In the context of this monitoring feature, we use the term silent exit to mean that the monitored process terminates in one of the following ways:
self termination
the monitored process terminates itself by calling ExitProcess.
cross-process termination
a second process terminates the monitored process by calling TerminateProcess.
The monitoring feature does not detect normal process termination that happens when the last thread of the process exits. The monitoring feature does not detect process termination that is initiated by kernel-mode code.
In the context of this monitoring feature, we use the term silent exit to mean that the monitored process terminates in one of the following ways:
ExitProcess
.TerminateProcess
.The monitoring feature does not detect normal process termination that happens when the last thread of the process exits. The monitoring feature does not detect process termination that is initiated by kernel-mode code.
source
Атакующему необходимо добавить 3 значения в реестр, чтобы закрепиться на узле:
Resolves #182