This document summarizes a presentation about DLL loading vulnerabilities. It begins with an introduction to the presenter and their background. The topics to be covered are then outlined, including the history of DLL loading issues, types of vulnerabilities like hijacking and preloading, how the DLL search order works and can be affected, recommendations for secure development practices, and references. A demonstration will also be included.

2. About Me
Security Consultant at Capmemini Pvt.Ltd.
Bug Bounty Haunter
Passionate about

3. Topics to Be Covered:
 History of DLL Loading Vulnerabilities
 Types of DLL Loading Vulnerability
 DLL Search Order
 What can affect search order
 Demo
 Recommendation

4. History of DLL Loading Vulnerabilities
 The pretty old theory of dll became popular when Microsoft released their security
advisory for ‘Insecure Library Loading’ in 2010.
https://technet.microsoft.com/library/security/2269637

5. Types of DLL Loading Vulnerability
 DLL Hijacking
 DLL Preloading

6. DLL Search Order
Using:
 Standard Search Order
 A Fully qualified path
 Manifest
 DLL Redirection
 SafeDllSearchMode

7. What can Affect Search Order
 Issue with search order:
System Searches directories in below order
The directory from which the application loaded.
System directory (C:WindowsSystem32).
The 16-bit system directory (C:WindowsSystem).
The Windows directory (C:Windows).
If attacker gets access to any of these orders , he can put a malicious dll with the name of legitimate in
that path.

8. Recommendation
 Use Fully qualified Path.
 Use DLL redirection or Manifest
 SafeDllSearch Mode
 Disable write permission to folders

9. Thank You
References:
https://msdn.microsoft.com/en-
us/library/windows/desktop/ff919712(v=vs.85).aspx
https://technet.microsoft.com/library/security/2269637
https://blog.netspi.com/testing-applications-for-dll-preloading-vulnerabilities/