Skip to Main Content
September 12, 2022

Video Blog: Using DLL Persist to Avoid Detection

Written by Scott Nusbaum
Incident Response Incident Response & Forensics

During an Incident Response case, the TrustedSec IR team came across a novel method used by an attacker to maintain access to the target’s servers. After gaining access to the systems, the attacker then modified a DLL required by a service to include malicious code. This video demonstrates a similar process for embedding malicious code into a benign DLL to create a method of persistence that is not easily detected