[SANS ISC] From RunDLL32 to JavaScript then PowerShell

SANS Internet Storm Center, Security One comment

I published the following diary on isc.sans.edu: “From RunDLL32 to JavaScript then PowerShell“:

I spotted an interesting script on VT a few days ago and it deserves a quick diary because it uses a nice way to execute JavaScript on the targeted system. The technique used in this case is based on very common LOLbin: RunDLL32.exe. The goal of the tool is, as the name says, to load a DLL and execute one of its exported function:

C:\> rundll32.exe sample.dll,InvokedFunction()

Many Windows OS functions can be invoked through RunDLL32… [Read more]

One comment

  1. Pingback: [SANS ISC] From RunDLL32 to JavaScript then PowerShell - SecuritNEWS

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.