4 Repos
Loading and executing dynamic link libraries from non-standard paths using trusted binaries.
Distinct from Arbitrary: Focuses on the loading of DLLs from arbitrary paths, distinct from general command execution or API hooking.
Explore 4 awesome GitHub repositories matching development tools & productivity · DLL Loading. Refine with filters or upvote what's useful.
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
Identifies signed binaries that load and execute specified DLLs from arbitrary paths.
UACME is a set of specialized tools designed to audit security configurations, escalate user privileges, and circumvent access control restrictions on Windows systems. It functions as a utility for executing commands with elevated privileges by bypassing User Account Control restrictions. The project includes a configuration auditor used to extract and analyze system settings to identify security misconfigurations and vulnerabilities. It provides a collection of techniques for gaining administrative rights on a host. The toolset covers a wide range of privilege escalation and security auditi
Utilizes DLL loading from non-standard paths to intercept trusted binaries with administrative rights.
LoadLibrary is a binary instrumentation framework that loads and executes Windows PE/COFF DLLs natively within Linux processes. It provides a cross-platform binary execution layer that maps Windows portable executable files into Linux memory, resolving imports and relocations so that exported functions can be called as if they were native Linux library routines. The framework enables runtime interception and modification of Windows DLL function behavior, including redirecting API calls to Linux-native implementations through a binary patching hook engine. It includes a code coverage auditor t
Loads Windows PE/COFF DLLs into a Linux process, resolving imports and relocations for native execution.
OffensiveNim is a red teaming framework and post-exploitation toolkit developed in Nim. It provides a collection of low-level primitives and a Windows API wrapper designed for offensive security operations, including malware development and shellcode loading. The project focuses on evasion and obfuscation through techniques such as API unhooking, direct system calls, and anti-debugging mechanisms. It features diverse payload delivery methods, including reflective binary loading, the execution of .NET assemblies via CLR hosting, and various shellcode injection techniques using fibers, COM obje
Builds dynamic link libraries with exported entry points and custom initialization logic.