n3t1nv4d3 n3t1nv4d3
rbmm
/ gist:8ce74bf1fd661cb0355441c90b0b090a
Created
February 9, 2024 22:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL IsParentExplorer() | |
| { | |
| if (HWND hwnd = GetShellWindow()) | |
| { | |
| ULONG dwProcessId; | |
| if (GetWindowThreadProcessId(hwnd, &dwProcessId)) | |
| { | |
| PROCESS_BASIC_INFORMATION pbi; | |
| if (0 <= NtQueryInformationProcess(NtCurrentProcess(), ProcessBasicInformation, &pbi, sizeof(pbi), 0)) | |
| { |
WKL-Sec
/ ParentProcessValidator.cpp
Created
February 9, 2024 13:47
This C++ code snippet demonstrates how to verify if an executable is launched by explorer.exe to enhance security during red team operations.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # White Knight Labs - Offensive Development | |
| # Guardrails - Parent Process Check | |
| #include <windows.h> | |
| #include <tlhelp32.h> | |
| #include <psapi.h> | |
| #include <tchar.h> | |
| #include <iostream> | |
| // Function to get the ID of the parent process |