Intruders in the Library: Exploring DLL Hijacking
released on 2024-02-26 @ 09:58:03 AM
This report provides background on DLL hijacking, a technique used by threat actors to run malware stealthily. It explains how DLL hijacking works by abusing the Windows DLL search order and gives examples of its use by advanced persistent threat groups and cybercriminals in real campaigns. The report covers common implementations like DLL side-loading and phantom DLL loading, and best practices for detection and mitigation.