Skip to content

Christophe Tafani-Dereeper

Personal tech and security blog about things I like, use, dislike and misuse.

Main Navigation

  • Home
  • Cloud Security
  • Windows Security
  • Active Directory Hunting Lab
  • About me

Category: windows

Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB

christophetd 26 April 2023 21 April 2023 Leave a Comment on Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB
Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB

In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL.

Primary Sidebar


Suggestion? Question? Comment? Drop me a line via e-mail or Twitter!

Latest Posts

  • Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB 21 April 2023
  • A Tribute to Hadrien Milano 4 August 2022
  • MitM at the Edge: Abusing Cloudflare Workers 29 June 2022
  • Introducing Stratus Red Team, an Adversary Emulation Tool for the Cloud 28 January 2022
  • Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario 11 January 2022
  • Cloud Security Breaches and Vulnerabilities: 2021 in Review 22 December 2021
  • Phishing for AWS credentials via AWS SSO device code authentication 9 June 2021
  • Retrieving AWS security credentials from the AWS console 5 June 2021
  • Shifting Cloud Security Left — Scanning Infrastructure as Code for Security Issues (last updated June 2022) 20 December 2020
  • Privilege Escalation in AWS Elastic Kubernetes Service (EKS) by compromising the instance role of worker nodes 31 August 2020

Tags

aws azure bash cloudflare git kubernetes lab linux malware offensive security sftp windows windows-internals write-up

Christophe Tafani-Dereeper © 2023 . All Rights Reserved

Theme by Suri