Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Encyclopedia for Executables

WelsonJS - Build a Windows app on the Windows built-in JavaScript engine

** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.

A curated list of awesome LOLBins, GTFO projects, and similar 'Living Off the Land' security resources.

An interactive shell to spoof some LOLBins command line

Small PoC of using a Microsoft signed executable as a lolbin.

LOLBINs that inject a DLL into a given process ID.

The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders understand how LOLBin binaries are used by threat actors during an intrusion in a graphical and digestible format for the TIPs platform using the STIX format.

PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin

Living Off Security Tools

Living off the land Data Exfiltration methods

PyQT5 app for LOLBAS and GTFOBins

Living off the Land (LOL) attack techniques, tools, and defender resources

A post-exploitation toolkit to simulate the weaponization and detection of native Windows binaries based on LOLBas framework.

No description available

Obfuscated PowerShell reverse shells for security research and testing purposes.

Best practice configuration for Linux auditd for CIS and STIG standards, enhanced with LOTL detection rules.

PoC for generating an APPWIZ.cpl module designed to be loaded by Fondue.exe LOLBin

Spoofing the Windows UAC "verified" publisher :)

Ultra-lightweight (~4KB) CLI tool to control Windows media playback. Built natively using csc.exe (Living Off the Land / LOLBin) without external dependencies.

HappyCamper is a Proof-of-Concept (PoC) tool designed for system administrators to enhance the security of Living off the Land Binaries (LoLBins) within enterprise environments

LOLGEN: Living Off The Land Payload Generator

This query identifies Microsoft-signed Binaries and Scripts that are not system initiated. This technique is commonly used in phishing attacks.

Ransomware dataset, containing dynamic behaviour of more than 60 distinct ransomware families.

A library of post-exploitation MacOS scripts based on threat emulation, LOObins, CTI, and MITRE ATT&CK.

A collection of specific commands used by threat actors, detailing their procedural implementations of tactics and techniques from the MITRE ATT&CK framework.

A tool designed to obfuscate and m*?k LOLbins paths in PowerShell.

A cli based to get information about LOLBins/LOLScripts quickly for Red Team operations