DLL Sideloading for stable persistence скачать в хорошем качестве

DLL Sideloading for stable persistence

Part II of DLL Sideloading introductions. This time it's specifically about persistence instead of initial access payloads. In those cases, especially for pre-installed applications, it's needed to have a stable process which doesn't crash or has a LoaderLock. We are going through some typical issues plus provide two approaches for stable execution. 0:21 - Start, Introduction 6:30 - Sideloading example for Version.dll in C++ 11:30 - MessageBox success but multiple C2 connections 13:25 - Shellcode execution instead with multiple connections but the process died 16:00 - Troubleshooting the potential issue 24:00 - More stable Alternative No. one: Payload execution from another function than DllMain 35:40 - Alternative to API monitor for targeted payload function execution 43:50 - Chromium/Electron based protection mechanisms as root cause for crashes 46:35 - Automating payload generation with my private Packer 54:22 - Ideas for avoiding multiple time execution 01:09:00 - Avoid execution in any protected child process 01:11:00 - Even better: Using a Mutex for single time execution 01:18:42 - Summarization Links mentioned:    • DLL Sideloading   https://github.com/mrexodia/perfect-d... https://www.netspi.com/blog/technical... https://elliotonsecurity.com/perfect-... https://gist.github.com/S3cur3Th1sSh1...