# DLL Koppeling

## What is DLL Koppeling?

It is a way to modify a DLL in a way that it could be utilised for DLL Sideloading

More details on why it is used and what's it purpose and why its better can be found here

{% embed url="<https://www.netspi.com/blog/technical/adversary-simulation/adaptive-dll-hijacking/>" %}
Details about Koppeling project
{% endembed %}

## How to use?

Quite easy, follow the below steps&#x20;

Step1:- Get an exe which you want to hijack. I will use whoami.exe

whoami.exe execution can be hijacked by placing wkscli.dll in same directory

Step2:- Make your malicious dll as malicious.dll

Step 3:- copy the malicious.dll to the directory where you place whoami.exe

Step 4:- run the below command&#x20;

```
Netclone.exe --target malicious.dll --reference  C:\windows\system32\wkscli.dll  --output wkscli.dll
```

&#x20;Step 5:- delete the malicious.dll

Step6:- you are now ready with the hijack exe and the associated DLL&#x20;