📌 Save the Environment
Many applications appear to rely on Environment Variables such as
By changing these variables on process level, it is possible to let a legitimate program load arbitrary DLLs.
Research:
https://www.wietzebeukema.nl/blog/save-the-environment-variables
Source Code:
https://github.com/wietze/windows-dll-env-hijacking
#maldev #dll #hijacking #environment
Many applications appear to rely on Environment Variables such as
%SYSTEMROOT% to load DLLs from protected locations. By changing these variables on process level, it is possible to let a legitimate program load arbitrary DLLs.
Research:
https://www.wietzebeukema.nl/blog/save-the-environment-variables
Source Code:
https://github.com/wietze/windows-dll-env-hijacking
#maldev #dll #hijacking #environment
👍9