Ransomware DLL Hijacking & “The Canary DLL”

You might have seen in some of the security news sites, articles reporting about a security researcher discovering a method to stop certain ransomware samples from running, including Thanos, Conti, REvil etc. The method in question is known as DLL Hijacking and I thought it would be a great opportunity to talk about it in a little more detail, it’s limitations and how a blue team could leverage this in order to add another layer of security.

Continue reading Ransomware DLL Hijacking & “The Canary DLL”