Skip to content

Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when it's get loaded into the explorer process , our malicoius code get executed

Notifications You must be signed in to change notification settings

gavz/ExplorerPersist

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

ExplorerPersist

Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when it's get loaded into the explorer process , our malicoius code get executed. The persistence is triggered each time the explorer process is runned.

POC

ExplorerDLLHijacking.mp4

About

Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when it's get loaded into the explorer process , our malicoius code get executed

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages