ippsec i am so amazed that your channel is so organized and consistent as well as putting timestamps in each video you release i do not know how thank you, you made it easy for us to learn i appreciate it too much 🖤🖤
lul 14:55 "Let's see... is there a process name?" >Proceeds to pass directly over "Process Name" no less than 3 times. Great video all the same. Subscribed.
This is such good information. It's surprising that DLL hijacking isn't talked about more in this community. This is core education for any aspiring red teamer.
Thank you for sharing another great video. I'm grateful for the knowledge you've shared. I've lived in this area for 10 years and I'm excited to share this with my team, especially with the "kids". Your video will help them understand the topic much faster than my long and sometimes boring lectures.
Maybe these shortcuts don't work if you're in a vm, but on windows 10 if you hit win+x it will open a menu, if you then hit i, it will open powershell, if you do win+x and then a, it will open powershell as admin. These shortcuts work for the english version of windows, other languages sometimes have other keys once you're inside the menu. Very informative video!
Hey ippsec, I am not able to cd or dir ..\.dotnet\ I tried different ways but it is not working. I am using Windows 11. is it the one causing issues or what is it ?
It’s not high on my priority list because it’s not valuable for defenders to understand that concept. I try to keep it at a basics level for red team stuff.
can you do priv esc with this? Find some app running as system with a missing dll and slap a fake dll into writeable path to run some commands would be my guess
@@hexagon6290 you dont need to replace an existing DLL for that... i didnt looked the video so idk if ippsec talks about it but im sure he did, you just see what DLL isnt found by known software installed in the victim workstation on a writable directory
I fell like you are quite swifty with winapi, any tips? Maybe some video with basics? I don't know why but when I see MS documentation I just want to puke, I barely understand anything
such good info... and doing it live helps a lot to avoid those 'natural' mistakes... ps: you site design seems just useful... no sh***... just all the juice...
No worries, I plan on uploading raw clips or redoing them like this one for the YT. I’m just more comfortable in interacting with people live if there’s no record of it. I may setup the patreon again and post recordings there, just don’t want to do it before it’s a routine
Man oh man. More of this type of content please. Anyone know of a way to bypass cdn or cloud providers to find origin IP? My trusty python script that always works is failing on some of these cloud hosted sites or cloud firewall
ippsec i am so amazed that your channel is so organized and consistent as well as putting timestamps in each video you release i do not know how thank you, you made it easy for us to learn i appreciate it too much 🖤🖤
lul
14:55 "Let's see... is there a process name?"
>Proceeds to pass directly over "Process Name" no less than 3 times.
Great video all the same. Subscribed.
This is such good information. It's surprising that DLL hijacking isn't talked about more in this community. This is core education for any aspiring red teamer.
It is talked a lot but you dont see it because you just look at channel where only basic stuff is teach
Thank you for sharing another great video. I'm grateful for the knowledge you've shared. I've lived in this area for 10 years and I'm excited to share this with my team, especially with the "kids". Your video will help them understand the topic much faster than my long and sometimes boring lectures.
OMG Nice timing ippsec! was doing a thick client test and actually trying some dll hijacking stuff. lol this is really helpful.
So MANY of the episodes are bangers
Me at 8 in the morning after many hours of HTB "Im in a weird state" xD Love your videos, very organized and just full of information 👌
It is always a pleasure watching Your videos. Thank You Ippsec!
The right daily dose of cyber security, thank you so much for this awesome demo.so well explained.
Thanks for the amazing content IppSec! Love your channel, keep em coming!
wow this video showed a couple of cool ideas, which were unknown to me. got my sub
Amazing video IppSec, thanks
Maybe these shortcuts don't work if you're in a vm, but on windows 10 if you hit win+x it will open a menu, if you then hit i, it will open powershell, if you do win+x and then a, it will open powershell as admin.
These shortcuts work for the english version of windows, other languages sometimes have other keys once you're inside the menu.
Very informative video!
But is is possible to write the code that you did in c++ with c#? Because when i do it and i try i'm getting error trying to access peotected memory
Very Helpful! Please do more like this. Thanks!
Helpful videos! Love your content.
Would love to catch a live stream some day on Twitch.
😁wow that’s cool 👍the best part
Amazing content, thanks for sharing
Hey ippsec, I am not able to cd or dir ..\.dotnet\ I tried different ways but it is not working. I am using Windows 11. is it the one causing issues or what is it ?
More persistence and slipping under the radar! :D
Oh didn't realize you are on Twitch now. I'll be sure to check out your streams.
thanks for the video...it would be great if you share some evasion techniques of (modern AV/EDR..) using DLL hijacking.
That sounds like a very dangerous thing to share. I wouldn't do a video on something so weaponizable.
Just use base64 encoding works all the time
Offensive Security has entered the chat.
@@ippsec if I'm not wrong your doing part of cybersecurity and penetration testing and of course they are part of it any thanks you help us every day😊
pepsic is an anagram of ippsec.
Amazing video.Thank you ❤️
Pretty awesome !
Another great video...
Great video!
this is so awesome
you are great, i love it
Being new at DLL hijacking, I am having trouble understanding how DLL proxying works. Would love a dedicated video about that topic. Cheers!
It’s not high on my priority list because it’s not valuable for defenders to understand that concept. I try to keep it at a basics level for red team stuff.
If anyone is curious like myself about DLL proxying, check this out ruclips.net/video/tSdyfaJ7T50/видео.html
Amazing info
can you do priv esc with this? Find some app running as system with a missing dll and slap a fake dll into writeable path to run some commands would be my guess
Yes, that is certainly possible.
Some apps you can replace a DLL they load with your own and gain privs that way
@@hexagon6290 yeah thats the goal, I need to find some weak (writeable and loading dlls that arent in KnownDlls) file running as NT Authority.
@@hexagon6290 you dont need to replace an existing DLL for that... i didnt looked the video so idk if ippsec talks about it but im sure he did, you just see what DLL isnt found by known software installed in the victim workstation on a writable directory
Wow)) It is fantastic
thnaks for content !
Wonderful.
If cscapi.dll is replaced by your customized one, won't it affect the normal behavior of explorer.exe?
Normally if you don’t use a dll proxy technique yes. However, I think explorer just imports cscapi but doesn’t use it
sir you did not show how to fix it
I fell like you are quite swifty with winapi, any tips? Maybe some video with basics? I don't know why but when I see MS documentation I just want to puke, I barely understand anything
such good info...
and doing it live helps a lot to avoid those 'natural' mistakes...
ps: you site design seems just useful... no sh***... just all the juice...
hey ippsec. Is it possible to watch the twitch live stream history?
Nope, think i said it at the start of the video but at this time, I don't plan on releasing VOD's for my streams.
@@ippsec I'm sorry I missed it. By the way, thanks for everything you taught me.
No worries, I plan on uploading raw clips or redoing them like this one for the YT. I’m just more comfortable in interacting with people live if there’s no record of it. I may setup the patreon again and post recordings there, just don’t want to do it before it’s a routine
❤️
Waw, u r such a gem
Can you do more content about win api with c
I got a cat ?
heeyyy
ipp
dll
Man oh man. More of this type of content please. Anyone know of a way to bypass cdn or cloud providers to find origin IP? My trusty python script that always works is failing on some of these cloud hosted sites or cloud firewall
First
The website needs a domain renewal. Anyway thanks for the content.
Ippsec thank you very much