Exploring Svchost.exe with Powershell…
The company I work for recently launched its own blog; providing the opportunity to itself – as well as us who work for it – to get closer to our customers and product followers. The company blog further enables the opportunity to share our experiences, thoughts and opinions based on what we do on a daily basis i.e. work with really cool technology, and finding ways to apply that technology and knowledge to our product sets.
During the weekend of 29th June, I was hacking at some work at home and noticed a number of svchost.exe processes running on my machine…and wanted to investigate more their origins, usage and exploitation method possibilities by malware.
As part of the investigation, I put together a three part article for the company blog which I am posting links to here too.
- In part 1, I introduce the topic; its usage and why it is something that we should understand more about.
- In part 2, I go into more depth about how the operating system makes use of this Host Process for its needs.
- In part 3, I show you how to create a Powershell script which can be used to investigate and discover potential malware which can be hiding behind this innocent-looking process on your own machines.
As always, feedback welcome…
…Andre’
RSS - Posts