Don’t Use at production machine or your daily computer/laptop, This post Security Research purpose only; You Can Learn how to identify and exploit DLL hijacking vulnerabilities within a single tools utility.
Windows has historically had significant issues with DLL hijacking vulnerabilities, and over the years Microsoft has implemented security mechanisms in an attempt to mitigate such attacks. While analyzing an advanced persistent threat (APT) in early 2017, I was shown how surprisingly vulnerable Windows still is to such attacks, even after decades of patching specific vulnerabilities and implementing new security mechanisms. In this particular APT alone, there were three separate vulnerabilities in three different. applications all being leveraged for persistence.
The capabilities of Siofra tool can be divided into two categories (intended for the two stages of carrying out this genre of attack):
1. Scanner mode, meant for identifying vulnerabilities in a desired target program (or set of programs) during the reconnaissance phase of an attack.
2. Infection mode, meant for infecting legitimate copies of the vulnerable modules identified during the reconnaissance phase of an attack for payload delivery during the exploitation phase of an attack.
git clone https://github.com/falexorr/Siofra && cd siofra
Siofra64.exe (for run x64 with helper menu)
Siofra32.exe (for run x86 with helper menu)