Launching a strange binary file on a target endpoint is a good way to raise alarm bells within the target organization's SOC. One of the more common #LOLBINS we see is to use RunDLL32.exe to execute malicious DLL files. This technique is well documented in MITRE's ATT&CK framework under T1085. In this post, we look … Continue reading Detecting RunDLL32 ATT&CK Techniques
dfirtnt.wordpress.com 