CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

5/16/2021

DLL Function Proxying

*DLL Function Proxying* I started playing with this technique after finding a fair bit of intel within our dataset, while testing our new search interface (internal tool). For those that aren’t familiar with this vector, a malicious dll replaces the functionality of a legitimate dll, proxying legitimate functionality and executing malicious code (in this case shellcode). While we did test this on an MDE protected endpoint, some assumptions were made. FileZilla client (latest version) would have to be installed and a UAC bypass needed to access program files. Regardless, the point was just to investigate how function proxying works so that a more comprehensive vector could be developed.
 
 
SharpDllProxy: https://github.com/Flangvik/SharpDllProxy
 

#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.