Dynamic Linking Injection and LOLBAS Fun | allinfosecnews.com

March 28, 2023, 1:05 p.m. | Emmaline

Blog - Praetorian www.praetorian.com

Dynamic-Linking Injection and LOLBAS Fun Introduction LoadLibrary and LoadLibraryEx are how Windows applications load shared libraries at runtime. Praetorian recently tested a .NET web application that unsafely passed user input into LoadLibrary. In this article, we discuss this vulnerability class, dubbed dynamic-linking injection. We begin with an explanation of the vulnerability. We then walk through […]

The post Dynamic Linking Injection and LOLBAS Fun appeared first on Praetorian.

application applications article class discuss dynamic fun injection input introduction lolbas praetorian product security runtime vulnerability vulnerability research web web application windows

More from www.praetorian.com / Blog - Praetorian

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 1 week ago | www.praetorian.com

ant application customers cve +21

MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 2 months ago | www.praetorian.com

article can cross-site cswsh +17

Exploiting Kubernetes through Operator Injection 2 months, 2 weeks ago | www.praetorian.com

application applications attack attackers +20

Relution Remote Code Execution via Java Deserialization Vulnerability 3 months ago | www.praetorian.com

application article can clients +26

Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 3 months, 2 weeks ago | www.praetorian.com

attack cd security ci compromise +5

Understanding the Impact of the new Apache Struts File Upload Vulnerability 4 months, 2 weeks ago | www.praetorian.com

abuse apache apache struts bug +23

SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 4 months, 3 weeks ago | www.praetorian.com

authentication authentication bypass bypass code +19

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 4 months, 4 weeks ago | www.praetorian.com

analysis application code code execution +17

Why Azure B2C ROPC Custom Flows Are Inherently Insecure 5 months ago | www.praetorian.com

active directory administrators api authentication +23

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604

View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö

View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963

View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000

View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto

View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto

View on infosec-jobs.com