Processes

A process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system (OS), a process may be made up of multiple threads of execution that execute instructions concurrently

Crear un proceso hijo mediante la función fork de Linux (en Bash y en PowerShell mediante WSL)

Código para crear un proceso hijo mediante la función fork

Código para PowerShell

Código ejecutado en PowerShell mediante WSL (el resultado es un poco extraño a la hora de obtener los identificadores de proceso tanto del proceso padre como del proceso hijo) Código ejecutado en Bash (los identificadores de proceso del padre y del hijo son normales)

pspy – unprivileged linux process snooping

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea. The tool gathers it’s info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes. Getting started Get the tool onto the Linux machine you want to inspect. First get the […]

forkstat

Forkstat is a program that logs process fork(), exec() and exit() activity. It is useful for monitoring system behaviour and to track down rogue processes that are spawning off processes and potentially abusing the system. Note that forkstat uses the Linux netlink connector to gather process activity and this may miss events if the system is overly busy. Netlink connector also requires root privilege. forkstat command line options: -d strip off the directory path from the process name -D specify run duration in seconds. -e select which events to monitor. -h show brief help summary -l set stdout to line-buffered […]

Mostrar los procesos que se están ejecutando en Windows con WMIC

Process Monitor v3.40

Introduction Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. Download https://docs.microsoft.com/es-es/sysinternals/downloads/procmon

Iniciar varios trabajos en segundo plano con PowerShell