Skip to content
/ DLLSideloader Public
forked from Flangvik/DLLSideloader

PowerShell script to generate "proxy" counterparts to easily perform DLL Sideloading

0 stars 29 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

j91321/DLLSideloader

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
DLLSideLoadCompiler
DLLSideLoadCompiler
 
 
DLLSideLoader.ps1
DLLSideLoader.ps1
 
 
README.md
README.md
 
 
dll-sideload-demogif.gif
dll-sideload-demogif.gif
 
 
dllexp.exe
dllexp.exe
 
 

Repository files navigation

DLLSideloader

PowerShell script to generate "proxy" counterpart of DLL files load unsafely by binaries on runtime, makes it super easy to perform a DLL Sideloading attack or hijacking

See the below articles for more details
https://flangvik.com/privesc/windows/bypass/2019/06/25/Sideload-like-your-an-APT.html
https://flangvik.com/2019/07/24/Bypassing-AV-DLL-Side-Loading.html

Both demo's are using GUP.exe signed from NotePad ++ (32bit), loading a malicious libcurl sideloading malware:

Sideloading payload.dll( meterpreter revshell) Meterpreter sideload

Loading C++ code getting revshell and bypassing AV's

AV Bypass

About

PowerShell script to generate "proxy" counterparts to easily perform DLL Sideloading

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 62.4%
  • PowerShell 35.3%
  • C 2.3%