September 12, 2022
Video Blog: Using DLL Persist to Avoid Detection
Written by
Scott Nusbaum
Incident Response
Incident Response & Forensics
![](https://trusted-sec.transforms.svdcdn.com/production/images/Nusbaum_Vlog_2022-Blog-Cover-Template-LinkedIn.png?w=320&h=320&auto=compress%2Cformat&fit=crop&dm=1695237359&s=c48f24f48b1d8ffb52ed3613950858e6)
During an Incident Response case, the TrustedSec IR team came across a novel method used by an attacker to maintain access to the target’s servers. After gaining access to the systems, the attacker then modified a DLL required by a service to include malicious code. This video demonstrates a similar process for embedding malicious code into a benign DLL to create a method of persistence that is not easily detected