## What allows meterpreter to migrate processes and how to defend against it?

I mainly use Linux so I’m not well-versed on how Windows and its privileges work. I’ve recently learned to use Metasploit and meterpreter on Windows boxes.

# Previous research

This answer has given an overview of how meterpreter migrates on Windows.
This article has addressed process migration on Linux

# My questions

1. What allows process migration to work?
2. What are the main differences between Windows and Linux in process migration?
3. Is this migration a feature or a vulnerability?
4. How can I defend it?
5. Should I try to prevent process migration?

## Count number of ways in which atomic operation(s) of n different processes can be interleaved

PROBLEM: Count the number of ways in which atomic operation(s) of n different processes can be interleaved. A process may crash mid way before completion.

Suppose there are a total of n different processes – P1, P2, P3 …. , Pn.

Each process can have a variable number of atomic operation(s) that constitutes that process, but it should have at least one operation.

EXAMPLE

Consider two processes, P1 and P2

• P1: 1o1; 1o2; 1o3; 1o4; 1o5; 1o6;
• P2: 2o1; 2o2; 2o3;

where 1o1 denotes first operation of process P1.

Attempt:

Fix position of all operations of process P1, then count the number of ways in which the operations of process P2 can be placed in empty positions( __ ) created between operations of process P1, as shown below:

`__ 1o1 __ 1o2 __ 1o3 __ 1o4 __ 1o5 __ 1o6 __`

There are seven empty positions numbered 1 to 7.

Counting: (Note that the numbers below (like `1 2 3`) denote the empty position number.)

``> Case1: When all three operations of P2 are placed in consecutive empty positions.    1 2 3    2 3 4    3 4 5    4 5 6    5 6 7    We have a total of 5 ordering possible for empty positions.   > Case2: When operations of P2 are placed in two consecutive empty positions taken together.    1 2 3   2 3 4   3 4 5   4 5 6   5 6 7    1 2 4   2 3 5   3 4 6   4 5 7    1 2 5   2 3 6   3 4 7    1 2 6   2 3 7    1 2 7    First cell in every column has already been counted in previous case. We have a total   of (5 - 1) + (4 - 1) + (3 - 1) + (2 - 1) + (1 - 1) = 10 ordering possible for empty    positions.    A similar argument can be made for last two consecutive empty positions taken together,   that gives us a total of another 10 ordering possible for empty positions.   > Case3: These are those cases that do not have empty positions numbered 8 and 9 for them.    6 7 8    7 8 9  > Case4: When operations may crash mid way before completion.   An 'x' denotes position where a crash is possible and process (here P2) terminates.    1x 2x 3    2x 3x 4    3x 4x 5    4x 5x 6    5x 6x 7    6x 7x 8    7x 8x 9    There is a total of 14 'x's possible.      Note: I have not put a cross after last empty position number because I am assuming that   a process will complete at this stage. You may correct my assumption if this is   wrong and should not be assumed in the first place. ``

Adding all 4 cases: `5 + 2*10 + 2 + 14 = 41`. There are 41 possible ways to interleave operations processes P1 and P2.

As you can see, counting like this is cumbersome and error prone. I have missed cases.

How can this counting problem be generalised? Please see the problem statement at the top of the question.

## Why processes on the internet are not required to use TCP or UDP?

Here is an excerpt from Andrew S. Tanenbaum, Computer Networks, 5th edition, Chapter 5 (The Network layer), Page 455:

[Fifth, processes on the Internet are not required to use TCP or UDP. If a user on machine A decides to use some new transport protocol to talk to a user on machine B (for example, for a multimedia application), introduction of a NAT box will cause the application to fail because the NAT box will not be able to locate the TCP Source port correctly.]

My question is in this context what does processes means? Is it a process of data exchange between routers? And why processes on the internet are not required to use TCP or UDP? Isn’t it apart of IP protocol and thus it will be used on the internet?

