I am doing research on Windows agents built with C++. I have explored DLL hijacking, ensuring the DLL search order and folder permissions are correct. However, I observed that certain unwanted executable files are being read from a different folder with write permissions for standard users. Although it seems to only involve read operations and not opening queries, I placed my own executable file, and it doesn't execute. Are there any other possible attacks?
@@MotasemHamdan but as far as i can see after using the tasklist command it doesn't shows user name which we can see when we go through the task manager-> detail
Nice video clear explanation 👏
I am doing research on Windows agents built with C++. I have explored DLL hijacking, ensuring the DLL search order and folder permissions are correct. However, I observed that certain unwanted executable files are being read from a different folder with write permissions for standard users. Although it seems to only involve read operations and not opening queries, I placed my own executable file, and it doesn't execute. Are there any other possible attacks?
A question how can we see which use has access to the process in cmd instead of task manager?
use tasklist command
@@MotasemHamdan but as far as i can see after using the tasklist command it doesn't shows user name which we can see when we go through the task manager-> detail
Question - couldn't you just inject a system dll like hal32.dll?