DIY vulnerability discovery with DLL Side Loading

Tuesday, 22 Sep 2015 10:00PM EDT (23 Sep 2015 02:00 UTC)
Speaker: Jake Williams

In this talk, Jake (contributing author on FOR526, FOR610, and SEC760) will teach you how to discover vulnerabilities like a rock star using DLL side loading. This technique (ab)uses the way Windows searches for DLLs to load into a program. The behavior is nearly laughable and introduces serious risks, especially when developers don't understand filesystem permissions. Attackers know this and use it for privilege escalation and stealthy persistence.

Once you understand how DLL side loading works, you'll be able to find it in your next investigation. Plus you'll look like a infosec rock star when you find vulnerabilities in your organization's custom software.

Login to Register

Related Content

Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming

November 16, 2023

A Visual Summary of SANS HackFest Summit

Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023

Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming

October 4, 2023

SEC670 Prep Quiz Answers

Answers for the SEC670 Prep Quiz. For more details about the course and the quiz, please clickthrough to see the quiz article.

Jonathan Reiter

Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming

October 4, 2023

Take The Prerequisite SEC670 Quiz

This ten question quiz will help you in determining if you are ready to take SEC670.

Jonathan Reiter