Cyber Security Incident Response

Abstract

In response to the growing cyber-attack threat, incident response teams have become a critical component of an organization's cybersecurity strategy. These teams are responsible for detecting, analyzing, and responding to security incidents promptly and effectively. However, detecting code injection attacks can be particularly challenging, as they can be difficult to detect and often go unnoticed until it is too late. Cybersecurity professionals use detection tools to detect and respond to DLL injection attacks that monitor system activity and detect unusual behavior. A large portion of the related literature focuses on the use of commercial DLL injection tools. In contrast, little attention has been paid to the effectiveness of using open-source DLL injection detection tools. Thus, this research project aims to evaluate the effectiveness of three widely used open-source tools, VirusTotal, Sysinternals, and Yara, in detecting DLL injection incidents. This study's findings highlight each tool's strengths and limitations, which in turn enables cybersecurity professionals to make informed decisions when selecting the most suitable tool for DLL injection detection. Furthermore, the study emphasizes the importance of continuous tool development and updates to keep pace with evolving malware techniques and emerging threats. By highlighting the effectiveness of the tools, this research enhances the overall security posture of organizations and individuals, empowering them to mitigate the risks associated with DLL injection attacks proactively. The outcomes of this research project also underscore the significance of leveraging advanced tools to fortify cybersecurity defenses and safeguard critical systems and data.