Technique: DLL Side-Loading

ID: T1073

Export to Word

Description

Programs may specify DLLs that are loaded at runtime. Programs that improperly or vaguely specify a required DLL may be open to a vulnerability in which an unintended DLL is loaded. Side-loading vulnerabilities specifically occur when Windows Side-by-Side (WinSxS) manifests (Citation: MSDN Manifests) are not explicit enough about characteristics of the DLL to be loaded. Adversaries may take advantage of a legitimate program that is vulnerable to side-loading to load a malicious DLL. (Citation: Stewart 2014) Adversaries likely use this technique as a means of masking actions they perform under a legitimate, trusted system or software process.

Threat-Mapped Scoring

Threat Score: 0.0
Industry:
Threat Priority: Unclassified

ATT&CK Kill Chain Metadata

← Back to Home ← Back to TTP Search