Greetings!
I'm excited to finally put a real post up! My motivation for writing this was that I couldn't find anything else on this topic except for two articles relating to enumerating services via the service record list. I hope you enjoy, and feel free to contact me!
While I was reversing a variant of the Hidden Lynx malware family I came across something I'd never seen before and it was pretty cool. The sample hides itself from Windows' Service Manager and the Windows Service API by unlinking itself from the service record list.
more here.............http://speakingofcyber.blogspot.com/2014/08/unlinking-windows-services-from-service.html
I'm excited to finally put a real post up! My motivation for writing this was that I couldn't find anything else on this topic except for two articles relating to enumerating services via the service record list. I hope you enjoy, and feel free to contact me!
While I was reversing a variant of the Hidden Lynx malware family I came across something I'd never seen before and it was pretty cool. The sample hides itself from Windows' Service Manager and the Windows Service API by unlinking itself from the service record list.
more here.............http://speakingofcyber.blogspot.com/2014/08/unlinking-windows-services-from-service.html