Jan 15, 2025, 09:30 PM
Hello there everyone, its been a while since i dont enter there, i stopped with malware last year to focus in some eletronics and embedded things, but this year i will try to focus most of my time into writing malware, so here is a thing that i was always curious:
How malwares execute elevated rights orders? I mean, modifying, killing and every other thing that you can make with an elevated right service, like svchost.exe or anything like that. Some time ago i read about "Privilege Escalation techniques" such as Primary Acess Token or Windows named pipes, but such things didnt answer my questions at all, because them dont make an executable, or at least an "executable order" an privileged application, instead those techniques gives for an attacker with reversed shell an elevated right shell, and thats not what i want, i searched about things that would need me to "bypass UAC restrictions" but that seemed impossible, so is there anyway to do that things? maybe the privilege escalation would do that, but idk too, im being too dumb? Also, sorry for bad english.
How malwares execute elevated rights orders? I mean, modifying, killing and every other thing that you can make with an elevated right service, like svchost.exe or anything like that. Some time ago i read about "Privilege Escalation techniques" such as Primary Acess Token or Windows named pipes, but such things didnt answer my questions at all, because them dont make an executable, or at least an "executable order" an privileged application, instead those techniques gives for an attacker with reversed shell an elevated right shell, and thats not what i want, i searched about things that would need me to "bypass UAC restrictions" but that seemed impossible, so is there anyway to do that things? maybe the privilege escalation would do that, but idk too, im being too dumb? Also, sorry for bad english.