In one of my darker moments, I decided to install Hyper-V on my Windows 10 desktop. While looking into other issues on my system, I noticed that during sytstem startup vmms.exe, which is related to Hyper-V, was looking for a DLL in a directory I had added to my path. To test out if this…
All posts in July 2020
Unprivileged Zoom Persistence Part 2 – COM Hijacking
In a previous post I discussed how to do user persistence with the Zoom client by abusing its folder permissions to drop a DLL and patching the Zoom.exe binary. Zoom fixed the issue of dropping an arbitrary DLL to be loaded by Zoom by adding a check for loaded DLLs, and patching the binary is…