LOLBAS
The LOLBAS (Living Off The Land Binaries And Scripts) project aims to document every binary, script, and library that can be used for Living Off The Land techniques, which involve leveraging legitimate executables and scripts present in operating systems for malicious purposes. This project provides a comprehensive resource for security professionals to understand and mitigate the risks associated with these tools.
Specialties
Products
Integrations
LOLBAS
The Polarity - LOLBAS integration queries the LOLBAS github page every evening to pull down the latest living off the land binaries and scripts. Allowing analysts to have a complete understanding on how a particular executable will effect their network and find resources around it.
Examples
LOLBAS Data Overview
- Summary tags: When an analyst looks up a binary file in LOLBAS, they will quickly be able to see what the binary is and does.
- Information on the binary: When drilling into the details, analysts will be able to get high level information on the binary such as when it was created and who the author was if the analyst wanted to validate the information.
- Commands: While looking at the details, analysts will be able to get the full picture on how the binary works as they will be able to see what commands the binary uses and reference other materials on the commands. They will also be able to see what MITRE tactics the binaries utilize.
- Additional Context: Additionally analysts will be able to see what directories the binaries try and attack, as well as what additional Sigma information and resources on the binary.
Related Resources
Built By Polarity