From 40d28c8b9b7dac8fd39739c7876ef58fefbda739 Mon Sep 17 00:00:00 2001 From: Freezed Date: Thu, 2 Feb 2023 15:12:56 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Update=20live=20notes=20for=20DLL?= =?UTF-8?q?=20injection?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...-paris-2023-02-demo-security-side-loading.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/content/vtt-paris-2023-02-demo-security-side-loading.md b/content/vtt-paris-2023-02-demo-security-side-loading.md index 56b122a..99eaaa9 100644 --- a/content/vtt-paris-2023-02-demo-security-side-loading.md +++ b/content/vtt-paris-2023-02-demo-security-side-loading.md @@ -1,6 +1,5 @@ -DLL Side Loading & Process Injection : comment ça marche ?: DLL Side Loading & Process Injection : comment ça marche ? +Title: DLL Side Loading & Process Injection : comment ça marche ?: DLL Side Loading & Process Injection : comment ça marche ? Date: 2023-02-02 14:58 -Summary: SUMMARY Category: Bloc-notes Tags: vtt, ovh, talk, paris, security Status: published @@ -20,12 +19,14 @@ _**Support**: sur [`?`][support]_ Notes personnelles ================== -* - - -* -* - - - +* Échapper a la détection des antivirus +* Injection de process? + - voir `MITRE|ATT&CK + - utiliser un process de confiance: `explorer.exe` sous windows, un antivirus, etc. +* Example: calculatrice windows + - win achi: loader / runing process + - side loading: 2 soft de confiance sont utilisé pour créer un thread +* demo [author]: https://www.linkedin.com/in/%F0%9F%94%91-s%C3%A9bastien-m%C3%A9riot-8b1b74a