/SideloadFinder

frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.

Primary LanguagePythonApache License 2.0Apache-2.0

Logo

SideloadFinder

Description

A simple script which automates the process of discovering and exploiting DLL Hijacks in target binaries by frida hook, icon created by ERNIE Bot.

Features

  • Dynamic DLL Hijacks(use like LoadLibrary)
  • Static DLL Hijacks(DIRECTORY_ENTRY_IMPORT)

Usage:

sideload_finder.py  -i  testcase -o out.csv

{'type': 'send', 'payload': {'payload_type': 'dll', 'dll': 'wsc.dll', 'flag': 0}}
{'type': 'send', 'payload': {'payload_type': 'proc', 'proc': '_run@4'}}
ae90c0a08698d698182043ede236e528.exe,wsc.dll,0x0,_run@4

output

Reference

https://github.com/knight0x07/ImpulsiveDLLHijack