Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management
 

DLL Side-loading Attack

This post explains what is a DLL side-loading attack in the context of IT security.

 

What is a DLL Side-loading Attack?

A Dynamic Linked Library (DLL) is a file that is used on Windows systems to group functions. By using DLLs, common functionality can be isolated and re-usability is enabled.

As DLL are particular for Windows OS, DLL side-loading attack apply only to this OS.

In Windows, programs can define which libraries are loaded at runtime by specifying a full path or using another mechanism such as a manifest. A program manifest is an external file within an application used to manage the names and versions of DLLs that applications load on execution.

A program manifest can include DLL redirections, filenames or full paths. If a manifest refers to only a library filename, it is considered a weak reference and is vulnerable to a DLL side-loading attack. If a manifest refers to only a library filename, it is considered a weak reference and is vulnerable to a DLL side-loading attack.

A DLL side-loading attack is an adversarial technique that aims to take advantage of weak library references and the default Windows search order by placing a malicious DLL file masquerading as a legitimate DLL on a system, which will be automatically loaded by a legitimate program.

 

Examples of real DLL side-loading attacks

This attack was used in the APT against DoD of United Stated disclosed on July 2020, that was allegedly performed by two Chinese hackers LI Xiaoyu and DONG Jiazhi. This is explained on Darknet Diaries podcast #103 “Cloud Hopper”.

 

External references

pmgallardo

About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , , , , ,

No comments yet.

Leave a Reply


*

Política de privacidad
Studii Salmantini. Campus de excelencia internacional