windows-dll-hijacking icon indicating copy to clipboard operation
windows-dll-hijacking copied to clipboard

Published 20 hours ago verified publisher icon wietze

Metadata

Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.

Results 3 windows-dll-hijacking issues
Sort by recently updated
recently updated
newest added

Problem with run_procmon_scan.ps1

The latest version of procmon does not load the generated PMC filters correctly. Go to archive.org and download an older version of procmon. I am using procmon 3.53 and it...

josprou avatar josprou

issue with generate_dlls.py

1 comment

Hey there Wietze, having some issue here with the python script used to compile the DLLs via docker. see image below... not sure as to why its doing this. any...

strangerdanger010 avatar strangerdanger010

Filtering out SysWOW64

Many thanks for these resources! In the SIGMA rule `possible_windows_dll_hijacking.yml` this path should/could be filtered out: `C:\Windows\SysWOW64\` That is: ``` filter: EventID: 7 ImageLoaded: - "C:\\Windows\\WinSxS\\*" - "C:\\Windows\\System32\\*" - "C:\\Windows\\SysWOW64\\*"...

iosonogio avatar iosonogio

Metadata

434
Stars
71
Forks
Watchers

Owner

verified publisher icon wietze

Metadata

Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.

Back