Unable to detect ghosttasks #25

j-wsy · 2024-04-08T04:35:54Z

Hi, love the tool.

I have a vm with a working ghosttask loaded (restarted and all that, and confirmed the ghosttask is functioning). I can see it in my regedit \tasks, and I can see it doesn't have a SD, as expected. I can see it doing the action I made it do.

Running the latest PersistenceSniper v1.16.0, I can't seem to detect it. I see a bunch of other false-positives, so the tool itself is working, but no output relating to ghosttask.

j-wsy · 2024-04-08T04:37:20Z

j-wsy · 2024-04-08T14:08:34Z

Here's another example using a ghosttask named "April1", on a separate clean vm. Could not detect using Find-AllPersistence.

Am I doing something wrong/do I need to do anything else?

last-byte · 2024-04-09T07:37:14Z

Hey there, solid copy. I’ll investigate it right away and fix it in the next minor release.

j-wsy · 2024-04-13T05:20:33Z

thanks, looking forward to it.

daniele777 · 2024-05-03T07:57:46Z

Malware is fake amsi provider?

last-byte added the bug Something isn't working label Apr 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unable to detect ghosttasks #25

Unable to detect ghosttasks #25

j-wsy commented Apr 8, 2024

j-wsy commented Apr 8, 2024

j-wsy commented Apr 8, 2024

last-byte commented Apr 9, 2024

j-wsy commented Apr 13, 2024

daniele777 commented May 3, 2024

Unable to detect ghosttasks #25

Unable to detect ghosttasks #25

Comments

j-wsy commented Apr 8, 2024

j-wsy commented Apr 8, 2024

j-wsy commented Apr 8, 2024

last-byte commented Apr 9, 2024

j-wsy commented Apr 13, 2024

daniele777 commented May 3, 2024