Corpus ID: 13846444

Reflective Dll Injection

  title={Reflective Dll Injection},
  author={Stephen Fewer},
Disclaimer The information in this paper is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the reader's… Expand
Dymo: Tracking Dynamic Code Identity
Dymo is presented, a system that provides a dynamic code identity primitive that tracks the run-time integrity of a process and can be used to detect code integrity attacks and an extension to Dymo that labels network packets with information about the process that originated the traffic. Expand
An empirical study of DLL injection bugs in the Firefox ecosystem
This work empirically investigate bugs that were caused by third-party DLL injections into the Mozilla Firefox browser and found that 93 bugs led to crashes and 57 bugs (55.3%) were cause by antivirus software. Expand
Looking Inside the (Drop) Box
A method to bypass Dropbox's two factor authentication and hijack Dropbox accounts is described, and generic techniques to intercept SSL data using code injection techniques and monkey patching are presented. Expand
OIC-CERT Journal of Cyber Security
Universal Windows Platform (UWP) is the Microsoft’s recent platform-homogeneous application architecture. It al-lows a code to run on variety of devices including PC, mobile devices, etc., withoutExpand
Fides: remote anomaly-based cheat detection using client emulation
This paper examines a range of cheat methods and initial measurements that counter them, showing that a Fides prototype is able to efficiently detect several existing cheats, including one state-of-the-art cheat that is advertised as "undetectable". Expand
Cloud-Based Application Whitelisting
This paper presents a cloud-based application whitelisting system called CLAW, which leverages this centralized management flexibility to guarantee that only application binaries in a pre-approved set are allowed to run in each virtual machine under its management. Expand
An In-memory Embedding of CPython for Offensive Use
An embedding of CPython that runs entirely in memory without “touching” the disk is offered, which meets customers’ needs to quickly emulate threat-actors’ tasks, techniques, and procedures (TTPs). Expand
Extending applications using an advanced approach to DLL injection and API hooking
This paper presents two novel approaches to DLL injection and API hooking, which it has a notable practical value for beneficial practical applications of injection and hooking approaches, which are present in malware detection programs and computer security tools. Expand
DNS Tunneling for Network Penetration
This paper presents a new Metasploit module for integrated penetration testing of DNS tunnels and uses that module to evaluate the potential of DNStunnels as communication channels set up through standard, existing exploits and supporting many different command-and-control malware modules. Expand
Vulnerability of the Process Communication Model in Bittorrent Protocol
A potential attack that exploits a certain vulnerability of BitTorrent based systems is discussed, revealed that any adversary can exploit the vulnerability of the process communication model used in P2P by injecting any malicious process inside the BitTorrent application itself exposed by sniffing the exchanged BitTorrent packets through LAN. Expand


Peering Inside the PE: A Tour of the Win32 Portable Executable File Format
The Portable Executable (PE) file format that Microsoft has designed for use by all their Win32®-based systems: Windows NT®, Win32sTM, and Windows® 95 is given. Expand
An In-Depth Look into the Win32 Portable Executable File Format
  • An In-Depth Look into the Win32 Portable Executable File Format
Microsoft Portable Executable and Common Object File Format Specification http
  • Microsoft Portable Executable and Common Object File Format Specification http
Reflective Dll Injection
  • Reflective Dll Injection
Remote Library Injection
  • Remote Library Injection