What is the primary purpose of the LOLBAS project?

• A. Collects, categorizes, and provides example usage of Living off the Land Binaries
• B. Documents corporate security policies
• C. Analyzes network traffic patterns
• D. Provides defense by design blue team training

Answer: (A)

LOLBAS stands for Living Off the Land Binaries and Scripts, a curated collection of Windows binaries and scripts that ship with the OS and can be repurposed by attackers to perform actions without introducing new tools. The primary purpose is to collect, categorize, and provide example usage of these binaries, giving defenders a clear view of what legitimate utilities might be abused in attacks and how they can be leveraged. This helps in mapping abuses to techniques, designing detections, and understanding how attackers blend in with normal system behavior. It isn’t about documenting security policies, analyzing network traffic, or formal blue-team training, but about building a practical reference of tools that can be misused so defenses can recognize and respond effectively.