Using WhatsApp for Malware Persistence
Here I demonstrate how a DLL Search Order Hijack bug in WhatsApp for Windows can be exploited by Malware to remain persistent. It's a little tongue-in-cheek, but showcases how to search for DLL insSearch Order Hijacks and also how commonly installed applications can be harnessed by bad-guys for malicious purposes.
If you want to find out more about DLL Search Order Hijacking you should definitely check out the following links:
https://docs.microsoft.com/en-us/wind...
http://www.binaryplanting.com/guideli...
Link to my slides:
https://docs.google.com/presentation/...
How to compile your own DLLs using msfvenom:
https://kb.help.rapid7.com/discuss/59...
Link to my PoC doc file:
https://www.virustotal.com/#/file/79d...
Link to ProcMon Filter file
https://jmp.sh/KaEQkWd
If you liked this video, please press "Like"
If you loved it, please Subscribe!
Also, if you want to chat malware / exploits / vulnerabilities then please follow me on https://twitter.com/cybercdh
Thanks for watching!