- An attack where a legitimate application is tricked into loading a malicious DLL. - Relies on where the program loads DLLs from and the order or priority of where it loads from. - Some insecure applications may load DLL's from their working directory before system paths. - Often used to bypass application whitelisting and EDR detection. Hijacking vs Sideloading DLL Hijacking exploits search-order weaknesses, while DLL Sideloading abuses trusted signed applications to load attacker-controlled DLLs.