Living Off the Living Off the Land


A great collection of resources to thrive off the land

logo link description Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain File extensions being used by attackers maps Windows APIs to common techniques used by malware This project provides an curated list of DLL Hijacking candidates WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes This project was made because exploitation isn’t limited to binaries using command line techniques. Both built-in and third-party applications have been used & abused for adversarial gain since the dawn of time, and knowing these methods can help when all else fail. Curated list of known malicious bootloaders for various operating systems. The project aims to assist security professionals in staying informed and mitigating potential threats associated with bootloaders
BYOL Bring Your Own Land (BYOL) Living Off The Hardware is a resource collection that provides guidance on identifying and utilizing malicious hardware and malicious devices WTFBin is a binary that behaves exactly like malware, except, somehow, it’s not Living Off the Foreign Land (LOFL) are LOFL Cmdlets and Binaries (LOFLCABs) that are capable of performing activities from the local (Offensive Windows) system to a REMOTE system This contains information about Windows persistence mechanisms to make the protection/detection more efficient