Giters

roadwy / SideloadFinder

frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

bypass-antivirusbypass-edrdll-hijackingdll-sideloadingedr-bypassredteam

Logo

SideloadFinder

Description

A simple script which automates the process of discovering and exploiting DLL Hijacks in target binaries by frida hook, icon created by ERNIE Bot.

Features

  • Dynamic DLL Hijacks(use like LoadLibrary)
  • Static DLL Hijacks(DIRECTORY_ENTRY_IMPORT)

Usage:

sideload_finder.py  -i  testcase -o out.csv

{'type': 'send', 'payload': {'payload_type': 'dll', 'dll': 'wsc.dll', 'flag': 0}}
{'type': 'send', 'payload': {'payload_type': 'proc', 'proc': '_run@4'}}
ae90c0a08698d698182043ede236e528.exe,wsc.dll,0x0,_run@4

output

Reference

https://github.com/knight0x07/ImpulsiveDLLHijack

About

frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.

bypass-antivirusbypass-edrdll-hijackingdll-sideloadingedr-bypassredteam

License:Apache License 2.0

Languages

Language:Python 100.0%