Using WhatsApp for Malware Persistence

Here I demonstrate how a DLL Search Order Hijack bug in WhatsApp for Windows can be exploited by Malware to remain persistent. It's a little tongue-in-cheek, but showcases how to search for DLL insSearch Order Hijacks and also how commonly installed applications can be harnessed by bad-guys for malicious purposes. If you want to find out more about DLL Search Order Hijacking you should definitely check out the following links: https://docs.microsoft.com/en-us/windows/desktop/dlls/dynamic-link-library-security http://www.binaryplanting.com/guidelinesDevelopers.htm Link to my slides: https://docs.google.com/presentation/d/1k4N0m03YKZh8Nr5E0Uzhs5IYKWUp2A4gLygNwXKVGng/edit?usp=sharing How to compile your own DLLs using msfvenom: https://kb.help.rapid7.com/discuss/599b70eba72c84001bddb4a4 Link to my PoC doc file: https://www.virustotal.com/#/file/79d8a5c685009fdfcfc84f88826655e21931879d9484fa95541f97096705547c/detection Link to ProcMon Filter file https://jmp.sh/KaEQkWd If you liked this video, please press "Like" If you loved it, please Subscribe! Also, if you want to chat malware / exploits / vulnerabilities then please follow me on https://twitter.com/cybercdh Thanks for watching!