Skip to content
/ SideloadFinder Public

frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.

License

Apache-2.0 license
45 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

roadwy/SideloadFinder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

doc

doc

 
 

testcase

testcase

 
 

LICENSE

LICENSE

 
 

README.MD

README.MD

 
 

requirements.txt

requirements.txt

 
 

sideload_finder.py

sideload_finder.py

 
 

Repository files navigation

Logo

SideloadFinder

Description

A simple script which automates the process of discovering and exploiting DLL Hijacks in target binaries by frida hook, icon created by ERNIE Bot.

Features

  • Dynamic DLL Hijacks(use like LoadLibrary)
  • Static DLL Hijacks(DIRECTORY_ENTRY_IMPORT)

Usage:

sideload_finder.py  -i  testcase -o out.csv

{'type': 'send', 'payload': {'payload_type': 'dll', 'dll': 'wsc.dll', 'flag': 0}}
{'type': 'send', 'payload': {'payload_type': 'proc', 'proc': '_run@4'}}
ae90c0a08698d698182043ede236e528.exe,wsc.dll,0x0,_run@4

output

Reference

https://github.com/knight0x07/ImpulsiveDLLHijack

About

frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.

Topics

bypass-antivirus dll-hijacking redteam edr-bypass bypass-edr dll-sideloading

Resources

Readme

License

Apache-2.0 license
Activity

Stars

45 stars

Watchers

4 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages