LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of adversarial activities targeting ESXi hosts
☆143Feb 2, 2026Updated last month
Alternatives and similar repositories for LOLESXi
Users that are interested in LOLESXi are comparing it to the libraries listed below
Sorting:
- TokenCert☆102Nov 15, 2024Updated last year
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆361Dec 13, 2025Updated 2 months ago
- ☆14Mar 19, 2024Updated last year
- Mapping of open-source detection rules and atomic tests.☆201Feb 16, 2026Updated 2 weeks ago
- Living Off The Land Drivers☆1,418Feb 12, 2026Updated 2 weeks ago
- Smart Card PIN swiping DLL☆78Oct 4, 2020Updated 5 years ago
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- Repository of Microsoft Driver Block Lists based off of OS-builds☆43Apr 14, 2024Updated last year
- Living Off Security Tools☆58Nov 23, 2025Updated 3 months ago
- ☆64May 31, 2024Updated last year
- ☆89Jul 18, 2023Updated 2 years ago
- Scripts to interact with Microsoft Graph APIs☆44Nov 7, 2024Updated last year
- ☆252Jun 7, 2025Updated 8 months ago
- A BOF to enumerate system process, their protection levels, and more.☆125Nov 27, 2024Updated last year
- lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection☆257Jan 29, 2026Updated last month
- ☆121Nov 21, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- Protect your Domain Controllers by auditing and restricting LDAP requests☆180May 29, 2025Updated 9 months ago
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆197Nov 5, 2025Updated 3 months ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆817Feb 17, 2025Updated last year
- Abusing Azure services over C2☆368Jan 20, 2026Updated last month
- SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and s…☆63Sep 2, 2020Updated 5 years ago
- PoC XLL builder in Python/Nim☆49Nov 21, 2022Updated 3 years ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- ☆292Jul 20, 2023Updated 2 years ago
- ☆231Jun 10, 2025Updated 8 months ago
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- a tiny program to consume from ETW providers for research☆54Jan 4, 2025Updated last year
- ☆65Mar 15, 2024Updated last year
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆275Dec 27, 2024Updated last year
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- C# Tool to interact with MS Exchange based on MS docs☆102Dec 7, 2022Updated 3 years ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆323Oct 12, 2025Updated 4 months ago
- ☆143May 17, 2023Updated 2 years ago
- ☆15May 3, 2024Updated last year
- Random scripts for azure stuff☆14Oct 12, 2022Updated 3 years ago
- Search an entire directory of .eml email files for a word or phrase... in over 100 languages.☆12Feb 28, 2023Updated 3 years ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆496Dec 22, 2025Updated 2 months ago