Be better than yesterday -

This video showcases how DLL Hijacking can be used to execute malicious commands by first identifying missing DLL files loaded by a legitimate program on a Windows system. This can be done with the help of an official Microsoft binary - Process Monitor (ProcMon).

The video provides a step-by-step walkthrough guide and a practical demonstration on how you can identify missing DLL files loaded by a program using ProcMon and subsequently, compile and generated an example C++ DLL payload file that is used as a proof of concept. It was possible to execute our DLL payload file through Burp Suite Community.

DLL Hijacking is a very useful technique to understand as it can potentially allow bypassing of restricted environments - whereby only whitelisted programs can be executed. It will be possible to bypass such restrictions if the whitelisted programs can be analysed to determine if DLL files that are intended to be loaded and executed are missing from the Windows system.

In addition, DLL Hijacking is often abused by malicious threat actors to maintain persistence on a compromised Windows machine as it avoids the common TTPs on modifying common auto startup registry settings and creation of schedule tasks.

Stay connected:
Twitter: [ Ссылка ]
Udemy: [ Ссылка ]
Facebook: [ Ссылка ]
Github: [ Ссылка ]
Discord: [ Ссылка ]

DLL Hijacking Useful References:
[ Ссылка ]
[ Ссылка ]

Gemini Security Awesome Hacking T-Shirts - Support the channel:
[ Ссылка ]

свернуть