Wednesday, August 7, 2019

Dll Hijacking in OneDrive

Dll Hijacking in OneDrive.exe

Summary
C:\Users\%username%\AppData\Local\Microsoft\OneDrive can be assessed which is read/write/exec by user. And then dll file which is related with onedrive.exe drop in that folder.



Fig: 1


Fig 2


Fig 3


Fig 4




Details Ref:
https://resources.infosecinstitute.com/dll-hijacking/
https://attack.mitre.org/techniques/T1038/

No comments:

Post a Comment

Privileged arbitrary file read (CVE-2020-16938) with The Sleuth Kit

After I read one of post from twitter which is about @jonasLyk's  CVE-2020-16938  , I've some idea to do without using 7 zip file ma...