DLL Search Order Hijacking

Context’s Intelligence and Response teams have seen DLL Search Order being abused as a means of conducting network intrusions in real environments. Abusing the DLL Search Order and taking advantage of this mechanism in order for an application to load a rogue DLL instead of the legitimate one is known as DLL preloading, or (in the MITRE ATT&CK framework) hijacking.

In this blog post, you will find out more about the fundamentals of DLL Search Order and how legitimate binaries can be weaponized, and introduce a tool to automate the discovery of binaries suitable for payload execution via DLL hijacking.

Context's Intelligence and Response teams have seen DLL Search Order being abused as a means of conducting network intrusions in real environments. Abusing the DLL Search Order and taking advantage of this mechanism in order for an application to load a rogue DLL instead of the legitimate one is known as DLL preloading, or (in the MITRE ATT&CK framework) hijacking.

In this blog post, you will find out more about the fundamentals of DLL Search Order and how legitimate binaries can be weaponized, and introduce a tool to automate the discovery of binaries suitable for payload execution via DLL hijacking.


Print Share Comment Cite Upload Translate
APA
() » DLL Search Order Hijacking. Retrieved from https://www.truth.cx/2020/07/01/dll-search-order-hijacking/.
MLA
" » DLL Search Order Hijacking." - , https://www.truth.cx/2020/07/01/dll-search-order-hijacking/
HARVARD
» DLL Search Order Hijacking., viewed ,
VANCOUVER
- » DLL Search Order Hijacking. [Internet]. [Accessed ]. Available from: https://www.truth.cx/2020/07/01/dll-search-order-hijacking/
CHICAGO
" » DLL Search Order Hijacking." - Accessed . https://www.truth.cx/2020/07/01/dll-search-order-hijacking/
IEEE
" » DLL Search Order Hijacking." [Online]. Available: https://www.truth.cx/2020/07/01/dll-search-order-hijacking/. [Accessed: ]
Select a language:




Related Posts