7lar\u0131n\u0131 kullan\u0131yor ve sald\u0131rganlar\u0131n bir a\u011f i\u00e7inde gizlice hareket etmesini sa\u011fl\u0131yor.<\/p>\n","protected":false},"author":1,"featured_media":5171,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[1104,293,1103,344,1105],"class_list":["post-5170","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-araclar","tag-guven","tag-saldirilari","tag-sistem","tag-tespit"],"_links":{"self":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/5170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/comments?post=5170"}],"version-history":[{"count":1,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/5170\/revisions"}],"predecessor-version":[{"id":5172,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/5170\/revisions\/5172"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media\/5171"}],"wp:attachment":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media?parent=5170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/categories?post=5170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/tags?post=5170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}