DLL Preloading Attack
Click here to load reader
-
Upload
securityxploded -
Category
Technology
-
view
629 -
download
0
Transcript of DLL Preloading Attack
DLL Preloading Attack
About MeSecurity Consultant at Capmemini Pvt.Ltd.Bug Bounty HaunterPassionate about
Topics to Be Covered:History of DLL Loading VulnerabilitiesTypes of DLL Loading VulnerabilityDLL Search OrderWhat can affect search orderDemoRecommendation
History of DLL Loading Vulnerabilities
The pretty old theory of dll became popular when Microsoft released their security advisory for ‘Insecure Library Loading’ in 2010.
https://technet.microsoft.com/library/security/2269637
Types of DLL Loading Vulnerability
DLL HijackingDLL Preloading
DLL Search Order
Using: Standard Search Order A Fully qualified path Manifest DLL Redirection SafeDllSearchMode
What can Affect Search Order
Issue with search order:System Searches directories in below order The directory from which the application loaded. System directory (C:\Windows\System32). The 16-bit system directory (C:\Windows\System). The Windows directory (C:\Windows).
If attacker gets access to any of these orders , he can put a malicious dll with the name of legitimate in that path.
RecommendationUse Fully qualified Path.Use DLL redirection or ManifestSafeDllSearch ModeDisable write permission to folders
Thank YouReferences: https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspxhttps://technet.microsoft.com/library/security/2269637https://blog.netspi.com/testing-applications-for-dll-preloading-vulnerabilities/