From 1cdad586c841b34c4681cd30bf2b7a10151e2d21 Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Wed, 16 Dec 2015 14:48:09 -0800
Subject: Added a slight delay to Invoke-DllInjection validation

In some cases, the loaded module would show up as loaded after the check
occurred.
---
 CodeExecution/Invoke-DllInjection.ps1 | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CodeExecution/Invoke-DllInjection.ps1 b/CodeExecution/Invoke-DllInjection.ps1
index f862f92..369d606 100644
--- a/CodeExecution/Invoke-DllInjection.ps1
+++ b/CodeExecution/Invoke-DllInjection.ps1
@@ -313,9 +313,11 @@ http://www.exploit-monday.com
     # Close process handle
     $CloseHandle.Invoke($hProcess) | Out-Null
 
+    Start-Sleep -Seconds 2
+
     # Extract just the filename from the provided path to the dll.
-    $FileName = Split-Path $Dll -Leaf
-    $DllInfo = (Get-Process -Id $ProcessID).Modules | ? { $_.FileName.Contains($FileName) }
+    $FileName = (Split-Path $Dll -Leaf).ToLower()
+    $DllInfo = (Get-Process -Id $ProcessID).Modules | ? { $_.FileName.ToLower().Contains($FileName) }
 
     if (!$DllInfo)
     {
-- 
cgit v1.2.3