https://github.com/flangvik/dllsideloader

PowerShell script to generate "proxy" counterparts to easily perform DLL Sideloading
https://github.com/flangvik/dllsideloader

Last synced: 12 months ago
JSON representation

PowerShell script to generate "proxy" counterparts to easily perform DLL Sideloading

Host: GitHub
URL: https://github.com/flangvik/dllsideloader
Owner: Flangvik
Created: 2019-06-26T12:08:03.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2019-07-24T21:59:19.000Z (almost 7 years ago)
Last Synced: 2025-04-14T04:16:43.072Z (about 1 year ago)
Language: C++
Homepage:
Size: 35.2 MB
Stars: 122
Watchers: 4
Forks: 30
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# DLLSideloader
PowerShell script to generate "proxy" counterpart of DLL files load unsafely by binaries on runtime, makes it super easy to perform a DLL Sideloading attack or hijacking

See the below articles for more details
https://flangvik.com/privesc/windows/bypass/2019/06/25/Sideload-like-your-an-APT.html
https://flangvik.com/2019/07/24/Bypassing-AV-DLL-Side-Loading.html

Both demo's are using GUP.exe signed from NotePad ++ (32bit), loading a malicious libcurl sideloading malware:

Sideloading payload.dll( meterpreter revshell)
![Meterpreter sideload](https://github.com/SkiddieTech/DLLSideloader/blob/master/dll-sideload-demogif.gif)

Loading C++ code getting revshell and bypassing AV's

[![AV Bypass](https://img.youtube.com/vi/pWJ_pd0QhFM/maxresdefault.jpg)](https://youtu.be/pWJ_pd0QhFM)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/flangvik/dllsideloader

Awesome Lists containing this project

README