How do sideloading techniques work in today’s runtime environment?
Join us for a free one-hour BHIS webcast with Matthew Eidelberg on proxy execution via Microsoft Edge WebView2.
Matthew will break down techniques that blur the line between legitimate app behavior and malicious activity, showing how shared runtime components are changing execution and detection boundaries.
You’ll learn how traditional sideloading concepts apply in modern environments, how WebView2 is increasingly embedded across the ecosystem, and how attackers can exploit it to bypass common detection methods.
🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/04/Proxy-Execution-with-Microsoft-Edge-Webview2.pdf
Chapters
- (00:00) - Intro - Proxy Execution with Microsoft Edge WebView2 - Matthew Eidelberg
- (00:49) - Agenda
- (01:31) - DLL Hijacking
- (04:48) - DLL Proxy Attacks
- (06:05) - Execution Flow
- (07:17) - Windows Apps
- (12:05) - What is WebView2?
- (13:21) - Webview Security Issue
- (16:42) - Domain_action.dll
- (20:01) - Weaponizing the Flaw
- (22:38) - Tooling - FaceDancer
- (24:11) - FaceDancer - Usage
- (25:32) - FaceDancer - Examples
- (27:06) - FaceDancer - Common Questions
- (30:00) - FaceDancer - Caveats
- (30:44) - Microsoft's Response Timeline
- (34:04) - Microsoft's Disclosure Process
- (36:29) - Defensive View
- (38:37) - Wrap Up
- (39:49) - Q&A
Creators & Guests
- Ryan Poirier - Producer
- Ashley Knowles - Guest
- Matthew Eidelberg - Guest
- Tom Smith - Guest
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-event-chat channel
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com
Click here to watch a video of this episode.
Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com
☯️ Introducing BHIS Fusion Penetration Testing
https://www.blackhillsinfosec.com/fusion-penetration-testing/
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
https://wildwesthackinfest.com
Click here to view the episode transcript.
Information
- Program
- FrekvensVarje vecka
- Publicerad10 juli 2026 kl. 21:06 UTC
- Längd1 tim 9 min
- Avsnitt10
- ÅldersgränsBarnvänligt
