- Jan 30, 2023
Interesting. I have some questions:
How do you know that the in-memory DLL injection is related to Meterpreter and not to another malware?
Which part of your solution detects reflective DLL loading? If I correctly remember, WDAC cannot cover all such techniques.
Did you test your solution against Meterpreter attacks started with exploits?
But you didn't ask the important question: How to get initial access?
So like I said, give me something I can test/run and I will post a video and show you.