DLL Hijacking

• https://hijacklibs.net/

• https://github.com/XForceIR/SideLoadHunter/tree/main/SideLoads

• https://dec0ne.github.io/research/2021-04-26-DLL-Proxying-pt1/

• https://blog.cyble.com/2022/07/27/targeted-attacks-being-carried-out-via-dll-sideloading/

• https://besteffortteam.it/onedrive-and-teams-dll-hijacking/

• https://www.binarydefense.com/resources/blog/demystifying-dll-hijacking-understanding-the-intricate-world-of-dynamic-link-library-attacks/

• https://xss.is/threads/67021/

• https://xss.is/threads/67718/

• https://www.r-tec.net/r-tec-blog-dll-sideloading.html

• https://www.netspi.com/blog/technical-blog/adversary-simulation/adaptive-dll-hijacking/

Print debug output from a DLL to a file:

Print debug output from a DLL to dbgview:

DLL Side-Loading with ISO Packing

• https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

• https://blog.sunggwanchoi.com/recreating-an-iso-payload-for-fun-and-no-profit/

• https://github.com/ChoiSG/OneDriveUpdaterSideloading

Generate a proxy DLL with SharpDLLProxy:

Create an exec link (also here):

Pack all the files into an ISO with PackMyPayload:

Unlock DllMain

• https://elliotonsecurity.com/perfect-dll-hijacking/

• https://github.com/ElliotKillick/LdrLockLiberator

• https://elliotonsecurity.com/what-is-loader-lock/

• https://habr.com/ru/articles/792424/

CVE-2025-24076, CVE-2025-24994

• https://blog.compass-security.com/2025/04/3-milliseconds-to-admin-mastering-dll-hijacking-and-hooking-to-win-the-race-cve-2025-24076-and-cve-2025-24994/

DLL Proxying

• https://github.com/Flangvik/SharpDllProxy

• https://github.com/tothi/dll-hijack-by-proxying

• https://github.com/kagasu/ProxyDllGenerator

• https://github.com/namazso/dll-proxy-generator

• https://github.com/mrexodia/perfect-dll-proxy

Shhhloader

• https://github.com/icyguider/Shhhloader

DLL ForwardSideloading

• https://www.hexacorn.com/blog/2025/08/19/dll-forwardsideloading/

• https://hexacorn.com/d/apis_fwd.txt