LOLPROX
Star

Living Off The Land Proxmox (LOLPROX) is the curated catalog of native Proxmox VE binaries and techniques that adversaries can abuse for post-exploitation operations.

This project maintains a comprehensive list of binaries natively available in Proxmox VE that can be leveraged by adversaries during security assessments and red team operations. The documentation is compiled from real-world testing and threat research.

For the full write-up on LOLPROX techniques and methodology, see the blog post. For defensive guidance and detection strategies, see the defense blog post.

The project was created by ZephrFish, inspired by the LOLESXi project and following the methodology established by LOLBAS.

See also:

The MITRE ATT&CK mappings for all documented techniques can be visualised using the ATT&CK Navigator.

This site can be accessed programmatically; see the API for more information.

Want to contribute? Check out the contribution guidelines on GitHub.

Binary Type Functions Tags ATT&CK Techniques
pct Binaries
Lateral Movement
Container Escape
Container Escape
Privilege Escalation
T1082
T1059
T1105
T1005
T1074.001
T1611
T1548
T1529
T1485
T1610
pve-firewall Binaries
Defense Evasion
T1082
T1562.004
pvecm Binaries
T1082
T1489
pveproxy Binaries
Certificate Theft
MITM
Credential Access
Ticket Forgery
T1552.004
T1082
T1552.001
pvesh Binaries
Lateral Movement
Guest Agent Abuse
T1082
T1087.001
T1069.001
T1059
T1005
T1136.001
T1098
T1074.001
pvesm Binaries
T1082
T1567
T1135
T1074
pvesr Binaries
T1082
pveum Binaries
T1087.001
T1069.001
T1136.001
T1098
T1098.001
T1552.001
pveversion Binaries
T1082
qm Binaries
Lateral Movement
Guest Agent Abuse
Credential Access
T1082
T1059
T1005
T1105
T1074.001
T1529
T1485
T1552.001
socat Binaries
Covert Channel
vsock
Persistence
vsock
T1572
T1059.004
T1090
T1059
T1090.001
vzdump Binaries
T1005
T1567
T1059
T1078
No binary matches your search query.