Hide your persistence user in Windows 10

Because 'pwnedlol' on the lock screen stands out

15 May 2016

So, as newer versions of Windows become mainstream, it’s always a good idea to think about what you might have to do to adapt old habits to new circumstances.

A popular option during an engagement to establish persistence on a host is to simply create a privileged account to work from. However, Windows 10 puts accounts on the lock screen by default, which for obvious reasons should be avoided.

I found an article today that actually talks about how to disable this behavior per-account, which is sweet!

The relevant registry key is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

To which you’ll be adding the new Keys

SpecialAccounts\UserList

And then your persistence user as a DWORD with a value of ‘0’

Voila, hidden account!


by:
0meta Staff

(blog@0metasecurity.com)