BHIS Webcasts

Proxy Execution with Microsoft Edge WebView2 - Matthew Eidelberg

How do sideloading techniques work in today’s runtime environment?

Join us for a free one-hour BHIS webcast with Matthew Eidelberg on proxy execution via Microsoft Edge WebView2.

Matthew will break down techniques that blur the line between legitimate app behavior and malicious activity, showing how shared runtime components are changing execution and detection boundaries.

You’ll learn how traditional sideloading concepts apply in modern environments, how WebView2 is increasingly embedded across the ecosystem, and how attackers can exploit it to bypass common detection methods.


🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/04/Proxy-Execution-with-Microsoft-Edge-Webview2.pdf

Chapters

  • (00:00) - Intro - Proxy Execution with Microsoft Edge WebView2 - Matthew Eidelberg
  • (00:49) - Agenda
  • (01:31) - DLL Hijacking
  • (04:48) - DLL Proxy Attacks
  • (06:05) - Execution Flow
  • (07:17) - Windows Apps
  • (12:05) - What is WebView2?
  • (13:21) - Webview Security Issue
  • (16:42) - Domain_action.dll
  • (20:01) - Weaponizing the Flaw
  • (22:38) - Tooling - FaceDancer
  • (24:11) - FaceDancer - Usage
  • (25:32) - FaceDancer - Examples
  • (27:06) - FaceDancer - Common Questions
  • (30:00) - FaceDancer - Caveats
  • (30:44) - Microsoft's Response Timeline
  • (34:04) - Microsoft's Disclosure Process
  • (36:29) - Defensive View
  • (38:37) - Wrap Up
  • (39:49) - Q&A

Creators & Guests

  • Ryan Poirier - Producer
  • Ashley Knowles - Guest
  • Matthew Eidelberg - Guest
  • Tom Smith - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-event-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


☯️ Introducing BHIS Fusion Penetration Testing
https://www.blackhillsinfosec.com/fusion-penetration-testing/

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.