What dependencies are required to run Vermillion Hunter?

You will need Python with the frida and frida-tools packages installed, and optionally MinGW G++ for specific automated validation scripts.

Can this skill be used for defensive security purposes?

Yes, it includes specific defensive countermeasures, detection signals, and pre-configured Sysmon rules to help organizations protect against the vulnerabilities it identifies.

Which MITRE ATT&CK techniques does this skill cover?

The skill maps directly to T1574.002 (DLL Side-Loading) and T1546.015 (Event Triggered Execution: COM Hijacking).

What is the primary purpose of Vermillion Hunter?

It is designed to identify exploitable Windows features, specifically focusing on DLL sideloading and COM hijacking for security research and vulnerability assessment.

Vermillion Hunter

Name: Vermillion Hunter
Author: plurigrid

byplurigrid

•

安全与测试

Identifies exploitable Windows DLL sideloading and COM hijacking vulnerabilities using Frida-based dynamic instrumentation.

Vermillion Hunter is a specialized security analysis skill designed for red teamers and security researchers to discover high-value persistence and privilege escalation vectors on Windows systems. By leveraging Frida to hook critical APIs like LoadLibrary and RegQueryValueEx, it automates the detection of weak DLL references and shadowable COM objects. This tool significantly outperforms traditional methods, as demonstrated by its ability to validate hundreds of unique sideloading opportunities, and provides direct mapping to MITRE ATT&CK techniques T1574.002 and T1546.015 for comprehensive security reporting.

主要功能

01Built-in support for scanning signed Windows binaries and System32 files

02Identification of COM Hijacking (T1546.015) persistence vectors

03Automated detection of DLL Sideloading (T1574.002) vulnerabilities

047 GitHub stars

05Frida-based dynamic instrumentation for real-time API hooking

06Integration with defensive countermeasures and Sysmon detection rules

使用场景

01Conducting advanced penetration testing and security audits on Windows environments

02Automating the discovery of persistence vectors in signed system binaries

03Generating custom Sysmon rules and defensive signals based on real-time exploit discovery

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi vermillion-hunter

For use in Claude.ai and ChatGPT

Download Skill