Wednesday, October 27, 2021

New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution

BOF – Lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking

ServiceMove is a POC code for an interesting lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.

A non-existing DLL file (i.e., hid.dll) will be loaded everytime when “Windows Perception Simulation Service” was started. By inserting a crafted DLL in “C:\Windows\System32\PerceptionSimulation” and starting the service remotely…

Read More

Latest news
Related news