Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
PoC Report
He
ap
Destro
y
- DLL Rootkit PoC R
epo
rt
Ra
y
theon Blackbird Technolo
g
i
es,
Inc. 2 28 Au
g
ust 2015
Use or disclosure of data contained on this sheet is su
bje
ct to the restrictions on the title
page
of this document.
UNCLASSIFIED
this way, we are able to leverage the OS-handled relocations but effectively disappear from
process lists. Additionally, because the library has been freed at this point, the library can self
delete itself, but continue execution.
3.0 (U) Recommendations
(U) We recommend developing a PoC that incorporates the fixes detailed above. With these
fixes, we believe that the PoC will demonstrate the ability to use the Operating System loader for
slient loading and will also enable file self-deletion.