from Hacker News

Nim on the Attack: Process Injection Using Nim and the Windows API

by sunnyP on 7/17/21, 9:30 PM with 20 comments

  • by auxym on 7/18/21, 12:08 PM

    Interesting to see Nim used here. I participate a bit in its community because it's a fun language, but I had not yet heard that it was used in opsec circles.

  • by Const-me on 7/18/21, 7:34 AM

    I wonder why people are writing shell codes for that?

    When I need to inject my code into another process, I write a DLL and only inject LoadLibrary function call. Much more reliable this way: the OS applies relocation table, I have C and C++ runtimes in the injected code, the result is compatible with ASLR, if my DLL has other DLL dependencies the OS will load them first, etc.

  • by kcartlidge on 7/18/21, 2:36 PM

    I followed the link to the Nim site and downloaded the official 64 bit version.

    Windows Defender (Win10) reports a severe threat in nim-1.4.8\bin\vccexe.exe - Trojan:Win32/Wacatac.B!ml - which allows remote code execution.

    It may be a false positive - but the whole post is about exploits so I'll probably not risk it.