September 12, 2022
Video Blog: Using DLL Persist to Avoid Detection
Written by
Scott Nusbaum
Incident Response
Incident Response & Forensics
During an Incident Response case, the TrustedSec IR team came across a novel method used by an attacker to maintain access to the target’s servers. After gaining access to the systems, the attacker then modified a DLL required by a service to include malicious code. This video demonstrates a similar process for embedding malicious code into a benign DLL to create a method of persistence that is not easily detected