this post was submitted on 29 Jul 2025
4 points (100.0% liked)

blueteamsec

448 readers
12 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
4
Taming the Windows Module Loading for Stealthy Injection (youtu.be)
submitted 2 weeks ago by digicat to c/blueteamsec
1 comments fedilink hide all child comments
top 1 comments
sorted by: hot top controversial new old
[–] henfredemars 2 points 2 weeks ago

This technique is surprisingly not entirely new to me. I was messing around with the loader internals and found that DllMain call conditions are quite broader than I originally thought, and we can change it at runtime. I'm most surprised that the loader actually respects this runtime change.