We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

DLL injection

Hackers Allegedly Selling Windows Crypter Claims Bypass of All Antiviruses
Tech Optimizer
June 2, 2025

Hackers Allegedly Selling Windows Crypter Claims Bypass of All Antiviruses

Underground cybercriminal forums are seeing an increase in advanced malware tools, including a Windows crypter that claims to bypass major antivirus solutions. This crypter is marketed as fully activated and capable of achieving Full Undetectable (FUD) status against contemporary antivirus engines. It employs advanced obfuscation techniques to evade detection, including code injection methods, entropy manipulation, and anti-debugging features. The tool allows for granular control over obfuscation parameters, enabling customization for specific target environments. The rise of such sophisticated evasion tools poses challenges for traditional endpoint security, making organizations vulnerable if they rely solely on signature-based antivirus solutions. To defend against these threats, organizations should adopt multi-layered security architectures, including behavioral analysis and endpoint detection and response (EDR) solutions.
0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows
Winsage
February 5, 2025

0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows

A critical 0-Day vulnerability has been identified in Microsoft Sysinternals tools, allowing attackers to exploit DLL injection techniques to execute harmful code. This vulnerability has been verified and remains unresolved despite being disclosed to Microsoft over 90 days ago. The Sysinternals tools, including Process Explorer, Autoruns, and Bginfo, are widely used for system analysis and troubleshooting but lack integration with the Windows Update system, requiring manual management of security patches. The vulnerability stems from how Sysinternals tools load DLL files, prioritizing untrusted paths over secure system directories. Attackers can place a malicious DLL in the same directory as a legitimate Sysinternals executable, leading to the execution of arbitrary code under the user's privileges. A real-world example demonstrated that an attacker could deploy a Trojan via the Bginfo tool by loading a malicious DLL from a network directory. The vulnerability affects multiple Sysinternals applications, and a comprehensive list is available from the researcher. Microsoft has classified the issue as a "defense-in-depth" enhancement rather than a critical vulnerability, focusing on local execution rather than risks associated with network paths. As of December 2024, the vulnerability remains unpatched, prompting users to take precautionary steps such as avoiding running tools from network locations and verifying DLL integrity.
Search