Tuesday, October 19, 2021

Persistence – DLL Hijacking

When a program is starting a number of DLL’s are loaded into the memory space of it’s process. Windows is searching the DLL’s that are required by the process by looking into the system folders in a specific order. Hijacking the search order can be used in red teaming scenarios to identify privilege escalation and persistence opportunities.

Furthermore reports showing common malware trying to masquerade as a DLL that is missing from a Windows process in order to execute arbitrary code and remai…

Read More

Latest news
Related news