Kansa icon indicating copy to clipboard operation
Kansa copied to clipboard

Published 20 hours ago verified publisher icon davehull

Kansa Module & Analysis: DLL Search Order Hijacking

Open davehull opened this issue 10 years ago • 3 comments

Create an module and/or analysis script that can generate leads for DLL Search Order hijacking.

davehull avatar Aug 02 '14 06:08 davehull

The Get-ProcsNModules.ps1 doesn't include the actual process name in the output. I don't know if that is by design. Should I open a separate issue?

jvaldezjr1 avatar Jul 28 '15 01:07 jvaldezjr1

Relatively easy fix, there's a line commented out in the code that will restore the name of the process.

davehull avatar Jul 28 '15 02:07 davehull

I saw that. It spits out the full path, so a couple lines to parse that and grab just the process name. I'll work on that tomorrow.

jvaldezjr1 avatar Jul 28 '15 02:07 jvaldezjr1