LOLEXFIL
Reference for data exfiltration methods using trusted tools - LOLBins, RMM tools, backup software, cloud storage services, tunneling protocols, browser extensions, data bouncing, and more. 200 tools across 10 categories, each with:
- endpoint and network detection patterns
- simulation commands
- DFIR artifacts and forensic paths
- IOC artifacts (ports, pipes, service names, mutexes, User-Agents…)
- MITRE ATT&CK mappings
- code signer info
- references to threat reports and GitHub projects
Contribute
Missing a tool, pattern, or reference? Hit the ✎ Contribute button on any card or open an issue/PR directly against tools.json.
License
MIT