How to Evade Application Whitelisting Using REGSVR32
Summary
This article details a red team technique for evading application whitelisting defenses using the legitimate Windows utility REGSVR32. The author explains how this method can be used to execute malicious code despite robust security measures.
IFF Assessment
FOE
This article describes a technique that can be used by attackers to bypass security controls, making it bad news for defenders.
Defender Context
Defenders should be aware of this technique that abuses legitimate system tools to bypass application whitelisting. Monitoring for unusual REGSVR32 activity and script execution might be necessary to detect such evasions.