{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T13:13:45Z","timestamp":1770729225829,"version":"3.49.0"},"publisher-location":"Singapore","reference-count":23,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819712731","type":"print"},{"value":"9789819712748","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-97-1274-8_12","type":"book-chapter","created":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T19:20:02Z","timestamp":1710271202000},"page":"177-190","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A SLAHP in\u00a0the\u00a0Face of\u00a0DLL Search Order Hijacking"],"prefix":"10.1007","author":[{"given":"Antonin","family":"Verdier","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Romain","family":"Laborde","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohamed Ali","family":"Kandi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdelmalek","family":"Benzekri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,3,13]]},"reference":[{"key":"12_CR1","unstructured":"Chromium Docs - Chrome Security FAQ. https:\/\/chromium.googlesource.com\/chromium\/src\/+\/master\/docs\/security\/faq.md"},{"key":"12_CR2","unstructured":"CrowdStrike: 2020 Global threat report (2020). https:\/\/go.crowdstrike.com\/rs\/281-OBQ-266\/images\/Report2020CrowdStrikeGlobalThreatReport.pdf"},{"key":"12_CR3","unstructured":"Faou, M.: Turla crutch: keeping the \u201cback door\u201d open (2020). https:\/\/www.welivesecurity.com\/2020\/12\/02\/turla-crutch-keeping-back-door-open\/"},{"key":"12_CR4","unstructured":"Galvan, A., Nagaraju, S.S.: Triaging a DLL planting vulnerability $$|$$ MSRC blog $$|$$ microsoft security response center. https:\/\/msrc.microsoft.com\/blog\/2018\/04\/triaging-a-dll-planting-vulnerability\/"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Gates, C., Li, N., Chen, J., Proctor, R.: CodeShield: towards personalized application whitelisting. In: Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC 2012, p. 279. ACM Press, Orlando, Florida (2012)","DOI":"10.1145\/2420950.2420992"},{"key":"12_CR6","unstructured":"Gatlan, S.: Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows (2020). https:\/\/www.bleepingcomputer.com\/news\/security\/realtek-fixes-dll-hijacking-flaw-in-hd-audio-driver-for-windows\/"},{"key":"12_CR7","doi-asserted-by":"publisher","unstructured":"Halim, F., Ramnath, R., Sufatrio, Wu, Y., Yap, R.H.C.: A lightweight binary authentication system for windows. In: Karabulut, Y., Mitchell, J., Herrmann, P., Jensen, C.D. (eds.) Trust Management II, vol. 263, pp. 295\u2013310. Springer, Boston (2008). https:\/\/doi.org\/10.1007\/978-0-387-09428-1_19","DOI":"10.1007\/978-0-387-09428-1_19"},{"key":"12_CR8","unstructured":"Hunt, G., Brubacher, D.: Detours: Binary interception of win32 functions. In: Third USENIX Windows NT Symposium. p. 8. USENIX (1999). https:\/\/www.microsoft.com\/en-us\/research\/publication\/detours-binary-interception-of-win32-functions\/"},{"issue":"3","key":"12_CR9","doi-asserted-by":"publisher","first-page":"387","DOI":"10.3390\/jcp1030021","volume":"1","author":"G Karantzas","year":"2021","unstructured":"Karantzas, G., Patsakis, C.: An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors. J. Cybersecur. Privacy 1(3), 387\u2013421 (2021)","journal-title":"J. Cybersecur. Privacy"},{"key":"12_CR10","first-page":"113","volume":"22","author":"K Krombholz","year":"2015","unstructured":"Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113\u2013122 (2015)","journal-title":"J. Inf. Secur. Appl."},{"key":"12_CR11","unstructured":"Lechtik, M., Rascagn\u00e8res, P., Kayal, A.: LuminousMoth APT: Sweeping attacks for the chosen few. https:\/\/securelist.com\/apt-luminousmoth\/103332\/"},{"key":"12_CR12","unstructured":"Malura, M.: Dll proxy generator. https:\/\/github.com\/maluramichael\/dll-proxy-generator. original-date: 2018-09-29T20:51:52Z"},{"key":"12_CR13","unstructured":"Microsoft: Windows 2000 security hardening guide: Security configuration. https:\/\/web.archive.org\/web\/20080323071041\/https:\/\/www.microsoft.com\/technet\/security\/prodtech\/windows2000\/win2khg\/05sconfg.mspx#E6JBG"},{"issue":"11","key":"12_CR14","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1093\/comjnl\/bxw047","volume":"59","author":"B Min","year":"2016","unstructured":"Min, B., Varadharajan, V.: Rethinking software component security: software component level integrity and cross verification. Comput. J. 59(11), 1735\u20131748 (2016)","journal-title":"Comput. J."},{"key":"12_CR15","unstructured":"MITRE: Hijack Execution Flow: DLL Search Order Hijacking, Sub-technique T1574.001 - Enterprise $$|$$ MITRE ATT &CK\u00ae. https:\/\/attack.mitre.org\/techniques\/T1574\/001\/"},{"key":"12_CR16","unstructured":"MITRE: Hijack Execution Flow: DLL Side-Loading, Sub-technique T1574.002 - Enterprise $$|$$ MITRE ATT &CK\u00ae. https:\/\/attack.mitre.org\/techniques\/T1574\/002\/"},{"key":"12_CR17","unstructured":"National Vulnerability Database: NVD - CVE-2010-3129. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2010-3129"},{"key":"12_CR18","unstructured":"National Vulnerability Database: NVD - CVE-2010-3139. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2010-3139"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Oliveira, D., Rosenthal, M., Morin, N., Yeh, K.C., Cappos, J., Zhuang, Y.: It\u2019s the psychology stupid: how heuristics explain software vulnerabilities and how priming can illuminate developer\u2019s blind spots. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 296\u2013305. ACM (2014)","DOI":"10.1145\/2664243.2664254"},{"key":"12_CR20","unstructured":"Richter, J.: Load your 32 bit dll into another process\u2019s address space using injlib. Microsoft Syst. J. US Ed. 13\u201340 (1994)"},{"key":"12_CR21","unstructured":"Wheeler, S., Sherer, T.: Set-ProcessMitigation (ProcessMitigations). https:\/\/learn.microsoft.com\/en-us\/powershell\/module\/processmitigations\/set-processmitigation"},{"key":"12_CR22","unstructured":"Whitney, T., et al.: Linker support for delay-loaded DLLs. https:\/\/learn.microsoft.com\/en-us\/cpp\/build\/reference\/linker-support-for-delay-loaded-dlls"},{"key":"12_CR23","series-title":"IFIPAICT","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1007\/978-3-319-18491-3_3","volume-title":"Trust Management IX","author":"Y Wu","year":"2015","unstructured":"Wu, Y., Yap, R.H.C.: Simple and practical integrity models for binaries and files. In: Damsgaard Jensen, C., Marsh, S., Dimitrakos, T., Murayama, Y. (eds.) Trust Management IX. IFIPAICT, vol. 454, pp. 30\u201346. Springer, Cham (2015)"}],"container-title":["Communications in Computer and Information Science","Ubiquitous Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-1274-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T19:21:43Z","timestamp":1710271303000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-1274-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819712731","9789819712748"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-1274-8_12","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"13 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"UbiSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Ubiquitous Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Exeter","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 November 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 November 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ubisec2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/hpcn.exeter.ac.uk\/ubisec2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"MyReview","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"91","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"32% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}