Skip to content

0xflux/Rust-DLL-Search-Order-Hijacking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
Readme.md
Readme.md
 
 
build.rs
build.rs
 
 

Repository files navigation

Rust DLL Search Order Hijacking

Check this out on my blog here!

DLL Search Order Hijacking is a technique used by nation state APT threat actors, cyber criminals, and red and purple teams.

DLL Search Order Hijacking occurs where we exploit the 'search order' path of how Windows will look for and load modules. When an application tries to find a DLL, it will search in the following order:

  1. The directory where the application is being launched.
  2. "C:\Windows\System32".
  3. "C:\Windows\System".
  4. "C:\Windows".
  5. Current working directory.
  6. Directories in SYSTEM PATH.
  7. Directories in the user's PATH.

So, if we are able to place our malicious DLL with the same name as what the program is looking for, in a directory higher than where it exists, we can load our malicious DLL instead of the genuine DLL being found lower down in the list.

About

Rust DLL Search Order Hijacking

Topics

malware offensive-security malware-development ethical-hacking red-team redteaming redteam purpleteam purple-team ethical-hacking-tools edr-bypass edr-evasion dll-sideloading redteaming-tools dll-search-order-hijacking

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages