LOLESXi-Project/LOLESXi external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

LOLESXi-Project/LOLESXi

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/LOLESXi-Project/LOLESXi)

Close

LOLESXi-Project / LOLESXiView on GitHubMore

• External links
• Readme badge

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of adversarial activities targeting ESXi hosts

☆154May 3, 2026Updated last month

Alternatives and similar repositories for LOLESXi

Users that are interested in LOLESXi are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• xalicex / LOLDrivers_finder

  View on GitHub
  ☆91Jul 18, 2023Updated 2 years ago
• krdmnbrk / AttackRuleMap

  View on GitHub
  Mapping of open-source detection rules and atomic tests.
  ☆212Feb 16, 2026Updated 3 months ago
• magicsword-io / LOLDrivers

  View on GitHub
  Living Off The Land Drivers
  ☆1,663Updated this week
• 0xAnalyst / Project-Lost

  View on GitHub
  Living Off Security Tools
  ☆63Nov 23, 2025Updated 6 months ago
• xpn / malIDP

  View on GitHub
  ☆14Mar 19, 2024Updated 2 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• nettitude / TokenCert

  View on GitHub
  TokenCert
  ☆104Nov 15, 2024Updated last year
• jonny-jhnson / MSFT_DriverBlockList

  View on GitHub
  Repository of Microsoft Driver Block Lists based off of OS-builds
  ☆46Apr 14, 2024Updated 2 years ago
• synacktiv / GPOddity

  View on GitHub
  The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
  ☆366Dec 13, 2025Updated 6 months ago
• lawndoc / Respotter

  View on GitHub
  Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.
  ☆200Nov 5, 2025Updated 7 months ago
• cudeso / proof-value-cti

  View on GitHub
  Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.
  ☆54Oct 23, 2024Updated last year
• Octoberfest7 / Enumprotections_BOF

  View on GitHub
  A BOF to enumerate system process, their protection levels, and more.
  ☆125Nov 27, 2024Updated last year
• Intrinsec / mplog_parser

  View on GitHub
  This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.
  ☆22Sep 30, 2022Updated 3 years ago
• Mr-Un1k0d3r / MsGraphFunzy

  View on GitHub
  Scripts to interact with Microsoft Graph APIs
  ☆46Nov 7, 2024Updated last year
• jonny-jhnson / JonMon

  View on GitHub
  ☆263Jun 7, 2025Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• zeronetworks / ldapfw

  View on GitHub
  Protect your Domain Controllers by auditing and restricting LDAP requests
  ☆190May 29, 2025Updated last year
• CCob / PinSwipe

  View on GitHub
  Smart Card PIN swiping DLL
  ☆79Oct 4, 2020Updated 5 years ago
• lolc2 / lolc2.github.io

  View on GitHub
  lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
  ☆329Apr 22, 2026Updated last month
• FalconForceTeam / FalconHound

  View on GitHub
  FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…
  ☆821Apr 18, 2026Updated last month
• THEVER1TAS / sysmon-config

  View on GitHub
  Sysmon configuration file templates with advanced event tracing and blocking
  ☆58May 8, 2026Updated last month
• olafhartong / PockETWatcher

  View on GitHub
  a tiny program to consume from ETW providers for research
  ☆55Jan 4, 2025Updated last year
• ACE-Responder / rpcfirewall-extended-telemetry

  View on GitHub
  ☆16May 3, 2024Updated 2 years ago
• vxunderground / OCRMe

  View on GitHub
  Tool designed to exfiltrate OneDrive Business OCR Data
  ☆127Jan 27, 2025Updated last year
• nettitude / SharpConflux

  View on GitHub
  ☆65Mar 15, 2024Updated 2 years ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• mvelazc0 / msInvader

  View on GitHub
  M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…
  ☆328Oct 12, 2025Updated 8 months ago
• alwashali / yaa

  View on GitHub
  yaa - yaml search for humans
  ☆12Dec 8, 2025Updated 6 months ago
• kapellos / VladimiRED

  View on GitHub
  ☆19Dec 18, 2024Updated last year
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆384Dec 13, 2024Updated last year
• two06 / CerealKiller

  View on GitHub
  .NET deserialization hunter
  ☆90Jul 21, 2024Updated last year
• AirbusProtect / AD-Canaries

  View on GitHub
  The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…
  ☆260Nov 24, 2023Updated 2 years ago
• magicsword-io / LOLRMM

  View on GitHub
  LotL RMM
  ☆368Updated this week
• MHaggis / PowerShell-Hunter

  View on GitHub
  PowerShell tools to help defenders hunt smarter, hunt harder.
  ☆484Oct 29, 2025Updated 7 months ago
• mandiant / msi-search

  View on GitHub
  ☆291Jul 20, 2023Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• sheimo / awesome-lolbins-and-beyond

  View on GitHub
  A curated list of awesome LOLBins, GTFO projects, and similar 'Living Off the Land' security resources.
  ☆214Feb 7, 2026Updated 4 months ago
• thefLink / Hunt-Sleeping-Beacons

  View on GitHub
  Aims to identify sleeping beacons
  ☆669Jan 25, 2026Updated 4 months ago
• decoder-it / RelabelAbuse

  View on GitHub
  ☆63May 31, 2024Updated 2 years ago
• AI-redteam / sherl0ck

  View on GitHub
  Search an entire directory of .eml email files for a word or phrase... in over 100 languages.
  ☆12Feb 28, 2023Updated 3 years ago
• trustedsec / specula

  View on GitHub
  ☆236Jun 10, 2025Updated last year
• layer8secure / SilentHound

  View on GitHub
  Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.
  ☆504Jan 23, 2023Updated 3 years ago
• Velocidex / velociraptor-sigma-rules

  View on GitHub
  A Compiler from Sigma rules to VQL
  ☆19May 18, 2026Updated 3 weeks ago