Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Hiding malware in Windows – The basics of code injection
Message
<blockquote data-quote="Eddie Morra" data-source="post: 770173"><p>Note, since Windows 8.1 you can optionally opt-in to make lsass.exe a protected process. This is a really good idea by the way because lsass.exe has been attacked before for credential theft.</p><p></p><p><a href="https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection" target="_blank">Configuring Additional LSA Protection</a></p><p></p><p>I recommend to everyone to do this but only if you understand how it works to prevent potential problems.</p><p></p><p>It should be mentioned that to attack lsass.exe normally, you'd need to be running with elevation anyway... and thus if you had administrator rights, you could always forcefully disable the protection via registry modification, but it is unlikely this would happen in the real world anyway. I've never seen a malware sample actually do this in the wild yet.</p></blockquote><p></p>
[QUOTE="Eddie Morra, post: 770173"] Note, since Windows 8.1 you can optionally opt-in to make lsass.exe a protected process. This is a really good idea by the way because lsass.exe has been attacked before for credential theft. [URL='https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection']Configuring Additional LSA Protection[/URL] I recommend to everyone to do this but only if you understand how it works to prevent potential problems. It should be mentioned that to attack lsass.exe normally, you'd need to be running with elevation anyway... and thus if you had administrator rights, you could always forcefully disable the protection via registry modification, but it is unlikely this would happen in the real world anyway. I've never seen a malware sample actually do this in the wild yet. [/QUOTE]
Insert quotes…
Verification
Post reply
Top