CyberSecurityBoard
Sponsor Register Login

Attackers Can Bypass Windows Security Using New DLL Hijacking

Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks.
This attack method allows bypassing the privilege requirement for executing certain malicious codes on the affected system.
A new DLL Hijacking method has been discovered to be used by the threat actors, which uses the trusted WinSxS folder and exploits it by the use of the traditional DLL Search Order Hijacking technique.
This new method has been compatible with both Windows 10 and 11.
According to Security Joe's report, this approach allows for improvement and simplification of the DLL Search Order Hijacking method.
The behavior was possible due to the native behavior of Windows and the functionalities it offers for developers and end-users.
This new DLL hijacking method has a low probability of detection since the malicious code operates within the memory space of a trusted binary located in the Windows folder WinSxS. Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks.
According to the reports shared with Cyber Security News, this approach allows for improvement and simplification of the DLL Search Order Hijacking method.
This new DLL hijacking method has a low probability of detection since the malicious code operates within the memory space of a trusted binary located in the Windows folder WinSxS. The traditional DLL Search Order Hijacking method takes advantage of the applications that do not specify the full path to the file they require.
The only difference between the traditional and the new DLL hijacking technique is the targeting of files inside the WinSxS folder.
The application DLLs residing inside the WinSxS folder have elevated privileges that can be utilized for malicious purposes.
The WinSxS folder is primarily used for storing various versions of important system files side by side, additionally as a critical component to maintain and recover the Windows Operating system located in the C:WindowsWinSxS. To reveal the hidden secret, the original exploitation process was to place a custom malicious DLL into the designated directory, which closely resembles the name of the legitimate targeted DLL. Furthermore, a complete report has been published that provides detailed information about the proof of concept, exploitation, and other information.


This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 05 Jan 2024 07:10:31 +0000


Cyber News related to Attackers Can Bypass Windows Security Using New DLL Hijacking

Attackers Can Bypass Windows Security Using New DLL Hijacking - Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks. This attack method allows bypassing the privilege requirement for executing certain malicious codes on the ...
1 year ago Cybersecuritynews.com
Side-by-Side with HelloJackHunter: Unveiling the Mysteries of WinSxS - As we know, Dynamic-link library(DLL) Side loading / DLL Hijacking is nothing new, nor is Windows Side-by-Side; however, side loading is handy from an adversarial tradecraft perspective, be it for establishing initial access, persistence, privilege ...
8 months ago Blog.zsec.uk
CVE-2005-2127 - Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for ...
6 years ago
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
New DLL Search Order Hijacking Technique Targets WinSxS Folder - A new DLL search order hijacking technique allows adversaries to load and execute malicious code in applications within Windows' WinSxS folder, incident response company Security Joes reports. Typically, DLL search order hijacking abuses applications ...
1 year ago Securityweek.com
New DLL Search Order Hijacking Variant Evades Windows 10 and 11 Protections - Security researchers have outlined a fresh variant of a dynamic link library search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and ...
1 year ago Cysecurity.news
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
1 year ago Feeds.dzone.com
CVE-2005-1990 - Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, ...
3 years ago
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
8 months ago Blog.checkpoint.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
3 months ago Helpnetsecurity.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
11 months ago Esecurityplanet.com
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
3 months ago Bleepingcomputer.com
CVE-2018-6765 - Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an ...
5 years ago
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
7 months ago Esecurityplanet.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
3 months ago Cyberdefensemagazine.com
New Stellar Cyber Alliance to Deliver Email Security for SecOps Teams - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR has entered inao a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this ...
11 months ago Americansecuritytoday.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
11 months ago Cybersecuritynews.com
With the Right Support, Developers Can Lead Your Organization to Superior PCI-DSS 4.0 Compliance - The Payment Card Industry Data Security Standard version 4.0 will change almost everything about security for any business or organization that accepts electronic payments, which is a vast majority of them. Make no mistake, this update will be ...
1 year ago Feeds.dzone.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com
Benefits and challenges of managed cloud security services - Too many organizations lack the in-house cloud security expertise and resources needed to protect cloud assets effectively. One option to address these challenges is managed cloud security. Outsourcing cloud security to a third party not only helps ...
11 months ago Techtarget.com
DHS Awards UAA to Launch New ADAC-ARCTIC Center of Excellence - S&T will provide ADAC-ARCTIC $46 million over a 10-year cooperative agreement to establish this Research Center portfolio for Homeland Security in the Arctic. Vital insights from academic-led innovative research will help the Department of Homeland ...
1 year ago Americansecuritytoday.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
1 year ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)