Cobalt Strike Hunting — DLL Hijacking/Attack Analysis

DLL Hijacking via Cobalt Strike & Attack Analysis.

Agenda

  • Hijack Execution Flow: DLL Search Order Hijacking.
  • Payload extraction from the PCAP (VT, Triage, and CyberChef Analysis).
  • Attack Analysis.
  • DLL Hijacking via Cobalt Strike/Sysrep.

--

--

--

Security Researcher [RED&BLUE]

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Report Email Threats

CVE-2021–40444 Microsoft MSHTML Remote Code Execution Exploit

Update of a leak: Bad QA of iOS 15.0.2 led to comprehensive exposure of ISO.org

November Blog Recap

deFIRE IDO KYC and Whitelisting Process

How to check-out your Mining Acceleration NFT on ConfluxScan?

HTB Cyber Apocalypse 2021 — SoulCrabber

Eigen Weekly Report — 06.21:The new learning channel has been opened

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Koczwara

Michael Koczwara

Security Researcher [RED&BLUE]

More from Medium

SOC143 — Password Stealer Detected (Letsdefend.io) step-by-step analysis

Practical Malware Analysis Labs

LetsDefend: Hijacked NPM Package/Supply Chain Compromise

Attack Simulation (Why it is Important!) Part 2 — Get one’s ducks in a row