Using WhatsApp for Malware Persistence

yaGPWmvjKu4/default.jpg

Here I demonstrate how a DLL Search Order Hijack bug in WhatsApp for Windows can be exploited by Malware to remain persistent. It's a little tongue-in-cheek, but showcases how to search for DLL insSearch Order Hijacks and also how commonly installed applications can be harnessed by bad-guys for malicious purposes.

If you want to find out more about DLL Search Order Hijacking you should definitely check out the following links:
https://docs.microsoft.com/en-us/wind...
http://www.binaryplanting.com/guideli...

Link to my slides:
https://docs.google.com/presentation/...

How to compile your own DLLs using msfvenom:
https://kb.help.rapid7.com/discuss/59...

Link to my PoC doc file:
https://www.virustotal.com/#/file/79d...

Link to ProcMon Filter file
https://jmp.sh/KaEQkWd

If you liked this video, please press "Like"
If you loved it, please Subscribe!

Also, if you want to chat malware / exploits / vulnerabilities then please follow me on https://twitter.com/cybercdh

Thanks for watching!

yaGPWmvjKu4/default.jpg
Using WhatsApp for Malware Persistence Using WhatsApp for Malware Persistence Reviewed by Unknown on January 20, 2019 Rating: 5