Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced Windows DLL loading mechanisms and their exploitation for stealthy code execution in this 40-minute conference talk from x33fcon. Discover how the complexities of Windows module loading can be manipulated to achieve code execution both locally and remotely using only read/write operations, bypassing traditional heavily-monitored APIs like CreateRemoteThread and QueueUserAPC. Learn about the intricate Windows internals that manage DLL loading throughout a process's lifespan, including module tracking, memory location management, and EntryPoint execution control. Understand how tampering with module structures within processes enables code execution with significant stealth advantages for red team operations, as execution is triggered by Windows' own native routines and loading functions. Examine practical applications including API Proxying techniques for indirect API execution and novel process injection methods that rely solely on memory read/write operations in target processes, providing enhanced evasion capabilities against modern AV/EDR solutions.
