DLL Proxy Loading Your Favourite C# Implant

This post is hosted over at redteaming.co.uk, you are being redirected

DLL Side-Loading or DLL Proxy loading allows an attacker to abuse a legitimate and typically signed executable for code-execution on a compromised system. Mitre has been keeping a log of this technique since 2017, and it continues to be a popular option by threat actors (For good reasons!)

Proxy loading is very similar to DLL hijacking, however, it does not break the execution flow or functionality of the original program. This can also be used as a method of persistence, on top of hiding malicious activity behind a legitimate application.