[SANS ISC] Python DLL Injection Check

I published the following diary on isc.sans.edu: “Python DLL Injection Check“:

They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products. They like to inject plenty of code that, combined with API hooking, implements security checks. If DLLs are injected into processes, they can be detected and it’s a common anti-debugging or evasion technique implemented by many malware samples. If you’re interested in such techniques, they are covered in the FOR610 training. The detection relies on a specific API call GetModuleFileName()… [Read more]

The post [SANS ISC] Python DLL Injection Check appeared first on /dev/random.

Article Link: [SANS ISC] Python DLL Injection Check - /dev/random