In monitored environments it is very difficult to deliver and run an exe executable without being detected, whether that's for initial access or persistence. For years the easiest way to gain initial access was done though Microsoft Office Macros. Microsoft however recently announced that internet macros are disabled by default. That forced red teams to explore alternative methods.

In order to achieve code execution red teams now heavily rely on some sort of dll. A few examples are the office plugins such as xll, wll or .node files that are used for persistence on electron apps such as MS Teams, VS Code etc.

In the following sections we will explore how can we build a DLL using Golang to achieve code execution and a few variants of that.