Source |
Hacking Articles |
Identifiant |
1813229 |
Date de publication |
2020-07-14 21:12:43 (vue: 2020-07-19 13:13:17) |
Titre |
Windows Persistence: Port Monitors |
Texte |
Adversaries may use port monitors to run an attacker-supplied DLL during system boot for persistence or privilege escalation. A port monitor can be set through the AddMonitor API call to set a DLL to be loaded at startup. This DLL can be located in C:\Windows\System32 and will be loaded by the print spooler service, spoolsv.exe,... Continue reading →
|
Envoyé |
Oui |
Condensat |
addmonitor adversaries api appeared articles attacker boot call can continue dll during escalation exe first hacking loaded located may monitor monitors persistence persistence: port post print privilege reading run service set spooler spoolsv startup supplied system system32 through use will windows |
Tags |
|
Stories |
|
Notes |
|
Move |
|