Some of the words
My main idea:
Hijack the implementation based on the whitelist DLL, thereby bypassuac
After a simple test, two methods win10, Win11 can be successfully used
You can go to my github to find the tools:
https://github.com/YangSirrr/YangsirRedTeamTools
Actual use
Find a program with autoElevate properties and DLL hijacking defects
Confirm hijackable DLL
Writing malicious DLL
Here, we tried to find the DLL under System32, but found that our DLL can not be written into the system32 directory, so we removed the application, and then looked for the DLL
Through practice can easily find some DLL hijacking whitelist programs
Progress using DLL hijacking, writing malicious DLLS, thus triggering pop-ups, execute CMD with high privileges so as to bypass UAC
In order to resist detection, ensure long-term availability, the source part is not open source, I believe that you have a certain experience, of course, it is also very simple to reproduce my way of using
Clean up after you're done,Using the clean program
The second method is the same with DLL hijacking, but in a different whitelist implementation
bypass the win10 defender
/1.png)