all InfoSec news
Cobalt Strike - OneDrive DLL injection
Oct. 13, 2022, 12:28 a.m. | /u/EpicOfAllEpics
cybersecurity www.reddit.com
Therefore, when investigating the missing OneDrive DLL's with ProcMon, the file "cscapi.dll" is loaded from "C:\Users\%USERNAME%\AppData\Local\Microsoft\OneDrive".
This allows threat actors to gain persistence when end-user opens OneDrive since the DLL will be loaded in the process.
https://youtu.be/bs_fMlw6DvE
cobalt cobalt strike cybersecurity dll injection onedrive strike
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Consultant
@ Auckland Council | Central Auckland, NZ, 1010
Security Engineer, Threat Detection
@ Stripe | Remote, US
DevSecOps Engineer (Remote in Europe)
@ CloudTalk | Prague, Prague, Czechia - Remote
Security Architect
@ Valeo Foods | Dublin, Ireland
Security Specialist - IoT & OT
@ Wallbox | Barcelona, Catalonia, Spain