LAB: Windows DLL anomaly detection script in Python
New post out at https://guppysecurity.com/windows-dll-anomaly-detection-script/. Check it out to learn about DLLs and why detecting anomalies in the DLLs loaded by your running processes is a good idea.
In this LAB you will create a Python script that will be able to
List the DLLs loaded by all running processes
Verify the signers of the DLLs
Verify the validity of the DLLs’ certificates
Identify anomalies in the list of loaded DLLs