> [!Info] > This page is currently a work in progress. - Legitimate system tools that are commonly abused by attackers. - Examples: `powershell.exe`, `rundll32.exe`, `wmic.exe`. - Can be difficult to detect since they are trusted binaries. ## Resources ### [LOLBAS](https://lolbas-project.github.io/) - Living Off The Land Binaries, Scripts and Libraries - The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques. ### [GTFOBins](https://gtfobins.github.io/) - UNIX binaries - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. ### [LOLDrivers](https://www.loldrivers.io/) - Living Off The Land Drivers - Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks.