DLL Side Loading Technique #Threat Hunting & #Adversary Emulation

One of my favorite techniques, which every APT group uses in cyber attacks, involves DLL SideLoading.

Most commonly, we see APT groups using signed Microsoft executables to load malicious DLLs.

From the attacker’s point of view :
The threat actor sends a zip file containing a malicious DLL and a Microsoft-signed executable. The threat actor tricks the user into executing the signed executable. When the executable is run, the malicious DLL is loaded, downloads the second stage payload, creates persistence, …

actor adversary adversary emulation apt apt group apt groups attacker attacks blue team cyber cyber attacks cybersecurity dll dll sideloading emulation file hunting malicious microsoft point sideloading techniques threat threat actor threat hunting zip