DLLSpy - DLL Hijacking Detection Tool

  •        203

DLLSpy is a that detects DLL hijacking in running processes, services and in their binaries. DLLSpy has three engines under its belt.

https://github.com/cyberark/DLLSpy

Tags
Implementation
License
Platform

   




Related Projects

WinPwnage - 💻 Elevate, UAC bypass, privilege escalation, dll hijack techniques

  •    Python

The meaning of this repo is to study the techniques. Techniques are found online, on different blogs and repos here on GitHub. I do not take credit for any of the findings, thanks to all the researchers.

Robber - Robber is open source tool for finding executables prone to DLL hijacking

  •    Pascal

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path (triggering this search process), you can then place your hostile DLL somewhere higher up the search path so it'll be found before the real version is, and Windows will happilly feed your attack code to the application.

pe-sieve - Scans a given process

  •    C++

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

RootHelper - A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system

  •    Shell

Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads five scripts. Two enumeration shellscripts, one information gathering shellscript and two exploit suggesters, one written in perl and the other one in python. The credits for the scripts it fetches go to the original authors.


linux-exploit-suggester - Linux privilege escalation auditing tool

  •    Shell

Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC exploit, make sure that his target is affected by the associated vulnerability and finally modify the exploit to suit his target. The linux-exploit-suggester.sh tool is designed to help with these activities. In this mode the analyst simply provides kernel version (--kernel switch) or uname -a command output (--uname switch) and receives list of candidate exploits for a given kernel version.

ReflectiveDLLInjection - Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process

  •    C

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader. It can then govern, with minimal interaction with the host system and process, how it will load and interact with the host. Injection works from Windows NT4 up to and including Windows 8, running on x86, x64 and ARM where applicable.

tpwn - xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10

  •    Objective-C

xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10.10.5, 0day at the time | poc or gtfo

Tater - Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit from @breenmachine and @foxglovesec

  •    PowerShell

Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. All credit goes to @breenmachine, @foxglovesec, Google Project Zero, and anyone else that helped work out the details for this exploit.

lpeworkshop - Windows / Linux Local Privilege Escalation Workshop

  •    

The workshop is based on the attack tree below, which covers all known (at the time) attack vectors of local user privilege escalation on both Linux and Windows operating systems.

Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities

  •    PowerShell

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

  •    C

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. For pre-compiled local linux exploits, check out https://www.kernel-exploits.com.

Universal DLL

  •    VB

This DLL is meant to be a compilation of useful functions in user32.dll, the DWM APi and a few others. Currently, you can, in one line, extend the glass frame with Aero, close a window, move a window, handle movement by clicking anywhere on a form, and many other things.

GMail Send DLL

  •    

This is a DLL usefull to send e-mails using GMail. This DLL also zip the attachments and is easy to use without SMTP configuration. This DLL is developed using Microsoft C# (CS) .Net with .Net Framework 2.0

BeRoot - Privilege Escalation Project - Windows / Linux / Mac

  •    Python

BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege. It has been added to the pupy project as a post exploitation module (so it will be executed in memory without touching the disk). This tool does not realize any exploitation. It mains goal is not to realize a configuration assessment of the host (listing all services, all processes, all network connection, etc.) but to print only information that have been found as potential way to escalate our privilege.

Search Dll

  •    

This project is a One time release of a dll made to do 2 things: 1 to learn how to take bits and pieces from Windows Helper and make them external, and 2 for new users to Learn the basics of creating a Class Library(aka Dll).

GraphView - GraphView is a DLL library that enables users to use SQL Server or Azure SQL Database to efficiently manage graphs

  •    CSharp

GraphView is a DLL library that enables users to use SQL Server or Azure SQL Database to manage graphs. It connects to a SQL database locally or in the cloud, stores graph data in tables and queries graphs through a SQL-extended language. It is not an independent database, but a middleware that accepts graph operations and translates them to T-SQL executed in SQL Server or Azure SQL Database. As such, GraphView can be viewed as a special connector to SQL Server/Azure SQL Database. Developers will experience no differences than the default SQL connector provided by the .NET framework (i.e., SqlConnection), only except that this new connector accepts graph-oriented statements.GraphView is a DLL library through which you manage graph data in SQL Server (version 2008 and onward) and Azure SQL Database (v12 and onward). It provides features a standard graph database is expected to have. In addition, since GraphView relies on SQL databases, it inherits many features in the relational world that are often missing in native graph databases.

MemoryModule - Library to load a DLL from memory.

  •    C

The default windows API functions to load external libraries into a program (LoadLibrary, LoadLibraryEx) only work with files on the filesystem. It's therefore impossible to load a DLL from memory. But sometimes, you need exactly this functionality (e.g. you don't want to distribute a lot of files or want to make disassembling harder). Common workarounds for this problems are to write the DLL into a temporary file first and import it from there. When the program terminates, the temporary file gets deleted.