Privilege Escalation and Whitelisting Bypass with Proxy DLLs
Presenter: Jake Williams, Principal Consultant, Rendition Infosec
The loading mechanism used for Windows DLLs is poorly understood by application developers and threat hunters. Attackers are capitalizing on this using Proxy DLLs. This talk will cover the highlights of this surprisingly effective technique and teach attendees how to find 0-day vulnerabilities and become better threat hunters
https://www.rsaconference.com/apj/age...
