It’s dual use, like Metasploit. It’s hard to predict whether black hats or white hats will use it more often or not. I think your conclusion is more intuitive, but let me play devil’s advocate.
LotL is too advanced for script kiddies to pull off. You’re already dealing with an adversary with some sophistication, who likely have the time, skill, and resources to create their own LOLbins (or buy them on darknet forums). Infosec is an asymmetric conflict: the adversary has a much easier job IMO. It’s always easier to break something than to build it.
Blue/purple teams have little incentive to build their own LOLbins. There is another asymmetry here: blue teams are developing these to target only their networks. Red teams are developing them to target every network. Open source is the way to resolve that asymmetry.
With these becoming public, blue teams can simulate a LotL attack, develop indicators of attack, and write rules to trigger alerts.
In general, adversaries prefer their tricks to remain trade secrets. Once they’re known, documented, and commodified, they become far less useful.
I'm not saying that it is bad those are out, I'm saying by volume they'd be used more by "slightly advanced script kiddies", and as part of bigger tools.
Sure it might make it easier for red teams to help secure system, but for organizations bad at security they will be hit by that low hanging fruit methods, even if it might make more aware organizations more secure. Just because it lowers the point of entry.
Or sometimes a person shows up at a new IT job and the old admin didn't leave behind any notes and the only way to do the job at all short of rebuilding everything from the ground up is to pwn the network.
