sheimo/awesome-lolbins-and-beyond external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

sheimo/awesome-lolbins-and-beyond

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sheimo/awesome-lolbins-and-beyond)

Close

sheimo / awesome-lolbins-and-beyondView on GitHubMore

• External links
• Readme badge

A curated list of awesome LOLBins, GTFO projects, and similar 'Living Off the Land' security resources.

☆210Feb 7, 2026Updated last month

Alternatives and similar repositories for awesome-lolbins-and-beyond

Users that are interested in awesome-lolbins-and-beyond are comparing it to the libraries listed below

• danzek / awesome-lol-commonly-abused

  View on GitHub
  Awesome list of Living off the Land (LOL) methods, tools, and features commonly abused by attackers
  ☆34Feb 28, 2026Updated last week
• MythicAgents / Xenon

  View on GitHub
  A Mythic agent for Windows written in C
  ☆159Mar 1, 2026Updated last week
• ricardojoserf / BOF_Files

  View on GitHub
  Repository to gather the BOF files I will be developing
  ☆11Oct 1, 2024Updated last year
• cybersectroll / SharpPersistSD

  View on GitHub
  ☆92May 15, 2024Updated last year
• ZephrFish / LOLSearches

  View on GitHub
  Living off the land searches for explorer and sharepoint
  ☆93Dec 7, 2025Updated 3 months ago
• EvilBytecode / Lifetime-AmsiBypass

  View on GitHub
  Lifetime AMSI bypass.
  ☆36Apr 21, 2025Updated 10 months ago
• dobin / RedEdr

  View on GitHub
  Collect Windows telemetry for Maldev
  ☆460Jan 30, 2026Updated last month
• S3N4T0R-0X0 / APTs-Adversary-Simulation

  View on GitHub
  This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom …
  ☆1,051Updated this week
• LOFL-Project / LOFLCAB

  View on GitHub
  ☆57Dec 13, 2024Updated last year
• Helixo32 / CrimsonEDR

  View on GitHub
  Simulate the behavior of AV/EDR for malware development training.
  ☆564Feb 15, 2024Updated 2 years ago
• EvilBytecode / PPID-Spoofing

  View on GitHub
  Parent Process ID Spoofing, coded in CGo.
  ☆24Apr 21, 2025Updated 10 months ago
• 0xAnalyst / Project-Lost

  View on GitHub
  Living Off Security Tools
  ☆59Nov 23, 2025Updated 3 months ago
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆79Aug 25, 2025Updated 6 months ago
• magisterquis / curlrevshell

  View on GitHub
  Kooky cURL-powered replacement for reverse shell via /dev/tcp
  ☆79Updated this week
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆129Oct 4, 2024Updated last year
• Karkas66 / EarlyCascadeImprooved

  View on GitHub
  an Improoved Version of 0xNinjaCyclone´s EarlyCascade Code
  ☆22Feb 20, 2025Updated last year
• Mayyhem / Maestro

  View on GitHub
  Abusing Azure services over C2
  ☆367Jan 20, 2026Updated last month
• anonymous300502 / Nuke-AMSI

  View on GitHub
  NukeAMSI is a powerful tool designed to neutralize the Antimalware Scan Interface (AMSI) in Windows environments.
  ☆176Dec 19, 2025Updated 2 months ago
• 0xBienCuit / InfraRed-AWS

  View on GitHub
  ☆62Dec 13, 2025Updated 2 months ago
• RoseSecurity / WolfPack

  View on GitHub
  WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.
  ☆150Jun 5, 2025Updated 9 months ago
• Karkas66 / CelestialSpark

  View on GitHub
  Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
  ☆103Mar 27, 2025Updated 11 months ago
• bitsadmin / lofl

  View on GitHub
  Living Off the Foreign Land setup scripts
  ☆74Feb 26, 2025Updated last year
• An0nUD4Y / AV-EDR-Lab-Environment-Setup

  View on GitHub
  AV/EDR Lab environment setup references to help in Malware development
  ☆425Feb 19, 2025Updated last year
• svch0stz / velociraptor-detections

  View on GitHub
  ☆22Jan 31, 2023Updated 3 years ago
• MaLDAPtive / Invoke-Maldaptive

  View on GitHub
  MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.
  ☆336Aug 7, 2024Updated last year
• Cobalt-Strike / bof_template

  View on GitHub
  A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use int…
  ☆252Nov 24, 2025Updated 3 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆382Dec 13, 2024Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• ricardojba / Even-More-Awesome-Mainframe-Hacking

  View on GitHub
  ☆15Oct 29, 2024Updated last year
• inzlain / sameuser

  View on GitHub
  Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual
  ☆14Jul 13, 2022Updated 3 years ago
• CyberSecurityUP / k8senumeration

  View on GitHub
  Kubernetes, Clusters and Dockers Enumeration in GCP and AWS environments
  ☆12Nov 23, 2023Updated 2 years ago
• ZephrFish / DynamicMSBuilder

  View on GitHub
  A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
  ☆38Dec 7, 2025Updated 3 months ago
• BlackSnufkin / LitterBox

  View on GitHub
  A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…
  ☆1,317Nov 12, 2025Updated 3 months ago
• lkarlslund / nifo

  View on GitHub
  Nuke It From Orbit - remove AV/EDR with physical access
  ☆274Dec 8, 2024Updated last year
• tkmru / awesome-edr-bypass

  View on GitHub
  Awesome EDR Bypass Resources For Ethical Hacking
  ☆1,490Jan 26, 2026Updated last month
• Offensive-Panda / ProcessInjectionTechniques

  View on GitHub
  This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at t…
  ☆436May 22, 2025Updated 9 months ago
• mlcsec / proctools

  View on GitHub
  Small toolkit for extracting information and dumping sensitive strings from Windows processes
  ☆117Jul 17, 2024Updated last year
• sec-consult / msiscan

  View on GitHub
  Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers
  ☆126Sep 12, 2024Updated last year
• HulkOperator / AuthStager

  View on GitHub
  ☆59Oct 24, 2024Updated last year