donut

Learning Sliver C2 (10) - Sideload

37 minute read Published:

Deep-dive into the sideload command Sliver provides for execution of native shared libraries, including Windows DLLs. It also supports execution of EXEs on Windows. I show how to use the command but also how it works under the hood. We cover both Sliver itself as well as Donut, which Sliver depends on. On top there are some brief notes on detection.
Sliver C2 This post is part of a tutorial blog post series on Sliver C2 (used here in version v1.5.30). For an overview: click here. As of March 6 2023, this post got a new bonus section to illustrate execution of Windows PE EXE files with sideload. The rest of the text was also updated, but only here and there. Introduction The previous post 9 was about making a Windows implant run 3rd party tools.