Certified Ethical Hacker (CEH v13) — Question 205

John, a security analyst, is analyzing a server suspected of being compromised. The attacker has used a non admin account and has already gained a foothold on the system. John discovers that a new Dynamic Link Library is loaded in the application directory of the affected server. This DLL does not have a fully qualified path and seems to be malicious. What privilege escalation technique has the attacker likely used to compromise this server?

Answer options

• A. DLL Hijacking
• B. Named Pipe Impersonation
• C. Spectre and Meltdown Vulnerabilities
• D. Exploiting Misconfigured Services

Correct answer: A

Explanation

The correct answer is A, DLL Hijacking, as the presence of a malicious DLL without a fully qualified path indicates that the application may be loading a rogue version of a legitimate DLL. The other options, while representing different attack techniques, do not specifically relate to the scenario described involving a malicious DLL in the application directory.