Time for the 5th part. Today it’s about the Phantom DLLs Hijacking (do not confuse it with ‘DLL Search Order Hijacking’ where order in which paths are searched for is abused).| Hexacorn
Learn about four DLL hijacking techniques observed in the wild, and how CrowdStrike's Falcon OverWatch threat hunters can quickly and accurately identify these attempts.| www.crowdstrike.com
Dynamic-link library (DLL) hijacking remains a popular technique to run malware. We address its evolution using examples from the realm of cybercrime and more.| Unit 42
Binary Planting on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.| owasp.org
Manifests are XML files that accompany and describe side-by-side assemblies or isolated applications.| learn.microsoft.com
If your application depends on a specific version of a shared DLL, and another application is installed with a newer or older version of that DLL, then that can cause a problem; it can cause your app to start to fail. Another use case for DLL redirection is to load a private build of a DLL.| learn.microsoft.com
Protect your system from Insecure Library Loading & Remote Code Execution with Microsoft Security Updates. Learn more at Microsoft.com.| learn.microsoft.com
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.| @Wietze - Blog