Detecting DLL Hijacking Attacks — Part 1


The post explicitly covers the scenario of planting a DLL in a different folder and making an application load it instead of the original DLL. Some of the techniques covered in this scenario are DLL Search Order Hijacking, DLL Sideloading, and Path interception hijacking.

DLL hijacking ( T1574 ) is one of the most favorite techniques used by attackers. In this post, I’ll explain a method to hunt/detect where a DLL with an invalid signature is used for DLL hijacking.

DLL Hijacking methods are v…

Read More