Filter
Exclude
Time range
-
Near
Aircorridor@_aircorridor
3 Sep 2025
Basic persistence is for beginners! Master ADVANCED Windows backdoors that hide in IFEO debuggers, WMI subscriptions & SilentProcessExit hooks. hackers-arise.com/advanced-w… @three_cube
4
10
1,001
HADESS@Hadess_security
11 Jul 2024
40 43 74 Methods for Privilege Escalation (Linux/Windows/macOS) github.com/HadessCS/Awesome-… Abusing Capabities such as sudo Objective-C library and Heimdal APIs dylibinjection KeychainCracker TCC-ClickJacking SilentProcessExit* PW Mining in Memory #redteam #privilegeescalation
1
66
152
7,746
SEKTOR7 Institute
@SEKTOR7net
5 Mar 2024
Replying to @0gtweet
Plenty... COM hijacks, Debugger/Verifier/SilentProcessExit in IFEO, AppCert, AppInit, netsh helpers...
1
11
1,082
Stephan Berger
@malmoeb
7 Sep 2022
7/ Bonus Red-Team-Tip 😜: The "persistence" with the SilentProcessExit key is not shown on my host with AutoRuns.
1
7
Stephan Berger
@malmoeb
7 Sep 2022
3/ What a great idea to use the SilentProcessExit registry key to execute a DNS request using CMD -> PowerShell! [2]
1
5
Andrei@handrei_1
6 Sep 2021
Kevin Clark - LSASS dumper using SilentProcessExit in C# released - ShhProcessExit.cs (offensive research) #infosec #security #cybersecurity #technology gitlab.com/KevinJClark/cshar…
2
2
kevin
@GuhnooPlusLinux
5 Sep 2021
@gladiatx0r Made a C# port of that SilentProcessExit lsass dumper you were talking about on @curi0usJack's stream 2 weeks ago. No more uploading to disk 🥳. Thought you might find it useful: gitlab.com/KevinJClark/cshar…
3
42
134
Grzegorz Tworek
@0gtweet
20 Aug 2021
Replying to @felixw3000
SilentProcessExit
1
9
Samir@SBousseaden
9 Jun 2021
Interesting event via ProcessExitMonitor provider that captures all details for the IFEO SilentProcessExit Lsass memory dump technique (client process and target process) deepinstinct.com/2021/02/16/… github.com/sbousseaden/EVTX-…
1
17
68
T3nb3w@T3nb3w
22 Mar 2021
Replying to @SaudiDFIR
@SBousseaden this blog may be helpful for you:hexacorn.com/blog/2019/09/19…, since WER process is used nowadays by red teamers for dumping lsass based on SilentProcessExit but I'm pretty sure there are some artifacts left by this technique like some modified registers....

2
1
6
Neutral8✗9eR@0x009AD6_810
4 Mar 2021
GitHub - deepinstinct/LsassSilentProcessExit: Command line interface to dump LSASS memory to disk via SilentProcessExit github.com/deepinstinct/Lsas…
2
Florian Roth ⚡️
@cyb3rops
26 Feb 2021
Sigma rules to detect process memory dumping via SilentProcessExit method Blog post deepinstinct.com/2021/02/16/… Old rule by @HeirhabarovT already covered the lsass*.dmp file creations New Sigma rules github.com/Neo23x0/sigma/pul…
1
42
130
Nicolas Krassas
@Dinosn
24 Feb 2021
New LSASS Dumping Method via SilentProcessExit deepinstinct.com/2021/02/16/…
43
125
CK's Technology News@CKsTechNews
23 Feb 2021
New LSASS Dumping Method via SilentProcessExit Article: deepinstinct.com/2021/02/16/…
2
‏.‎ ‎@facuman
20 Sep 2019
Hexacorn | Blog SilentProcessExit – quick look under the hood hexacorn.com/blog/2019/09/19…
2
SANS DFIR@sansforensics
19 Sep 2019
. @hexacorn Blog: SilentProcessExit – quick look under the hood ow.ly/Y4Cz101MerZ #DFIR
2
1
Oddvar Moe
@Oddvarmoe
9 Jul 2018
Seems my discovered persistence mechanisms (GPscript.exe, depend, silentprocessexit) is now detected in the 13.90 version of autoruns. Great job @markrussinovich My research can be found here: - oddvar.moe/2018/04/10/persis… - oddvar.moe/2018/03/21/persis… - oddvar.moe/2018/04/27/gpscri… x.com/markrussinovich/status…

Persistence using GlobalFlags in Image File Execution Options – Hidden from Autoruns.exe

TL;DR – Found a technique to execute any binary file after another application is closed without being detected by Autoruns.exe. – Requires administrator rights and does not belong in userland. – C…

oddvar.moe
2
68
142
Load more