LOLBAS project
LOLBAS stands for Living Off the Land Binaries And Scripts, a project’s primary main goal is to gather and document the Microsoft-signed and built-in tools used as Living Off the Land techniques, including binaries, scripts, and libraries.
The criteria for a tool to be considered a “Living Off the Land” technique and accepted as part of the LOLBAS project:
Microsoft-signed file native to the OS or downloaded from Microsoft.
Having additional interesting unintended functionality not covered by known use cases.
Benefits an APT (Advanced Persistent Threat) or Red Team engagement.
The LOLBAS project accepts tool submissions that fit one of the following functionalities:
Arbitrary code execution
File operations, including downloading, uploading, and copying files.
Compiling code
Persistence, including hiding data in Alternate Data Streams (ADS) or executing at logon.
UAC bypass
Dumping process memory
DLL injection