🛠️ Loader

This is a work-in-progress. It's indicated with the 🛠️ emoji in the page name or in the category name. Wanna help? Please reach out to me: @_nwodtuhs

The following piece of C code is a simple example of DLL loader, where the DLL holds the malicious shellcode.

#include 
#include 

int main(void) {
 HMODULE hMod = LoadLibrary("shellcode.dll");
 if (hMod == nullptr) {
 cout << "Failed to load shellcode.dll" << endl;
 }

 return 0;
}

Once the payload is completed, pe-sieve can be used to identify if it is stealthy or not.

Reconnaissance

Movement

Credentials

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Netlogon

Certificate Services (AD-CS)

SCCM / MECM

Exchange services

Print Spooler Service

Schannel

Built-ins & settings

Kerberos

Certificate Services (AD-CS)

HTTP security headers

Identity and Access Management

File inclusion

LFI to RCE

Initial access (protocols)

Windows

UNIX-like

(AV) Anti-Virus

Mifare Classic

Android

🛠️ Loader

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Certificate Services (AD-CS)

SCCM / MECM

Certificate Services (AD-CS)

HTTP security headers

File inclusion

LFI to RCE

Windows

UNIX-like

Mifare Classic

🛠️ Loader ​

🛠️ Loader