Information Security Asked on October 28, 2021
I mainly use Linux so I’m not well-versed on how Windows and its privileges work. I’ve recently learned to use Metasploit and meterpreter on Windows boxes.
This answer has given an overview of how meterpreter migrates on Windows.
This article has addressed process migration on Linux
What allows process migration to work?
Process migration happens because of process injection,a technique where a process can run its code in the virtual address space of another process
Specifically in meterpreter payload its
What are the main differences between Windows and Linux in process migration?
For starters Linux doesn't use DLL,although there are more process injection that doesn't use Dll in windows(PE Injection),in linux you would uses LD_PRELOAD or ptrace
Is this migration a feature or a vulnerability?
Feature,since there are many use cases of process injection like debugging,game hacking,using themes,changing functionality of programs and anti virus stuff.
How can I defend it?
Most likely you would want to hook functions that might be used and then perform checks if you want to allow it to happen(Might break stuff), further read
Should I try to prevent process migration?
It mostly used in malwares to hide,even without using it,you can do just as much damage.So....no
Answered by yeah_well on October 28, 2021
Control of memoryspaces and job control — such as the ability to launch a process into userspace runtime, allows for process migration.
In other words, it’s a feature called “an Operating System”.
Answered by atdre on October 28, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP