Persistence – AppInit DLLs

2020-01-07T09:39:00
ID PENTESTLAB:733B7654A7D69012A3BDAE672D1E0FFF
Type pentestlab
Reporter Administrator
Modified 2020-01-07T09:39:00

Description

Windows operating systems provide the functionality to allow custom DLL's to be loaded into the address space of almost all application processes. This can give the opportunity for persistence since an arbitrary DLL can be loaded that will execute code when applications processes are created on the system. Administrator level privileges are required to implement […]