ippsec i am so amazed that your channel is so organized and consistent as well as putting timestamps in each video you release i do not know how thank you, you made it easy for us to learn i appreciate it too much 🖤🖤
lul 14:55 "Let's see... is there a process name?" >Proceeds to pass directly over "Process Name" no less than 3 times. Great video all the same. Subscribed.
This is such good information. It's surprising that DLL hijacking isn't talked about more in this community. This is core education for any aspiring red teamer.
Thank you for sharing another great video. I'm grateful for the knowledge you've shared. I've lived in this area for 10 years and I'm excited to share this with my team, especially with the "kids". Your video will help them understand the topic much faster than my long and sometimes boring lectures.
Maybe these shortcuts don't work if you're in a vm, but on windows 10 if you hit win+x it will open a menu, if you then hit i, it will open powershell, if you do win+x and then a, it will open powershell as admin. These shortcuts work for the english version of windows, other languages sometimes have other keys once you're inside the menu. Very informative video!
It’s not high on my priority list because it’s not valuable for defenders to understand that concept. I try to keep it at a basics level for red team stuff.
Hey ippsec, I am not able to cd or dir ..\.dotnet\ I tried different ways but it is not working. I am using Windows 11. is it the one causing issues or what is it ?
such good info... and doing it live helps a lot to avoid those 'natural' mistakes... ps: you site design seems just useful... no sh***... just all the juice...
I fell like you are quite swifty with winapi, any tips? Maybe some video with basics? I don't know why but when I see MS documentation I just want to puke, I barely understand anything
can you do priv esc with this? Find some app running as system with a missing dll and slap a fake dll into writeable path to run some commands would be my guess
@@hexagon6290 you dont need to replace an existing DLL for that... i didnt looked the video so idk if ippsec talks about it but im sure he did, you just see what DLL isnt found by known software installed in the victim workstation on a writable directory
No worries, I plan on uploading raw clips or redoing them like this one for the YT. I’m just more comfortable in interacting with people live if there’s no record of it. I may setup the patreon again and post recordings there, just don’t want to do it before it’s a routine
Man oh man. More of this type of content please. Anyone know of a way to bypass cdn or cloud providers to find origin IP? My trusty python script that always works is failing on some of these cloud hosted sites or cloud firewall
ippsec i am so amazed that your channel is so organized and consistent as well as putting timestamps in each video you release i do not know how thank you, you made it easy for us to learn i appreciate it too much 🖤🖤
lul
14:55 "Let's see... is there a process name?"
>Proceeds to pass directly over "Process Name" no less than 3 times.
Great video all the same. Subscribed.
This is such good information. It's surprising that DLL hijacking isn't talked about more in this community. This is core education for any aspiring red teamer.
It is talked a lot but you dont see it because you just look at channel where only basic stuff is teach
Thank you for sharing another great video. I'm grateful for the knowledge you've shared. I've lived in this area for 10 years and I'm excited to share this with my team, especially with the "kids". Your video will help them understand the topic much faster than my long and sometimes boring lectures.
OMG Nice timing ippsec! was doing a thick client test and actually trying some dll hijacking stuff. lol this is really helpful.
Me at 8 in the morning after many hours of HTB "Im in a weird state" xD Love your videos, very organized and just full of information 👌
So MANY of the episodes are bangers
It is always a pleasure watching Your videos. Thank You Ippsec!
Maybe these shortcuts don't work if you're in a vm, but on windows 10 if you hit win+x it will open a menu, if you then hit i, it will open powershell, if you do win+x and then a, it will open powershell as admin.
These shortcuts work for the english version of windows, other languages sometimes have other keys once you're inside the menu.
Very informative video!
The right daily dose of cyber security, thank you so much for this awesome demo.so well explained.
Thanks for the amazing content IppSec! Love your channel, keep em coming!
wow this video showed a couple of cool ideas, which were unknown to me. got my sub
thanks for the video...it would be great if you share some evasion techniques of (modern AV/EDR..) using DLL hijacking.
That sounds like a very dangerous thing to share. I wouldn't do a video on something so weaponizable.
Just use base64 encoding works all the time
Offensive Security has entered the chat.
@@ippsec if I'm not wrong your doing part of cybersecurity and penetration testing and of course they are part of it any thanks you help us every day😊
pepsic is an anagram of ippsec.
Very Helpful! Please do more like this. Thanks!
Helpful videos! Love your content.
Would love to catch a live stream some day on Twitch.
Amazing video IppSec, thanks
😁wow that’s cool 👍the best part
Amazing content, thanks for sharing
Oh didn't realize you are on Twitch now. I'll be sure to check out your streams.
More persistence and slipping under the radar! :D
But is is possible to write the code that you did in c++ with c#? Because when i do it and i try i'm getting error trying to access peotected memory
Being new at DLL hijacking, I am having trouble understanding how DLL proxying works. Would love a dedicated video about that topic. Cheers!
It’s not high on my priority list because it’s not valuable for defenders to understand that concept. I try to keep it at a basics level for red team stuff.
If anyone is curious like myself about DLL proxying, check this out th-cam.com/video/tSdyfaJ7T50/w-d-xo.html
Amazing video.Thank you ❤️
Hey ippsec, I am not able to cd or dir ..\.dotnet\ I tried different ways but it is not working. I am using Windows 11. is it the one causing issues or what is it ?
Another great video...
Great video!
such good info...
and doing it live helps a lot to avoid those 'natural' mistakes...
ps: you site design seems just useful... no sh***... just all the juice...
you are great, i love it
Pretty awesome !
this is so awesome
I fell like you are quite swifty with winapi, any tips? Maybe some video with basics? I don't know why but when I see MS documentation I just want to puke, I barely understand anything
can you do priv esc with this? Find some app running as system with a missing dll and slap a fake dll into writeable path to run some commands would be my guess
Yes, that is certainly possible.
Some apps you can replace a DLL they load with your own and gain privs that way
@@hexagon6290 yeah thats the goal, I need to find some weak (writeable and loading dlls that arent in KnownDlls) file running as NT Authority.
@@hexagon6290 you dont need to replace an existing DLL for that... i didnt looked the video so idk if ippsec talks about it but im sure he did, you just see what DLL isnt found by known software installed in the victim workstation on a writable directory
Wow)) It is fantastic
If cscapi.dll is replaced by your customized one, won't it affect the normal behavior of explorer.exe?
Normally if you don’t use a dll proxy technique yes. However, I think explorer just imports cscapi but doesn’t use it
Amazing info
hey ippsec. Is it possible to watch the twitch live stream history?
Nope, think i said it at the start of the video but at this time, I don't plan on releasing VOD's for my streams.
@@ippsec I'm sorry I missed it. By the way, thanks for everything you taught me.
No worries, I plan on uploading raw clips or redoing them like this one for the YT. I’m just more comfortable in interacting with people live if there’s no record of it. I may setup the patreon again and post recordings there, just don’t want to do it before it’s a routine
thnaks for content !
sir you did not show how to fix it
Wonderful.
❤️
Can you do more content about win api with c
I got a cat ?
ipp
dll
Waw, u r such a gem
First
Man oh man. More of this type of content please. Anyone know of a way to bypass cdn or cloud providers to find origin IP? My trusty python script that always works is failing on some of these cloud hosted sites or cloud firewall
heeyyy
The website needs a domain renewal. Anyway thanks for the content.
Ippsec thank you very much