• 5 min read
Announcing LOLRMM: A Unified Approach to RMM Software Tracking
Introducing LOLRMM - Living Off The Land Remote Monitoring & Management. A comprehensive resource for tracking RMM tools abused by adversaries.
lolrmm rmm persistence detection lolbins
Originally published on Medium
Read the full article: Announcing LOLRMM
The RMM Problem
Remote Monitoring & Management tools are:
- Legitimate IT software
- Increasingly abused by attackers
- Difficult to distinguish from normal use
- Perfect for persistence
What is LOLRMM?
LOLRMM is a community project cataloging RMM tools with:
- Legitimate use cases
- Abuse indicators
- Detection strategies
- Network indicators
Why RMM Tools?
Attackers love RMM tools because they:
- Are already trusted by security tools
- Provide remote access
- Survive reboots
- Blend with IT activity
Featured RMM Tools
Common tools abused by attackers:
- AnyDesk
- TeamViewer
- ScreenConnect
- Atera
- Splashtop
Detection Strategies
For each RMM tool, LOLRMM provides:
- Process names
- Network indicators
- Registry artifacts
- File paths
- Splunk queries
Get Involved
LOLRMM is community-driven. Contribute at github.com/magicsword-io/LOLRMM
Read the full announcement: Announcing LOLRMM
Related Modules
Active
LOLRMM
Living Off The Land Remote Monitoring & Management - A curated list of RMM tools abused by adversaries for persistence and lateral movement.
rmm detection persistence lateral-movement +1