GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → wietze → windows-dll-hijacking

wietze / windows-dll-hijacking

Licence: GPL-3.0 License
Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.

Programming Languages

python
139335 projects - #7 most used programming language
powershell
5483 projects
VBScript
123 projects

Windows DLL Hijacking

Background

This repo contains all scripts used to find relative path DLL Hijacking candidates on Windows 10 (version 1909), as described in this blog post.

Approach

The approach taken consists of two phases:

  1. The first phase is about identifying which DLLs may be vulnerable to hijacking;
  2. The second phase is about confirming which ones actually do.

Each phase is explained in more detail in the README files of their associated subfolders in this repo.

Used approach, taken from the blog post.

Used approach,taken from the blog post.

Contents

Item Description
1_finding_candidates/ Files for Phase 1, which will result in a CSV file with all possible DLL hijack candidates.
2_compiling_dlls/ Files for Phase 2, which will result in a set of files identifying confirmed DLL hijack candidates.
dll_hijacking_candidates.csv A CSV file with all identified relative path DLL Hijacking candidates on Windows 10 (version 1909).
possible_windows_dll_hijacking.yml Sigma rule identifying DLL loads of files in the list of DLL Hijack candidates from a folder other than their expected locations.
REAMDE.md This file.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].