skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

New DCOM Technique Enables Remote Code Execution

/ 1 min read

🦠 New DCOM Upload & Execute Technique Redefines Lateral Movement Attacks. Security researcher Eliran Nissan from Deep Instinct has unveiled a sophisticated lateral movement technique called “DCOM Upload & Execute,” which exploits the IMsiServer interface in Windows for remote code execution. This method circumvents traditional DCOM hardening by utilizing undocumented functionalities, allowing attackers to upload and execute custom DLLs on target machines. The attack involves creating and uploading malicious DLLs to the Global Assembly Cache, followed by remote execution, effectively embedding a backdoor. While powerful, the technique requires both systems to be in the same domain and leaves behind clear indicators of compromise, highlighting the need for enhanced defenses against overlooked DCOM objects.

Source
{entry.data.source.title}
Original