slyd0g / Dllhijacktest
DLL and PowerShell script to assist with finding DLL hijacks
Stars: ✭ 166
Programming Languages
powershell
5483 projects
DLLHijackTest
Blogpost
Usage
- Use Procmon to obtain a CSV file of potential DLL hijacks
- Modify
outputFile
variable withinwrite.cpp
- Build the project for the appropriate architecture
- Open
powershell.exe
and loadGet-PotentialDLLHijack.ps1
into memory. .\Get-PotentialDLLHijack.ps1
- Run
Get-PotentialDLLHijack
with the appropriate flags- Example:
Get-PotentialDLLHijack -CSVPath .\Logfile.CSV -MaliciousDLLPath .\DLLHijackTest.dll -ProcessPath "C:\Users\John\AppData\Local\Programs\Microsoft VS Code\Code.exe"
-
-CSVPath
takes in a path to a .csv file exported from Procmon -
-MaliciousDLLPath
takes in a path to your compiled hijack DLL -
-ProcessPath
takes in a path to the executable you want to run -
-ProcessArguments
takes in commandline arguments you want to pass to the executeable
- Example:
- View the contents of
outputFile
for found DLL hijacks- Run
strings.exe
on theoutputFile
to clean up the output paths
- Run
- Party!!!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].