As cyber adversaries become more sophisticated, detecting and neutralizing potential threats before they can cause any harm has become a top priority for cybersecurity professionals. It is also why threat hunting is a crucial skill. By mastering the art of cyber threat hunting, security professionals can build a robust defense and shield their organization from the ever-persistent menace of cyber threats.
This post launches a series called Hunting Rituals, as part of which Group-IB threat hunters will show you how to perform managed threat hunting using Group-IB Managed XDR, and EDR in particular. You will learn what recent threat hunting trends to keep an eye on, how to perform threat hunting within your infrastructure, and what threat hunting tools are used by professionals.
MITRE Attack Technique T1574.002 Hijack Execution Flow: DLL Side-Loading
Among the array of techniques employed by malicious actors, DLL side-loading (T1574.002, MITRE ATT&CK® Enterprise Matrix) has proven to be a cunning method to evade traditional security measures. According to the MITRE ATT&CK Framework, “adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking, side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).”...Read More!
