Evasion in Rust: Automate Your Stealth with the LazyDLLSideload Proxy Generator
LazyDLLSideload
A Rust-based tool for generating DLL proxy/sideload projects for red team engagements. Automatically parses PE export tables and generates ready-to-compile Rust projects with your payload embedded.
LazyDLLSideload automates the process of creating DLL proxying and sideloading implants.
- Uses windows_sys Ecosystem.
- Parses any Windows DLL to extract exported functions
- Generates complete Rust projects
- Strings obfuscation. Decrypts at Runtime.
- Supports two operation modes: Sideload and Proxy
- Uses dyncvoke for dynamic invocation and syscall execution for proxy loads.
Mode 1: Sideload
Sideload mode creates a DLL that replaces the original, executing your payload when a specific exported function is called. The original DLL is not used – this is a pure sideload attack.
How It Works
- The tool parses the target DLL to get all exported functions
- Generates stub functions for all exports (except the hijacked one)
- Creates a
lib.rswith a hijacked function that executes your payload - On build, you get a DLL with all the required exports
Mode 2: Proxy Mode
Proxy mode creates a sophisticated DLL that:
- Forwards all function calls to the original (renamed) DLL
- Intercepts (hijacks) one specific function to execute your payload
- Maintains full functionality of the original DLL
This is the classic proxying technique – the original DLL is renamed and your proxy DLL sits in its place, forwarding calls while intercepting specific functions.
Download
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
