Browsing tag
Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. […]
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. “Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities,” Trend Micro security researcher Christopher So said in a report published […]
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach “leverages executables commonly found in the trusted WinSxS folder and […]
An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems. Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the […]
Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. What is DLL hijacking ? Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path (triggering this search process), you can then place your […]
Injects C# EXE or DLL Assembly into any CLR runtime and AppDomain of another process. The injected assembly can then access static instances of the injectee process’s classes and therefore affect it’s internal state. Usageclrinject-cli.exe -p <processId/processName> -a <assemblyFile> Opens process with id <processId> or name <processName>, inject <assemblyFile> EXE and execute Main method. Additional […]
While doing some research on the inner workings of Microsofts new Antimalware Scan Interface technology within Windows 10, i found a DLL loading vulnerabilty within PowerShell 5. The reason i did some research is because some offensive PowerShell scripts i use within my own Red Teaming tool called p0wnedShell are getting blocked by Windows Defender […]
Oracle patches Java installer against DLL hijacking issue. Oracle has released new Java installers to fix a well-known security issue (CVE-2016-0603) that also affects o plethora of other applications, from Web browsers to antivirus products, and from file compressors to home cinema software. The problem is called DLL hijacking (or DLL side-loading) and refers to the […]
Dll hijacking is a vulnerability that is caused by a misbehavior practiced by all versions of Windows.Many people believe that is a feature and not a bug because it was intended to be made this way by Microsoft. Basically, it works by creating a custom malicious dll and putting it in the same directory of […]