This repository contains a talk on DLL Hijacking as presented to the EU MITRE ATT&CK® Community on 23 October 2020.
Video: this presentation has not been recorded.
Original blog post: Hijacking DLLs in Windows (2020) via wietze.github.io
Sigma rule: Possible Windows DLL Hijacking (2020) via github.com
DLL Hijacking types:
- DLL Proxying: DLL Proxying (2017) via kevinalmansa.github.io
- DLL Replacement: STUXNET Malware Targets SCADA Systems (2010) via trendmicro.com
- DLL Search Order Hijacking: Vault7: Chrome Portable DLL Hijack (2017) via wikileaks.org
- DLL Phantom DLL Hijacking: Vault7: Kaspersky "heapgrd" DLL Inject (2017) via wikileaks.org
- WinSxS DLL replacement (aka DLL Side-loading): A Thorn in the Side of the Anti-Virus Industry (2014) via fireeye.com
- Relative Path DLL Hijacking: PwC Threat Intelligence (2020) via pwc.co.uk
Prevention:
- Sigma rule: Possible Windows DLL Hijacking (2020) via github.com
- PreferSystem32Images mitigation: UpdateProcThreadAttribute function (2018) via docs.microsoft.com