Futaba _ Webs πΈπΈππΈπΈ
DLL/Code Injection πΈπΈππΈπΈ
Today I want to talk about DLL/Code injection, which are forms of hooking techniques that allow an attacker to manipulate the overall function calls within a program to deliver malicious code and or shell code payloads in a covert manner to a system. I also want to explain the key difference between DLL and Code injection, as itβs commonly assumed to be one in the same. They are similar, BUT, are vastly different.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today I want to talk about DLL/Code injection, which are forms of hooking techniques that allow an attacker to manipulate the overall function calls within a program to deliver malicious code and or shell code payloads in a covert manner to a system. I also want to explain the key difference between DLL and Code injection, as itβs commonly assumed to be one in the same. They are similar, BUT, are vastly different.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π What is Hooking? π What is DLL injection? π What is Code injection You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version
π DLL And Code Injection
Premise πΈπΈππΈπΈ
This allows us to control all the key function calls that control the windows system software wise, while also allowing us to manipulate and control key function calls that communicate directly with the hardware on the system, allowing us to control it.
This allows an attacker to bypass various forms of security, such as application firewalls for example, allowing them to exploit the system further and gain higher levels of privileges on the target system and exploit it further, extending their reach and possibly infecting more systems and the overall network infrastructure together as a whole.
I will be going over any and all function calls that are used to pull off the DLL/Code injection exploit, as well as the methodology and science behind it. Which will be available for PAID patreons only. There will also be a follow up video in the next bi-weekly issues that will feature a live programming video to demonstrate the process.
What is Hooking? πΈπΈππΈπΈ
Hooking is the process of using covert methods, which are illegal function calls within a program in order to invoke malicious activity within a system. In a sense you can think of this as a form of living off the land, where you are exploiting a trusted application within a system to gain and further extend access to a system infrastructure. The end goal of this method is much the same as many common attack vector end goals, RCE(remote code execution), which will allow you to botnet and control systems on the network further.
Hooking leads into stuff like DLL and Code injection which are used in order to hook and infect the memory pages of the target application, to launch malicious payloads from within the program itself.
What is DLL injection? πΈπΈππΈπΈ
DLL injection is the process of exploiting something that is known as a dynamic library, which are a series of core functions that are loaded alongside applications on startup for any and all general purposes. This is a trusted process that the system recognizes and allows the program to perform each time it runs. There are different types of DLL files, each one pertaining to a particular operating system: kernel32.dll for windows, ld. so. conf for linux, .dylib for MAC OS systems.
Essentially what we are doing using this injection method, is piggybacking off of the base address of where the DLL file is being loaded from on the system, in order to spoof our address as its address to come up as a legitimate process on the main system. This is also done on top of obfuscation methods to mask our activity on the system we are infecting. We need to blend in as much as possible in order to avoid being detected!
This allows us to mask in our own source code, which can be used in order to infect the system further.
What is Code injection πΈπΈππΈπΈ
Code injection is a much similar process much like DLL injection. The key difference here is that this is more focused around the masking of shell code that is converted to hexadecimal format, and then obfuscated in order to RCE the system.
These two methods can be combined in order to do both in one go if needed. You can use either or to get the job done! If you get creative with it, you can nest in RCE commands, that also pipe in source code for you to infect the system with.
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
