Secondary Categories: 02 - Privilege Escalation - 02 - Malware - 02 - Persistence - 02 - Defense Evasion
Description:
If you have administrative access you can drop a wkscli.dll into C:\Windows and get a shell on logon under the context of explorer.exe.
Resources:
| Title | URL |
|---|---|
| Mr-Un1k0d3r DLL Generator | https://github.com/Mr-Un1k0d3r/MaliciousDLLGenerator |
| Flanvik SharpDllProxy | https://github.com/Flangvik/SharpDllProxy |
| DLL Side Loading Video | https://www.youtube.com/watch?v=uPl28hTfFBs |
| DLL Export Viewer | https://www.nirsoft.net/utils/dll_export_viewer.html |
| Windows Procmon Download | https://docs.microsoft.com/en-us/sysinternals/downloads/procmon |
| DLL Function Proxy | https://github.com/ravinacademy/DllFunctionProxy |
| Mitre Hijack Execution Flow | https://attack.mitre.org/techniques/T1574/002/ |