Siofra, developed by Forrest Williams, Senior Security Researcher at Cybereason, is a tool designed to identify and exploit DLL hijacking vulnerabilities in Windows programs.
How Siofra works...
It simulates the Windows loader in order to give visibility into all of the dependencies (and corresponding vulnerabilities) of a PE on disk, or alternatively an image file in memory corresponding to an active process. Siofra contains automated methods of combining UAC auto-elevation criteria with the aforementioned functionality in order to scan for UAC bypass vulnerabilities. It easily generates DLLs to exploit these types of vulnerabilities via PE infection with dynamic shellcode creation.
Some of this tool is open source to help security researchers understand the technical details of this project. Forrest specifically provided assembler source code for one of the 64-bit implant shellcodes (for 64-bit PE DLL infection when specifying a "process" payload type).