Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Autoruns
  New Posts New Posts RSS Feed - Autoruns Feature Request (dll hijacking detection)
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Autoruns Feature Request (dll hijacking detection)

 Post Reply Post Reply
Author
Message
johnmccash View Drop Down
Newbie
Newbie


Joined: 21 May 2013
Status: Offline
Points: 30
Post Options Post Options   Thanks (0) Thanks(0)   Quote johnmccash Quote  Post ReplyReply Direct Link To This Post Topic: Autoruns Feature Request (dll hijacking detection)
    Posted: 25 September 2017 at 3:51pm
I have a suggestion for a  new feature for Autoruns. I'd like it to flag possible instances of dll search path hijacking for autorun entries. Would it be possible to, for each entry, scan the associated DLL search path and identify any duplicate filenames found in different elements of the path?

I'm particularly interested in the ability to detect 'AtomBombing', which employs dll search path hijacking, and is described in full at http://https://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions.

Thoughts?
John McCash
Back to Top
Martin Winkelmann View Drop Down
Newbie
Newbie


Joined: 10 September 2017
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote Martin Winkelmann Quote  Post ReplyReply Direct Link To This Post Posted: 08 October 2017 at 5:14pm
FYI OP, the link is broken, it begins with "http://:https://". The site supports https so you can just remove the http part.
Back to Top
johnmccash View Drop Down
Newbie
Newbie


Joined: 21 May 2013
Status: Offline
Points: 30
Post Options Post Options   Thanks (0) Thanks(0)   Quote johnmccash Quote  Post ReplyReply Direct Link To This Post Posted: 20 October 2017 at 10:50am
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.