KnownDLLs

KnownDLLs is a registry key in Microsoft Windows that specifies a list of DLL files that are considered "known" and safe to load. This key is used by the Windows operating system to optimize the loading of DLLs and to prevent the loading of potentially malicious DLLs. When an application requests to load a DLL, Windows first checks the KnownDLLs registry key. If the DLL is listed in this key, Windows assumes it is safe and loads it without further checks. If the DLL is not listed, Windows performs additional security checks to ensure it is safe to load.

The KnownDLLs registry key is located at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs. It contains a list of DLL file

However, the KnownDLLs mechanism can also be exploited by malicious actors. If an attacker can gain control