Explore >> Select a destination
|
You are here 
|
pentestlab.blog | ||
| | | | |
openpunk.com
|
|
| | | | | Recently I faced a rather intimidating problem while working on a project. The problem was fairly simple from an objective point of view: "How do I load a DLL into a process on startup?" Now you might be wondering, "Why not just patch the IAT (import address table) on the executable and force it to load your payload DLL??" Yes! That was my exact thoughts too, however for reasons I'll explain it wasn't that simple. | |
| | | | |
redteaming.co.uk
|
|
| | | | | DLL Side-Loading or DLL Proxy loading allows an attacker to abuse a legitimate and typically signed executable for code-execution on a compromised system. Mitre has been keeping a log of this technique since 2017, and it continues to be a popular option by threat actors (For good reasons!) Proxy loading is very similar to DLL... | |
| | | | |
lab52.io
|
|
| | | | | The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. | |
| | | | |
vadosware.io
|
|
| | | Professional (software) yak shaving, writ large. No part of the software stack is left unshaven. | ||
