Hide process(es) from task manager #61
Comments
|
This requires the RAT to launch with administrative privileges. Sorry I haven't done anything, lots of work lately and after it's done I'll get back to this. |
|
Need to exploit something to obtain administrative privileges if the user doesn't have them (as we're installing driver's). Also the driver won't be signed so it will not install on most machines, you'll need to disable driver signing (and that will only apply after a reboot). |
|
I hadn't seen that, thanks for pointing that out @dudeisbrendan03 In case the user has admin priviledges, couldn't we install the drivers, persist the RAT and then wait for the reboot (using only one reboot) before activation? It may be a cost some users are willing to take on |
|
We would have to disable signed driver enforcement (which requires elevated permissions) |
|
For Windows 7 I think it's something like that: For Windows 10: |
|
|
|
Also requires admin ^ Another idea, try and embed into another process. Maybe worth looking into it? |
|
Definitely, but is it possible to maintain? That is, hasn't micro$oft patched this yet?? |
|
It's not something that Microsoft would look into solving. It's up to the process rather than the OS. Electron apps are usually easy to inject into and are pretty common (e.g. Discord). |
|
I didn't know. I thought it was the other way around. Great idea though, definitely worth looking into |
This hides a process in some Windows versions. May be worth implementing even if it's not generic.
The text was updated successfully, but these errors were encountered: