A comprehensive, community-driven database of techniques for leveraging legitimate platforms to send email in a high-reputation manner, for red teamers and blue teamers alike.
This resource serves the cybersecurity community by cataloging legitimate techniques that can be used for:
- Authorized phishing and penetration testing
- Incident response and detection engineering
- Security research and other educational purposes
- Community Knowledge Sharing: Build a collaborative resource where security professionals can contribute their discoveries
- Comprehensive Coverage: Document techniques across different platforms and environments
- Accessibility: Maintain an easy-to-use, searchable interface
- Open Source: Keep all content freely available and transparent
We welcome contributions from the security community! Here's how you can help:
- Fork this repository
- Add your technique to
lote.jsonfollowing the existing format - Ensure your entry includes:
- Platform name
- Platform description
- Platform URL
- Relevant tags and descriptions outlining tag applicability
- Additional notes on usage, detection, etc.
- Submit a pull request noting the platform you are requesting to add
- Report inaccuracies or outdated information via issues
- Suggest improvements to existing entries or tagging
Browse the techniques using the web interface at index.html which reads in raw data from lote.json.
This project is intended for educational and authorized security testing purposes only. Users are responsible for ensuring they have proper authorization before applying any techniques documented here. The contributors and maintainers are not responsible for any misuse of this information.
This project is licensed under the terms specified in the LICENSE file (cause I guess that's a thing we gotta do).
This project is inspired by similar community efforts like LOTS, LOLBAS, GTFOBins, etc. We thank all contributors who help make this resource valuable for the security community.
made with ❤️ by tumikoto