DLL Jmping: Old Hollow Trampolines in Windows DLL Land
Summary
This article discusses DLL jmping, an advanced technique used by malware authors to execute shellcode by creating memory-backed DLLs. It highlights how modern defensive mechanisms like Control Flow Guard (CFG) and Export Function Guard (XFG) make traditional DLL hollowing methods challenging, necessitating evolved approaches.
IFF Assessment
FOE
This article details an advanced technique that malware authors can use, representing a potential threat to defenders.
Defender Context
Defenders should be aware of advanced code injection techniques like DLL jmping, which can evade traditional security controls. Understanding these methods is crucial for developing more robust detection and prevention strategies against sophisticated malware.