Skip to content

geekjy/EvilSvc_rust

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

Persisting in svchost.exe with a Service DLL for rust This is a quick lab that looks into a persistence mechanism that relies on installing a new Windows service, that will be hosted by an svchost.exe process.

Overview At a high level, this is how the technique works:

Create a service EvilSvc.dll DLL (the DLL that will be loaded into an svchost.exe) with the code we want executed on each system reboot

Create a new service EvilSvc with binPath= svchost.exe

Add the ServiceDll value to EvilSvc service and point it to the service DLL compiled in step 1

Modify HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost to specify under which group your service should be loaded into

Start EvilSvc service

The EvilSvc is started and its service DLL EvilSvc.dll is loaded into an svchost.exe

About

Persisting in svchost.exe with a Service DLL for rust

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages