Documentation
Comprehensive guides for using LOLAPI
📋 Data Format
Learn the YAML schema and structure of LOLAPI entries.
- • YAML Entry Structure
- • API Metadata Fields
- • Abuse Scenario Schema
- • Detection Signal Format
- • Risk Scoring Algorithm
🛡️ Detection Guide
Practical strategies for detecting LOTL API abuse.
- • Behavioral Detection
- • Forensic Analysis
- • Log-Based Detection
- • Sigma Detection Rules
- • SIEM Integration
🛡️ Mitigation Guide
Defense strategies and hardening techniques.
- • Policy-Based Mitigations
- • Technical Controls
- • AppLocker/CodeIntegrity
- • .NET Hardening
- • Process Monitoring
📚 API Catalog
Complete reference of documented APIs.
- • 10 Windows .NET APIs
- • 6 Windows COM Objects
- • 3 Native Windows APIs
- • 2 Browser Extension APIs
- • 3 Cloud Metadata Services
🤝 Contributing
Guidelines for submitting new APIs and improvements.
- • Submission Requirements
- • Quality Standards
- • Peer Review Process
- • Code of Conduct
- • Attribution & Credits
❓ FAQ
Frequently asked questions about LOLAPI.
- • Why Living Off The Land?
- • How is Risk Calculated?
- • Difference from LOLBAS
- • Data Update Frequency
- • License Information
Quick Start
For Defenders
- Visit the API Browser
- Search for APIs relevant to your environment
- Review detection strategies for each API
- Implement detection rules in your SIEM
- Test and tune for false positives
For Researchers
- Clone the repository
- Review the YAML schema and existing entries
- Add new APIs or improve existing ones
- Follow the quality standards
- Submit a pull request
For Red Teamers
- Review abuse scenarios for your target platform
- Understand detection evasion techniques
- Study risk scores and prevalence data
- Map to MITRE ATT&CK techniques
- Integrate into your tools and playbooks