Amber vs DllShimmer
GitHub Stats
About Amber
Amber is a reflective PE packer written in Go that converts standard Windows PE (Portable Executable) files into position-independent shellcode payloads. It uses a reflective loading technique to execute PE files entirely in memory without writing them to disk, bypassing many traditional antivirus and endpoint detection mechanisms that rely on file-based scanning. Red team operators and exploit developers use Amber to prepare payloads for advanced adversary simulations, converting compiled executables into shellcode that can be injected into running processes or delivered through custom loaders. The tool supports both 32-bit and 64-bit PE files and can add custom stubs for additional evasion, making it a key component in payload development pipelines for authorized offensive engagements.
About DllShimmer
DllShimmer automates the exploitation of DLL hijacking vulnerabilities by generating proxy DLLs that perfectly mimic the export address table of the target DLL. When a vulnerable application loads the generated DLL, it transparently forwards all legitimate function calls to the original DLL while executing attacker-controlled code. The tool generates C++ boilerplate for the backdoor payload, handles export matching, and produces ready-to-compile Visual Studio projects. Significantly reduces the manual effort in weaponizing DLL hijack opportunities found during engagements.
Platform Support
Tags
Shared
Amber only
DllShimmer only