LOLBAS – Living Off The Land Binaries And Scripts

LOLBAS is the living off the land binaries and scripts.
All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io. 

This repo serves as a place where we maintain the YML files that are used by the fancy frontend.

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

Also Read : IP Obfuscator – Simple Tool to Social Engineer and Bypass Firewall

Criteria

A LOLBin/Lib/Script must:

  • Be a Microsoft-signed file, either native to the OS or downloaded from Microsoft.
  • Have extra “unexpected” functionality. It is not interesting to document intended use cases.
    • Exceptions are application whitelisting bypasses
  • Have functionality that would be useful to an APT or red team

Interesting functionality can include:

  • Executing code
    • Arbitrary code execution
    • Pass-through execution of other programs (unsigned) or scripts (via a LOLBin)
  • Compiling code
  • File operations
    • Downloading
    • Upload
    • Copy
  • Persistence
    • Pass-through persistence utilizing existing LOLBin
    • Persistence (e.g. hide data in ADS, execute at logon)
  • UAC bypass
  • Credential theft
  • Dumping process memory
  • Surveillance (e.g. keylogger, network trace)
  • Log evasion/modification
  • DLL side-loading/hijacking without being relocated elsewhere in the filesystem.

The History of the LOLBin

The phrase “Living off the land” was coined by Christopher Campbell (@obscuresec) & Matt Graeber (@mattifestation) at DerbyCon 3.

The term LOLBins came from a Twitter discussion on what to call binaries that can be used by an attacker to perform actions beyond their original purpose. Philip Goh (@MathCasualty) proposed LOLBins.

A highly scientific internet poll ensued, and after a general consensus (69%) was reached, the name was made official. Jimmy (@bohops) followed up with LOLScripts. No poll was taken.

Common hashtags for these files are:

  • #LOLBin
  • #LOLBins
  • #LOLScript
  • #LOLScripts
  • #LOLLib
  • #LOLLibs

Credit : ConsciousHacker

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 hours ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

22 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

24 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

1 day ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

1 day ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

1 day ago