LOLBins
The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders understand how LOLBin binaries are used by threat actors during an intrusion in a graphical and digestible format for the TIPs platform using the STIX format.
Install / Use
/learn @CTI-Driven/LOLBinsREADME
LOLBins CTI-Driven
<p align="center"> <img src="logo.png" style="border-radius:60px;width:20%;height:auto"> </p>The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders understand how LOLBin binaries are used by threat actors during an intrusion in a graphical and digestible format for the TIPs platform using the STIX format. Therefore providing valuable insights and context about LOLBins from a Cyber threat Intel and Cyber defence perspective.
This includes :
- Associated campaigns
- Associated APTs
- Associated TTPs
- Associated Malware
- Associated commands
- Associated Mitigations
- Associated CVEs
Workflow diagram
Output Samples:
STIX2 Visualizer
JSON Crack Visualizer
YouTube Video Demo:
Agenda for 2023-2024:
- Add the Top 15 LOLBins files that are being used by threat actors.
- Add an API to streamline the passing of LOLBinCTI-Driven JSON files to the TIPs platform.
Author:
Linkedin : Nounou Mbeiri
Twitter : @Nounou Mbeiri
Related Living-Off-the-Land Binaries projects:
https://lolol.farm
Thanks:
Related Skills
node-connect
329.7kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
81.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
329.7kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
81.2kCommit, push, and open a PR
