DLL Hijacking is a nice tool we can count on when pentesting Windows systems. It is a very common mechanism mainly used for privilege escalation and to avoid Windows' User Account Control. It can be performed easier than you might think if software isn't appropriately secured and user privileges aren't well defined. In this post we will try to clarify how DLL Hijacking works and how potentially exposed you can be if vulnerable to this kind of attack. You will also find some tips on how to prevent this kind of attacks. What is Dynamic Library Linking? If you are reading this post, you might already be familiar with how code usually has dependencies on other third party code to provide certain functionalities. If not, you might be interested in reading this piece of information before continuing with this reading. There are basically two ways we can load libraries into our code: Static linking : Our program is linked with the external libraries at compile time. This means t...
We are living a historical peak moment in hype for artificial intelligence. In a matter of one year generative models have sneaked into our everyday lives and become the biggest headache for teachers correcting homework. This fast development and general usage has resulted in spreading the idea of artificial intelligence as a digital servant that thinks for us and gives us entertaining conversations. This popular concept might actually be underestimating the potential of these tools for the good will, but also for the bad. By the way, I used a free image generator in a webpage to generate the picture below, for it to work as a post miniature in the blog feed. AI as a (new) threat If you have an email address or a phone number, I am almost certain you have been target of some sort of scam attempt. These scams generally try to either steal your credentials for some application or convince you to send someone some amount of money for whatever reason that could make you think of it as a go...