Home

Awesome

LOLESXi is a curated list of living off the land behaviours observed via public reporting.

Please refer to NOTICE.md for license information.

<p align="center"> <a href="https://github.com/LOLESXi-Project/LOLESXi"> <img src="https://lolesxi-project.github.io/LOLESXi/assets/lolESXi-count.svg" /></a> <a href="https://github.com/LOLESXi-Project/LOLESXi/stargazers"> <img src="https://img.shields.io/github/stars/LOLESXi-Project/LOLESXi?style=social" /></a> </p>

Living Off the Land ESXi

<img src="assets/logo.png" height="250">

Goal

The goal of the LOLESXi project is to identify, track, and document native VMware ESXi binaries and scripts that adversaries utilise during offensive campaigns. By cataloging these tools, the project aims to raise awareness and provide information to enhance detection capabilities.

Criteria

The binary/script must contain any of the following:

Interesting functionality can include:

Contributing

If you would like to contribute, please review the contributing guidelines located here: https://github.com/LOLESXi-Project/LOLESXi/blob/main/CONTRIBUTE.md

The History of the LOLBin

The phrase "Living off the land" was coined by Christopher Campbell (@obscuresec) & Matt Graeber (@mattifestation) at DerbyCon 3.

The History about this project

The inspiration to create this project is based on the session Defending and Investigating Hypervisors by Anurag Khanna and Thirumalai Natarajan at the SANS DFIR Summit 2023. Our primary maintainer is (@blueteam0ps_)

Maintainers

The following folks help maintain the LOLESXi Project on their personal time:

Thanks

As with many open-source projects, this one is the product of a community and we would like to thank ours:

Notice