Cato Networks to Present on Living-Off-the-Cloud Attacks at BSidesSF 2025 

Cato CTRL to show how LOC attacks have become a popular threat vector 

TEL AVIV, Israel, April 17, 2025 – Cato Networks, the SASE leader, today announced that Matan Mittelman (threat prevention team leader at Cato Networks and member of Cato CTRL) will present at BSidesSF 2025 in San Francisco, which is an event designed for security engineers.  

The session, “From LOL to LOC: LOLBins are No Laughing Matter” (Saturday, April 26 at 3:00 PM PT), will provide an overview on the concepts of “living-off-the land” (LOL), “living-off-the-cloud” (LOC), and “living-off-the-land binaries” (LOLBins). Below is a brief summary:  

• Living-off-the-land: An attack technique where the threat actor uses native, legitimate tools within the victim’s system to sustain and advance an attack. 

• Living-off-the-cloud: An attack technique where the threat actor leverages built-in cloud services to execute malicious actions while blending into normal operations. 

• Living-off-the-land binaries: Binaries are components native to an operating system (OS). They can be leveraged and exploited by threat actors to gain additional access or permissions. 

Most notably, the session will dive deep into the growing popularity of LOC attacks for threat actors.  

“Living-off-the-land attacks have been around for years, but now we’re seeing a shift toward LOC: living-off-the-cloud,” said Matan Mittelman, threat prevention team leader at Cato Networks and member of Cato CTRL. “As cloud environments become an integral part of an organization’s IT infrastructure, it’s no surprise that threat actors are pivoting to exploit them. The cloud isn’t just infrastructure anymore for businesses. It’s also leveraged by threat actors for stealthy operations.” 

To learn more about Cato’s threat intelligence team, visit the Cato CTRL page.  

Resources 

• [Photo] Matan Mittelman 

About Cato CTRL 

Cato CTRL (Cyber Threats Research Lab) is the world’s first CTI group to fuse threat intelligence with granular network insight, made possible by Cato’s global SASE platform. By bringing together dozens of former military intelligence analysts, researchers, data scientists, academics and industry-recognized security professionals, Cato CTRL utilizes network data, security stack data, hundreds of security feeds, human intelligence operations, AI (Artificial Intelligence), and ML (Machine Learning) to shed light on the latest cyber threats and threat actors. 

About Cato Networks 

Cato Networks delivers enterprise security and networking in a single cloud platform. The SASE leader creates a seamless and elegant customer experience that effortlessly enables threat prevention, data protection, and timely incident detection and response. With Cato, organizations replace costly and rigid legacy infrastructure with an open and modular SASE architecture based on SD-WAN, a purpose-built global cloud network, and an embedded cloud-native security stack. 

Want to learn why thousands of organizations secure their future with Cato? Visit us at www.catonetworks.com. 

Media Contact 

Cato Communications 

press@catonetworks.com