![]() I want to give a big shoutout to my coworker, Josiah Massari ( for initially finding some of these DLL hijacks, explaining his methodology, and inspiring me to automate the discovery. ![]() Lastly, I noticed numerous DLL hijacks that were shared between the different applications, investigated the root cause, and discovered that applications using certain Windows API calls are subject to a DLL hijack when not running out of C:\Windows\System32\. This post will cover DLL hijack discovery in Slack, Microsoft Teams, and Visual Studio Code. For example, since Slack and Microsoft Teams start on boot (by default), a DLL hijack in one of these applications would allow an attacker persistent access to their target whenever the user logs in.Īfter introducing the concept of DLLs, DLL search order, and DLL hijacking, I explore the process of automating DLL hijack discovery ( ). This technique is mapped to MITRE ATT
0 Comments
Leave a Reply. |