The technique of using memory-based library loading has been around for a number of years. It is available in different forms and for different operating systems. It has been popularized in the security-space with long-standing techniques perhaps even longer than some are aware. And here I thought that I found or did some new evasion. This talk discusses a library for Windows that is still maintained but has been seemingly overlooked for over a decade (or has it?), and how it can be used against the next-generation securing of the digitals.
Casey has been living a dream of the software development and security industries for just over 10 years. With an early exposure to security research and development, he has endured many sleepless nights of analyzing Microsoft Patch Tuesday releases, coding sprees, and even compliance and regulatory initiatives for commercial and government sectors. In recent years he has provided technical leadership within global security operations, developed frameworks for security awareness initiatives, and conducted large-scale application security assessments and penetration tests. His background is in security research, software development, static & dynamic software security analysis, reverse engineering all the things, and reading a lot of technical documents and source code.