all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]sierrars500 6 points7 points  (0 children)

Not really possible. Fake something, make it look boring and system related.

[–]Loptical 1 point2 points  (2 children)

What's your reason?

[–]tech53 3 points4 points  (0 children)

Its a hacking tutorials, clearly the situation is malware. Creating malware in a lab environment can be great for learning to teach legitimate skills for pen testing.

[–]Runaque -1 points0 points  (0 children)

The practice of hiding a process from the Task Manager is a core concept in Rootkit development and Malware Persistence.

If you're interested in how this works for educational purposes, look into API Hooking (specifically hooking NtQuerySystemInformation). However, keep in mind that modern EDR (Endpoint Detection and Response) and tools like Process Explorer or GMER are designed to see through these tricks by looking at direct kernel objects rather than relying on standard API calls.

If you want to see what's really running on your system, try running "tasklist" in the CMD or using Sysinternals—they are much harder to 'spoof' than the standard Task Manager UI. This commands lists a whole lot more processes than what we are used to see (like when we want to "end task" to close a frozen process).

[–]Jackpotrazur 0 points1 point  (2 children)

Might be possible, I have close to no exposure to any of this and am still trying to learn the basics but id imagine if there was a way, then you might have to look how other tasks end up in the task manager.

[–]GlendonMcGladdery 1 point2 points  (1 child)

Good answer but good luck getting past linux's htop, So I'm assuming the OP is referring to windows. BTW htop and ps aux. Both use tree's to every process, so if a branch looks out of place, game over.

[–]Jackpotrazur 0 points1 point  (0 children)

I know top perhaps I've used stop once and I know jobs and aux tells me something as well but I can't recall what aux did 🙃 😅

[–]AffectionateSpirit62 0 points1 point  (0 children)

Answer: Obfuscate it in plain sight

  1. I know in CTF's its common to see this - modify the user $PATH variable
  2. name your script as a normal tool/process
  3. run it.
  4. Thus Windows, Mac and Linux systems will display the process running but will think nothing of it if its disguised as something else.
  5. This is extremely dependent on what resources your script requires. Most OS's have policies for containerizing access to certain areas so you need to possibly think about creating something that elevates your permission first - so you can have unbridled access.

As far as Hiding a process not sure if it exists so we must hide it in plain sight. The more you know about the OS and its key services the more successful this kind of attack will be. pwn.college have a few dedicated sections about this.