The ./havoc Podcast

John Dwyer: X-Force and DLL Side-Loading

Episode Summary

On this episode of The ./havoc Podcast, guest John Dwyer, Head of Research for the IBM Security X-Force, discusses his work on using PowerShell and Sysmon to hunt for evidence of DLL side-loading. He also provides some valuable insights into how to run a worldclass research organization and what it takes to maintain a healthy flow of useful research content. Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon - https://securityintelligence.com/posts/hunting-evidence-dll-side-loading-powershell-sysmon/ SideLoadHunter - https://github.com/XForceIR/SideLoadHunter Hunting for Windows “Features” with Frida: DLL Sideloading - https://securityintelligence.com/posts/windows-features-dll-sideloading/ Windows Feature Hunter (WFH) - https://github.com/xforcered/WFH Frida - https://frida.re/ John (@TactiKoolSec) is the Head of Research for the IBM Security X-Force where he leads research efforts to uncover interesting findings based on the work done by the client-facing teams, as well as development projects to improve cross-functional solutions to enhance X-Force service offerings. As a researcher within X-Force, John focused his efforts on researching adversary operations and developing simulation data to help drive improvements in the areas of incident response and threat hunting. Prior to joining X-Force John was a defensive cyber operations researcher helping the U.S. Army and U.S. Air Force improve incident response operations. John has spoken at multiple events including the SANS Threat Hunting Summits, ISC2 Security Congress, and Fulbright Commission Cybersecurity Exchange on threat hunting and ransomware operations. Video recording: https://youtu.be/Uk-cdoV004c

Episode Notes

On this episode of The ./havoc Podcast, guest John Dwyer, Head of Research for the IBM Security X-Force, discusses his work on using PowerShell and Sysmon to hunt for evidence of DLL side-loading. He also provides some valuable insights into how to run a worldclass research organization and what it takes to maintain a healthy flow of useful research content.

 

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon - https://securityintelligence.com/posts/hunting-evidence-dll-side-loading-powershell-sysmon/

SideLoadHunter - https://github.com/XForceIR/SideLoadHunter

Hunting for Windows “Features” with Frida: DLL Sideloading - https://securityintelligence.com/posts/windows-features-dll-sideloading/

Windows Feature Hunter (WFH) - https://github.com/xforcered/WFH

Frida - https://frida.re/

 

John (@TactiKoolSec) is the Head of Research for the IBM Security X-Force where he leads research efforts to uncover interesting findings based on the work done by the client-facing teams, as well as development projects to improve cross-functional solutions to enhance X-Force service offerings.

As a researcher within X-Force, John focused his efforts on researching adversary operations and developing simulation data to help drive improvements in the areas of incident response and threat hunting.  Prior to joining X-Force John was a defensive cyber operations researcher helping the U.S. Army and U.S. Air Force improve incident response operations.

John has spoken at multiple events including the SANS Threat Hunting Summits, ISC2 Security Congress, and Fulbright Commission Cybersecurity Exchange on threat hunting and ransomware operations.

 

Video recording: https://youtu.be/Uk-cdoV004c