DLL Preloading Attack

9

Click here to load reader

Transcript of DLL Preloading Attack

Page 1: DLL Preloading Attack

DLL Preloading Attack

Page 2: DLL Preloading Attack

About MeSecurity Consultant at Capmemini Pvt.Ltd.Bug Bounty HaunterPassionate about

Page 3: DLL Preloading Attack

Topics to Be Covered:History of DLL Loading VulnerabilitiesTypes of DLL Loading VulnerabilityDLL Search OrderWhat can affect search orderDemoRecommendation

Page 4: DLL Preloading Attack

History of DLL Loading Vulnerabilities

The pretty old theory of dll became popular when Microsoft released their security advisory for ‘Insecure Library Loading’ in 2010.

https://technet.microsoft.com/library/security/2269637

https://technet.microsoft.com/library/security/2269637
Page 5: DLL Preloading Attack

Types of DLL Loading Vulnerability

DLL HijackingDLL Preloading

Page 6: DLL Preloading Attack

DLL Search Order

Using: Standard Search Order A Fully qualified path Manifest DLL Redirection SafeDllSearchMode

Page 7: DLL Preloading Attack

What can Affect Search Order

Issue with search order:System Searches directories in below order The directory from which the application loaded. System directory (C:\Windows\System32). The 16-bit system directory (C:\Windows\System). The Windows directory (C:\Windows).

If attacker gets access to any of these orders , he can put a malicious dll with the name of legitimate in that path.

Page 8: DLL Preloading Attack

RecommendationUse Fully qualified Path.Use DLL redirection or ManifestSafeDllSearch ModeDisable write permission to folders

Page 9: DLL Preloading Attack

Thank YouReferences: https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspxhttps://technet.microsoft.com/library/security/2269637https://blog.netspi.com/testing-applications-for-dll-preloading-vulnerabilities/

https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspx
https://technet.microsoft.com/library/security/2269637
https://blog.netspi.com/testing-applications-for-dll-preloading-vulnerabilities/
https://blog.netspi.com/testing-applications-for-dll-preloading-vulnerabilities/

Preloading - Quillen Physicians EHR€¦ · Preloading . Preloading your patients’ charts is highly recommended before their visit. Not only does preloading allow you to practice

Preloading - Quillen Physicians EHR€¦ · Preloading . Preloading your patients’ charts is highly recommended before their visit. Not only does preloading allow you to practice

ACaseStudyofCombinedDrainageConsolidation-Preloading … · 2020. 12. 1. · standards, preloading treatment is more effective for peat soil. It can reduce the settlements to acceptable

ACaseStudyofCombinedDrainageConsolidation-Preloading … · 2020. 12. 1. · standards, preloading treatment is more effective for peat soil. It can reduce the settlements to acceptable

fischertechnik Interfaces umFish40 - ftCommunity Interfaces umFish40.DLL umFish40.DLL - 3 umFish40.DLL Common umFish40.DLL v4.3.75.0 is based on the FtLib module v1.70a supplied by

fischertechnik Interfaces umFish40 - ftCommunity Interfaces umFish40.DLL umFish40.DLL - 3 umFish40.DLL Common umFish40.DLL v4.3.75.0 is based on the FtLib module v1.70a supplied by

PRELOADING OR PRECOMPRESSION

PRELOADING OR PRECOMPRESSION

DLL Algorithm

DLL Algorithm

VACUUM PRELOADING WITH VERTICAL DRAINS … Manh Quynh1.2009.pdf · VACUUM PRELOADING WITH VERTICAL DRAINS THEORY AND RECENT DEVELOPMENTS - APPLICATIONS ... extraction systems have

VACUUM PRELOADING WITH VERTICAL DRAINS … Manh Quynh1.2009.pdf · VACUUM PRELOADING WITH VERTICAL DRAINS THEORY AND RECENT DEVELOPMENTS - APPLICATIONS ... extraction systems have

DLL Basics

DLL Basics

Prediksi Penurunan Konsolidasi Menggunakan Preloading ...

Prediksi Penurunan Konsolidasi Menggunakan Preloading ...

Overview of preloading methods for soil improvement

Overview of preloading methods for soil improvement

Recent Advanced in Application of VD and Vacuum Preloading

Recent Advanced in Application of VD and Vacuum Preloading

Dll english 2

Dll english 2

SOIL IMPROVEMENT BY VACUUM PRELOADING FOR …geotekindo.com/download/SoilImprovementbyVacuum... · SOIL IMPROVEMENT BY VACUUM PRELOADING ... Vacuum preloading with an average PVD

SOIL IMPROVEMENT BY VACUUM PRELOADING FOR …geotekindo.com/download/SoilImprovementbyVacuum... · SOIL IMPROVEMENT BY VACUUM PRELOADING ... Vacuum preloading with an average PVD

Dll injection

Dll injection

Effect of torsional and cyclic fatigue preloading on the ...

Effect of torsional and cyclic fatigue preloading on the ...

OAK RIDGE NATIONAL LABORATORY Preloading of Bolted ...

OAK RIDGE NATIONAL LABORATORY Preloading of Bolted ...

Simulation Vacuum Preloading Method by Tri-Axial …file.scirp.org/pdf/IJG20120100024_32113945.pdf · Simulation Vacuum Preloading Method by ... Vacuum Preloading; Degree of Consolidation

Simulation Vacuum Preloading Method by Tri-Axial …file.scirp.org/pdf/IJG20120100024_32113945.pdf · Simulation Vacuum Preloading Method by ... Vacuum Preloading; Degree of Consolidation

DLL Algorithms and Resolution Proofs - Computer Science · Section 2.3 the algorithm schema DLL-Learn is introduced which is a new natural generalization of both, DLL and DLL-L-UP.

DLL Algorithms and Resolution Proofs - Computer Science · Section 2.3 the algorithm schema DLL-Learn is introduced which is a new natural generalization of both, DLL and DLL-L-UP.

HTML Preloading Presentation

HTML Preloading Presentation

A CASE STUDY OF PRELOADING IN PEAT USING FINITE …

A CASE STUDY OF PRELOADING IN PEAT USING FINITE …

STUDI APLIKASI VACUUM PRELOADING SEBAGAI METODE …

STUDI APLIKASI VACUUM PRELOADING SEBAGAI METODE …