LOLBAS project

LOLBAS stands for Living Off the Land Binaries And Scripts, a project’s primary main goal is to gather and document the Microsoft-signed and built-in tools used as Living Off the Land techniques, including binaries, scripts, and libraries.

The criteria for a tool to be considered a “Living Off the Land” technique and accepted as part of the LOLBAS project:

  • Microsoft-signed file native to the OS or downloaded from Microsoft.

  • Having additional interesting unintended functionality not covered by known use cases.

  • Benefits an APT (Advanced Persistent Threat) or Red Team engagement.

The LOLBAS project accepts tool submissions that fit one of the following functionalities:

  • Arbitrary code execution

  • File operations, including downloading, uploading, and copying files.

  • Compiling code

  • Persistence, including hiding data in Alternate Data Streams (ADS) or executing at logon.

  • UAC bypass

  • Dumping process memory

  • DLL injection