DLL Jmping: Old Hollow Trampolines in Windows DLL Land
Summary
This article details a technique called 'DLL Jmping,' an evolution of the older DLL hollowing method. It describes how attackers use this technique to execute shellcode from memory, bypassing some traditional security measures.
IFF Assessment
FOE
This article describes a new offensive technique that adversaries can use to evade defenses, making it bad news for defenders.
Defender Context
Defenders need to be aware of advanced evasion techniques like DLL Jmping, as they can be used to bypass common security controls. Monitoring for unusual process behavior, memory manipulation, and the execution of shellcode from unexpected locations will be crucial.