DLL Koppeling

Short guide on How to use the Koppeling project

What is DLL Koppeling?

It is a way to modify a DLL in a way that it could be utilised for DLL Sideloading

More details on why it is used and what's it purpose and why its better can be found here

How to use?

Quite easy, follow the below steps

Step1:- Get an exe which you want to hijack. I will use whoami.exe

whoami.exe execution can be hijacked by placing wkscli.dll in same directory

Step2:- Make your malicious dll as malicious.dll

Step 3:- copy the malicious.dll to the directory where you place whoami.exe

Step 4:- run the below command

Netclone.exe --target malicious.dll --reference  C:\windows\system32\wkscli.dll  --output wkscli.dll

Step 5:- delete the malicious.dll

Step6:- you are now ready with the hijack exe and the associated DLL

Last updated