The LOLAD project provides a comprehensive collection of Active Directory techniques, commands, and functions that can be used natively to support offensive security operations and Red Team exercises. These techniques leverage AD’s built-in tools to conduct reconnaissance, privilege escalation, and lateral movement, among other tactics. Understanding these methods helps defenders strengthen AD configurations and improve monitoring capabilities.
LOLAD-Project.github.io
Unlike traditional malware attacks, which leverage signature files to carry out the attack plan, LOTL attacks are fileless — meaning they do not require an attacker to install any code or scripts within the target system. Instead, the attacker uses tools that are already present in the environment, such as PowerShell, Windows Management Instrumentation (WMI) or the password-saving tool, Mimikatz, to carry out the attack.
Using native tools makes LOTL attacks far more difficult to detect, especially if the organization is leveraging traditional security tools that search for known malware scripts or files. Because of this gap in the security toolset, the hacker is often able to dwell undetected in the victim’s environment for weeks, months or even years.
Reference: https://www.crowdstrike.com/en-us/cybersecurity-101/cyberattacks/living-off-the-land-attack/