Iron Castle Systems

Skip to content

VMware
AWS
Powershell
Security
Projects
Misc.
Client Access
About

Search for:

Malicious Process Environment Block Manipulation, (Fri, Jan 9th)

January 9, 2026 David Leave a comment

This post was originally published on this site

Reverse engineers must have a good understanding of the environment where malware are executed (read: the operating system). In a previous diary, I talked about malicious code that could be executed when loading a DLL[1]. Today, I’ll show you how a malware can hide suspicious information related to created processes.

Post navigation

Previous PostAnalysis using Gephi with DShield Sensor Data, (Wed, Jan 7th)Next PostYARA-X 1.11.0 Release: Hash Function Warnings, (Sun, Jan 11th)

Leave a Reply Cancel reply

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

VMware

SANS Security

"How many states are there in the United States?", (Sun, Jan 18th) January 18, 2026
Wireshark 4.6.3 Released, (Sat, Jan 17th) January 17, 2026
ISC Stormcast For Friday, January 16th, 2026 https://isc.sans.edu/podcastdetail/9770, (Fri, Jan 16th) January 16, 2026
Battling Cryptojacking, Botnets, and IABs [Guest Diary], (Thu, Jan 15th) January 15, 2026
ISC Stormcast For Thursday, January 15th, 2026 https://isc.sans.edu/podcastdetail/9768, (Thu, Jan 15th) January 15, 2026

AWS

Amazon EC2 X8i instances powered by custom Intel Xeon 6 processors are generally available for memory-intensive workloads January 15, 2026
Opening the AWS European Sovereign Cloud January 15, 2026
AWS Weekly Roundup: AWS Lambda for .NET 10, AWS Client VPN quickstart, Best of AWS re:Invent, and more (January 12, 2026) January 12, 2026
Happy New Year! AWS Weekly Roundup: 10,000 AIdeas Competition, Amazon EC2, Amazon ECS Managed Instances and more (January 5, 2026) January 5, 2026
AWS Weekly Roundup: Amazon ECS, Amazon CloudWatch, Amazon Cognito and more (December 15, 2025) December 15, 2025

Microsoft

Announcing Open to Work: How to Get Ahead in the Age of AI January 13, 2026
Microsoft announces acquisition of Osmos to accelerate autonomous data engineering in Fabric January 5, 2026
From idea to deployment: The complete lifecycle of AI on display at Ignite 2025 November 18, 2025
Microsoft, NVIDIA and Anthropic announce strategic partnerships November 18, 2025
Infinite scale: The architecture behind the Azure AI superfactory November 12, 2025

Iron Castle Systems

Tag Cloud

AWS
Microsoft
Powershell
SANS
Security
Virtualization
VMware

Recent Posts

"How many states are there in the United States?", (Sun, Jan 18th) January 18, 2026
Amazon EC2 X8i instances powered by custom Intel Xeon 6 processors are generally available for memory-intensive workloads January 15, 2026
Battling Cryptojacking, Botnets, and IABs [Guest Diary], (Thu, Jan 15th) January 15, 2026
Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain, (Wed, Jan 14th) January 14, 2026
January 2026 Microsoft Patch Tuesday Summary, (Tue, Jan 13th) January 13, 2026

Archives

Iron Castle System info@ironcastle.net Proudly powered by WordPress Theme - twentyfourteen

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}