# DLL Test Bench

This example constitutes a boilerplate for weaponised DLL, that could be used in numerous scenarios as well as numerous test-bench scenarios pre-made for testing.

Compiled DLL launches `LaunchMyShellcode()` function which by default spawns a `calc.exe`.

Resulting DLL might then be used for instance:

- in DLL Side-Loading scenarios:
	- `C:\Program Files\Windows Defender\NisSrv.exe` which loads `mpclient.dll`
	- `C:\Windows\System32\DISM.exe` which loads `DismCore.dll`
	- `C:\Windows\System32\RuntimeBroker.exe` which loads `umpdc.dll`
	- `C:\Windows\System32\WFS.exe` which loads `FxsCompose.dll`
- in DLL Hijacking/Proxying scenarios:
	- `%LOCALAPPDATA%\Microsoft\Teams\current\Teams.exe` loads first `version.dll` it can find
- DLL disguised as an another file-format:
	- as `simple-loader.xll` Excel AddIn file
	- as `simple-loader.cpl` Control Applet file
- Launched with various LOLBINs:
	- `rundll32 simple-loader.dll,Run`


---

### ☕ Show Support ☕

This and other projects are outcome of sleepless nights and **plenty of hard work**. If you like what I do and appreciate that I always give back to the community,
[Consider buying me a coffee](https://github.com/sponsors/mgeeky) _(or better a beer)_ just to say thank you! 💪 

---

```
Mariusz Banach / mgeeky, (@mariuszbit)
<mb [at] binary-offensive.com>
```