A curated index · Updated regularly

Living Off the Living Off the Land

A single, searchable directory of the community's Living-Off-the-Land security research — every LOLBin, LOLDriver, and adjacent project, indexed and cross-referenced by platform and focus area.

Projects
Tags
Platforms
λsearch
/ to focus · Esc to clear
0 results ·
// projects
sorted by relevance

LoFP

br0k3nlab.com/LoFP

Living off the False Positive — an autogenerated collection of false positives sourced from popular rule sets, categorized by ATT&CK techniques, rule source, and data source.

LOLDrivers

loldrivers.io

Living Off The Land Drivers — a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks.

GTFOBins

gtfobins.github.io

A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

LOLBAS

lolbas-project.github.io

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

LOTS Project

lots-project.com

Attackers use popular legitimate domains for phishing, C&C, exfiltration and tool downloads to evade detection. This list catalogs domains that allow user-controlled subdomains.

FileSec

filesec.io

File extensions being used by attackers — a reference for defenders tracking evolving delivery techniques.

MalAPI.io

malapi.io

Maps Windows APIs to common techniques used by malware.

HijackLibs

hijacklibs.net

A curated list of DLL Hijacking candidates for Windows environments.

WADComs

wadcoms.github.io

An interactive cheat sheet of offensive security tools and commands for Windows/AD environments.

LOOBins

loobins.io

Living Off the Orchard: macOS Binaries — detailed information on built-in macOS binaries and how threat actors abuse them.

LOLApps

lolapps-project.github.io

Exploitation isn't limited to command-line binaries — built-in and third-party applications get abused too. This project catalogs those techniques.

Bootloaders

bootloaders.io

A curated list of known malicious bootloaders across operating systems, helping defenders stay informed on bootloader-based threats.

Bring Your Own Land

mandiant.com

BYOL — a red-teaming technique where operators carry their own tools instead of relying on what's present on the target.

Living Off The Hardware

lothardware.com.tr

A resource collection for identifying and utilizing malicious hardware and devices.

WTFBins

wtfbins.wtf

A WTFBin is a binary that behaves exactly like malware — except, somehow, it's not.

LOFL Project

lofl-project.github.io

Living Off the Foreign Land — Cmdlets and Binaries (LOFLCABs) that perform activities from the local Windows system against a remote system.

Persistence Info

persistence-info.github.io

Information on Windows persistence mechanisms, organized to make protection and detection more efficient.

lolcerts

github.com/WithSecureLabs/lolcerts

Details of code-signing certificates known to be abused in the wild — stolen or legally-acquired, then used to sign malware.

LOTP

boostsecurityio.github.io/lotp

Catalogs CI/CD tools with lesser-known RCE-by-design features ("foot guns") that enable arbitrary code execution through untrusted changes or workflow injection.

lolbins-cti driven

lolbins-ctidriven.vercel.app

Helps cyber defenders understand how LOLBin binaries are used by threat actors during an intrusion, in a graphical and digestible format.

LOLESXi

lolesxi-project.github.io

A comprehensive list of binaries and scripts natively available in VMware ESXi that adversaries have used in their operations.

LOLRMM

lolrmm.io

A curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors.

LOT Webhooks

lotwebhooks.github.io

A community-driven project documenting webhooks that may be exploited for data exfiltration and C2 communications.

Project-Lost

0xanalyst.github.io/Project-Lost

A curated list of security tools used by adversaries to bypass security controls and carry out attacks.

LOT Tunnels

lottunnels.github.io

Documents digital tunnels that can be abused by threat actors or insiders for data exfiltration, persistence, and shell access.

LOLAD

lolad-project.github.io

A comprehensive collection of Active Directory techniques, commands, and functions usable natively for offensive security operations and red team exercises.

LOLC2

lolc2.github.io

A collection of C2 frameworks that leverage legitimate services to evade detection.

LOLAPI

themagicclaw.github.io/LOLAPI

Real-world abused APIs across Windows, cloud, and browser platforms — with detection strategies, mitigation guidance, and red-team POCs.

LOLEXFIL

lolexfil.github.io

A comprehensive catalog of data exfiltration methods with detection patterns, simulation examples, IOC artifacts, and ATT&CK mappings.

LOLFSaaS

lolfsaas.github.io

Living Off Free SaaS — a directory of free SaaS platforms used for C2, exfiltration, and adversary tooling, with ATT&CK mappings and detection logic.

LOTE

lote-project.github.io

Living Off Trusted Email — a quick-reference for leveraging trusted platforms' email features to deliver phishing during social engineering campaigns.