Links

DLL Koppeling

Short guide on How to use the Koppeling project

What is DLL Koppeling?

It is a way to modify a DLL in a way that it could be utilised for DLL Sideloading
More details on why it is used and what's it purpose and why its better can be found here
Adaptive DLL Hijacking - NetSPI
NetSPI
Details about Koppeling project

How to use?

Quite easy, follow the below steps
Step1:- Get an exe which you want to hijack. I will use whoami.exe
whoami.exe execution can be hijacked by placing wkscli.dll in same directory
Step2:- Make your malicious dll as malicious.dll
Step 3:- copy the malicious.dll to the directory where you place whoami.exe
Step 4:- run the below command
Netclone.exe --target malicious.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
Step 5:- delete the malicious.dll
Step6:- you are now ready with the hijack exe and the associated DLL