sheimo / awesome-lolbins-and-beyondView external linksLinks
A curated list of awesome LOLBins, GTFO projects, and similar 'Living Off the Land' security resources.
☆207Feb 7, 2026Updated last week
Alternatives and similar repositories for awesome-lolbins-and-beyond
Users that are interested in awesome-lolbins-and-beyond are comparing it to the libraries listed below
Sorting:
- Awesome list of Living off the Land (LOL) methods, tools, and features commonly abused by attackers☆34Apr 2, 2025Updated 10 months ago
- A Mythic agent for Windows written in C☆156Updated this week
- Repository to gather the BOF files I will be developing☆11Oct 1, 2024Updated last year
- ☆92May 15, 2024Updated last year
- Living off the land searches for explorer and sharepoint☆92Dec 7, 2025Updated 2 months ago
- Lifetime AMSI bypass.☆36Apr 21, 2025Updated 9 months ago
- Collect Windows telemetry for Maldev☆455Jan 30, 2026Updated 2 weeks ago
- This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom …☆1,036Jan 11, 2026Updated last month
- ☆56Dec 13, 2024Updated last year
- Simulate the behavior of AV/EDR for malware development training.☆562Feb 15, 2024Updated 2 years ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆78Aug 25, 2025Updated 5 months ago
- Parent Process ID Spoofing, coded in CGo.☆24Apr 21, 2025Updated 9 months ago
- Living Off Security Tools☆58Nov 23, 2025Updated 2 months ago
- Kooky cURL-powered replacement for reverse shell via /dev/tcp☆77Jan 24, 2026Updated 3 weeks ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆128Oct 4, 2024Updated last year
- an Improoved Version of 0xNinjaCyclone´s EarlyCascade Code☆22Feb 20, 2025Updated 11 months ago
- Abusing Azure services over C2☆368Jan 20, 2026Updated 3 weeks ago
- ☆62Dec 13, 2025Updated 2 months ago
- NukeAMSI is a powerful tool designed to neutralize the Antimalware Scan Interface (AMSI) in Windows environments.☆174Dec 19, 2025Updated last month
- WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.☆150Jun 5, 2025Updated 8 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Mar 27, 2025Updated 10 months ago
- Living Off the Foreign Land setup scripts☆74Feb 26, 2025Updated 11 months ago
- A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use int…☆244Nov 24, 2025Updated 2 months ago
- AV/EDR Lab environment setup references to help in Malware development☆424Feb 19, 2025Updated 11 months ago
- ☆22Jan 31, 2023Updated 3 years ago
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆336Aug 7, 2024Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆345Nov 19, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- Kubernetes, Clusters and Dockers Enumeration in GCP and AWS environments☆12Nov 23, 2023Updated 2 years ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- ☆13Oct 29, 2024Updated last year
- Monitoring Windows processes tool for malware analysis. Inspired by Regshot tool.☆12Jun 24, 2024Updated last year
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…☆1,301Nov 12, 2025Updated 3 months ago
- A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation☆38Dec 7, 2025Updated 2 months ago
- Awesome EDR Bypass Resources For Ethical Hacking☆1,470Jan 26, 2026Updated 3 weeks ago
- Nuke It From Orbit - remove AV/EDR with physical access☆271Dec 8, 2024Updated last year
- This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at t…☆433May 22, 2025Updated 8 months ago
- Small toolkit for extracting information and dumping sensitive strings from Windows processes☆116Jul 17, 2024Updated last year
- Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers☆125Sep 12, 2024Updated last year