filmov
tv
Understanding DLL Hijacking for Payload Execution
Показать описание
Be better than yesterday -
This video showcases how DLL Hijacking can be used to execute malicious commands by first identifying missing DLL files loaded by a legitimate program on a Windows system. This can be done with the help of an official Microsoft binary - Process Monitor (ProcMon).
The video provides a step-by-step walkthrough guide and a practical demonstration on how you can identify missing DLL files loaded by a program using ProcMon and subsequently, compile and generated an example C++ DLL payload file that is used as a proof of concept. It was possible to execute our DLL payload file through Burp Suite Community.
DLL Hijacking is a very useful technique to understand as it can potentially allow bypassing of restricted environments - whereby only whitelisted programs can be executed. It will be possible to bypass such restrictions if the whitelisted programs can be analysed to determine if DLL files that are intended to be loaded and executed are missing from the Windows system.
In addition, DLL Hijacking is often abused by malicious threat actors to maintain persistence on a compromised Windows machine as it avoids the common TTPs on modifying common auto startup registry settings and creation of schedule tasks.
Stay connected:
DLL Hijacking Useful References:
Gemini Security Awesome Hacking T-Shirts - Support the channel:
This video showcases how DLL Hijacking can be used to execute malicious commands by first identifying missing DLL files loaded by a legitimate program on a Windows system. This can be done with the help of an official Microsoft binary - Process Monitor (ProcMon).
The video provides a step-by-step walkthrough guide and a practical demonstration on how you can identify missing DLL files loaded by a program using ProcMon and subsequently, compile and generated an example C++ DLL payload file that is used as a proof of concept. It was possible to execute our DLL payload file through Burp Suite Community.
DLL Hijacking is a very useful technique to understand as it can potentially allow bypassing of restricted environments - whereby only whitelisted programs can be executed. It will be possible to bypass such restrictions if the whitelisted programs can be analysed to determine if DLL files that are intended to be loaded and executed are missing from the Windows system.
In addition, DLL Hijacking is often abused by malicious threat actors to maintain persistence on a compromised Windows machine as it avoids the common TTPs on modifying common auto startup registry settings and creation of schedule tasks.
Stay connected:
DLL Hijacking Useful References:
Gemini Security Awesome Hacking T-Shirts - Support the channel:
0:08:11
Understanding DLL Hijacking for Payload Execution
0:05:56
DLL Hijacking attack - Theory and Exploitation
0:06:10
Dll Hijacking Exploitation Using Metasploit
0:15:23
Weaponizing DLL Hijacking with Custom Powershell C2
0:04:33
The Beginner's Guide to Phishing Using DLL Hijacking | Abusing Windows Defender
0:17:16
Privilege Escalation using DLL Hijacking
0:06:56
DLL Hijacking | System Hacking through Malicious DLL | Network Pentesting (Ummed Meel-Cyber Expert)
0:11:40
Bypass Windows Defender with C++ .DLL Payload File - Meterpreter Reverse Shell
0:11:46
n00bz learning cyberCTF 1a: DLL hijacking
0:09:07
DLL Hijacking
0:09:34
DLL Proxying: The Secret Weapon for Hackers Exploiting DLL Hijacking
0:01:01
DLL Hijacking (DNS Admin to SYSTEM)
0:04:09
WebDEV Application dll hijacking Kali linux 2017.2
0:10:11
Chapter 7 DLL Hijacking
1:46:28
DLL Hijacking Attack: Malicious DLL in C++ | Indicator of Compromise Analysis
0:00:10
Ardamax Keylogger - DLL Hijacking
1:14:37
DLL Hijacking with Invoke PrintDemon
0:15:00
Dll Hijacking - VLC
0:01:43
MongoDB x86_64 - DLL Hijacking vulnerability
0:07:38
COM Hijacking, this is nasty
0:05:18
Dll Hijack Auditor 3.0
0:54:47
Learnning Windows Privilege Escalation Through DLL Hijacking - Cyberseclabs Walkthrough
1:00:07
Demon Bypasses Windows 12 Defender All About DLL Hijacking - My Favorite Persistence Method
0:00:41
DLL Hijacking
Комментарии