Module stomping is an injection technique that can be used to load our own code into another process.
The way it works is by loading a legitimate DLL into a process, and then “stomping” on it with our own code. This is more evasive than injecting our own code directly as it will appear to be part of a signed, legitimate DLL.
While playing around with TeraCopy 3.9.7, I noticed I am able to copy over folders that a regular user has no permission to access. This essentially led to arbitrary file read.
Running accesschk.exe I see that even files I had no permission for as a regular user, have become RW on the copy.
DLL proxying refers to replacing a DLL with our own, which will provide the same functionality as the original one.
This was seen recently in the 3CX supply chain attack, where a modified ffmpeg would load malicious code.
The advantages of doing this are providing persistence, as well as privilege escalation in some cases.
This is my attempt at listing material I used to learn programming and reverse engineering.
It is by no means a complete list andd I don’t speak from a place of authority in the topic.
Table of Contents Table of Contents Debuggers and Disassembler Monitoring Applications Monitoring Network Traffic Hex Editors Learning material Tutorials Debuggers and Disassembler x64dbg
In the previous article we set up our analysis environment and now are ready to reverse engineer our first application.
While searching for a suitable target for this article, I came across these challenges from OWASP. The ones in the link above become progressively more difficult so they will make good practice.