Whats discord used for7/13/2023 ![]() This combined with it's popularity peaked my interest. Adversaries can also use this technique for persistence mechanisms.ĭiscord in some instances requires Administrator privs when Push-To-Talk is overidden by other Administrative applications. Pending the AV/EDR, payloads can be executed in an'trusted' context. When the application is being run as Administrator, this could lead to a local elevation of privilege."įirst off, gaining execution context under a trusted application is useful for proxy execution of malicious payloads. The effect of such attacks could be that an attacker can execute code in the context of the user who is running the application. ![]() These attacks are known as “DLL preloading attacks” and are common to all operating systems that support dynamically loading shared DLL libraries. ![]() If an attacker gains control of one of the directories, they can force the application to load a malicious copy of the DLL instead of the DLL that it was expecting. ![]() "When an application dynamically loads a dynamic link library (DLL) without specifying a fully qualified path, Windows tries to locate the DLL by searching a well-defined set of directories. The severity of these attacks is dependent on a variety of factors, primarily application context. What is DLL hijacking and why is it useful?ĭLL hijacking has been around a very long time. This is an upstream vulnerability introduced by their dependencies of Node. I understand this too an extent, but they don't seem to make any attempt to verify these DLL's or load them using best practices as directed by Microsoft: They choose to not recognize DLL hijacking unless it's related to the discord installer binary. I submitted this vuln to discord via their hackerone program. This can be beneficial for attackers requiring proxy execution to bypass EDR Note This is a simple quick example of DLL hijacking enabling proxy execution for the Discord Binary. ![]() Discord DLL hijacking / Automation via Excel Macros. ![]()
0 Comments
Leave a Reply. |