TO THE NEW has been organizing conferences and actively participating in various conferences as well. I was invited to attend a presentation at SANS Community Night in Delhi, India on 14th Jan 2016. The topic of the talk was “DIY vulnerability discovery with DLL Side Loading“, and it’s use as stealthy persistence technique for malware propagation. The critical impact of these vulnerabilities was explained and the presenter emphasized on the fact that most vulnerable DLLs go unnoticed.
The venue was good and easy to locate. The event started with registration of the attendees and the talk started at 7:30 PM in the evening. The talk was presented in a well planned manner and the concepts were explained from the basics. The concepts were also very well demonstrated by a live demo by the presenter Jake Williams. The details of the event and training can be found at the official website of SANS Cyber Defence Delhi 2016.
We at TO THE NEW have a habit of attending conferences. We got to meet some prominent personalities in Information Security domain and it is good to share our experiences in the application security realm.
It was a great experience attending the conference, some of the key take away were:
- Import tables & abusing DLL search paths.
- Icacls.exe utility.
- Safe DLL Search Mode and loading of DLLs from working directory.
- Common threats and KnownDLLs.
- DLL Search Path (unsafe) and significance of path variables.
- Default DLL Search Path (SafeSearch).
- Ghost DLL injection and gflags.
- Tools to check DLL injection such as Procmon and SXSTrace.
- Practical defenses.
Below are the details of the talk I attended. The presentation is present on mediafire and the same can be downloaded from the link below.
Talk: DIY vulnerability discovery with DLL Side Loading
Speaker: Jake Williams
Presentation: DLL Hijacking Like a Boss!
We will keep sharing our learning and experience in future Infosec events as well.