DLL Preloading Attack
- 3. Topics to Be Covered:
History of DLL Loading Vulnerabilities
Types of DLL Loading Vulnerability
DLL Search Order
What can affect search order
Demo
Recommendation
- 4. History of DLL Loading Vulnerabilities
The pretty old theory of dll became popular when Microsoft released their security
advisory for ‘Insecure Library Loading’ in 2010.
https://technet.microsoft.com/library/security/2269637
- 5. Types of DLL Loading Vulnerability
DLL Hijacking
DLL Preloading
- 7. What can Affect Search Order
Issue with search order:
System Searches directories in below order
The directory from which the application loaded.
System directory (C:WindowsSystem32).
The 16-bit system directory (C:WindowsSystem).
The Windows directory (C:Windows).
If attacker gets access to any of these orders , he can put a malicious dll with the name of legitimate in
that path.
- 8. Recommendation
Use Fully qualified Path.
Use DLL redirection or Manifest
SafeDllSearch Mode
Disable write permission to folders