// the find
byt3bl33d3r/OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
A collection of Nim-language proof-of-concept implementations of common offensive security techniques — shellcode injection, AMSI/ETW patching, LSASS dumping, token manipulation, and more. It's aimed at red teamers and security researchers who want to explore Nim as an alternative to C/C++ or Go for payload development. The repo is explicitly a learning/experimentation resource, not a production toolkit.
Nim's FFI story here is genuinely good — the WinAPI bindings via Winim are clean, and the size optimization flags cutting a binary from 484KB to 46KB is a real advantage over Go. The coverage of techniques is wide: from classic VirtualAllocEx injection to fiber execution, hardware breakpoints, and fork-based LSASS dumping, giving a useful cross-section of the space. The cross-compilation setup (Linux/Mac to Windows via mingw) works out of the box and the devcontainer removes the toolchain friction entirely. The opsec notes on LoadLibrary hiding static imports are honest and practically useful.
Last commit was May 2024 and several examples are still marked WIP with no indication of completion timeline — for a repo about security tradecraft, stale code against a moving AV/EDR landscape is a real problem. There are no tests or validation harnesses; you can't tell if a given technique still works against current Windows builds without just running it. The opsec section mentions that the exported NimMain in DLLs is a detection fingerprint but offers no mitigation — a known issue left dangling. Documentation is README-only with no inline comments explaining *why* specific techniques work, so it's less useful as a learning resource than it looks.