## How are scientific research projects planned? In particular computer science, but possibly there exists processes for all research?

Possibly some context: Take any research endeavor. Finding a vaccine. Going to the moon. Clean energy. I don’t have a background in these scientific areas so picking one closer to home (Comp Sci) might be better. But the idea is how to battle the Unknowns? How to do it economically? How to make progress while not getting analysis paralysis?

Some might suggest a scrum, or an agile process try to solve these questions. I’m not certain that they address the same level or kinds of Unknowns.

Are there previous experiences that work, and those that don’t work? And why? The questions grows on the way forward through unknowns, and by definition the Unknown doesn’t exactly have a road map, and new context is developed regularly.

This maybe simply the question of the ‘meta’ variety: Is there research on comp sci research? If so does Comp Sci research have approaches or techniques that they rely on?

## Would an anti-virus software make any other processes consume more CPU?

Would an anti-virus software make any other processes that it scans to consume more CPU?

We recently switched to a new Next-Gen, AI based Anti-Virus software. On couple of our Linux servers that runs Java processes, there has been frequent high spikes in CPU usage recently. Apparently, it is Java that is the highest consumer of CPU while the anti-virus process isn’t using a lot. I am pretty sure that it is not the anti-virus behind the higher CPU usage since the these spikes started a couple of days before even the AV software was installed. So, right now, I am in the process on convincing others that it is not the anti-virus (trust me, no one is believing what they see at top -c) . Before I go back to the team, I would like to make sure that when anti-virus scans every single file that gets opened by other processes, the resultant CPU usage would show up against the anti-virus process and not against the process that opens the file. Is this how it will appear in CPU usage stats?

Server run Amazon Linux and the Anti-Virus is Crowdstrike Falcon.

## Finding the timestamps of processes implementing Lamport’s clocks

I have been asked this question, but don’t know how to go about answering it.

Three process, which are implementing Lamport’s clocks, are running and a lot of events are taking, place including some messages being sent between the processes. The arrows and circles represent in-processor events and messages being sent between process. Assume all clocks starts on 0 and the time goes from left to right. Provide the logical timestamps associated with each event.

To my understadning each circle will mean +1 increase in the proccess clock and the arrows means that it should add the time from where the process is from +1 to the process which receives the arrow. Is this a correct understanding of the task or am I missing something?

## how to write a function to show lists of running processes or while loop functions in php

Please i have a while loop function that am using to insert data into my database periodically, for some reasons i found out that while loop is more easy to use than cronjob, while loop runs without anyone having to visit the site, but my problem is that once a while loop is started it keeps running even if you delete the codes from your php file, it keeps running, and if you amend the code with new values and start it again both the old loop and the new one keeps running. My question is how can i write a php function that will list out all current running loop processes in my webhost or server and then use another code to end or stop or remove it from running?

Below is my code

``\$  date = date('Y-h-m H:i:s'); \$  counter = 0; while(\$  counter < 10){      \$  wpdb->query("INSERT INTO a_boy (username, password) VALUES ('cash', \$  date)");     \$  counter + 1;     sleep(60); } ``

## How do I Isolate users and their processes on linux [migrated]

I was working with one of my systems and set it to isolate users and their processes. For example:

``[user@server] \$   ps aux ``

shows only processes started by that user, not every process on the system.

``[root@server] # ps aux ``

shows everything.

It works well but unfortunately I didn’t note what I did and now can’t remember how to reproduce it on a new server – this is not the default behavior on Debian or RH. Can anyone please point me in the right direction?

## Monitoring Parallel Processes

I have a problem where my `For` loop will not get rid of my `PrintTemporary` monitor, and it means I end up with loads and loads of progress bars.

``(* set number of kerlnels to use *)  numkernel = 4;  (* how high do you want to count to? *)  iterations = 15;   (* for monitoring progress over multiple kernels *)  progress[current_, total_] :=   Column[{StringRiffle[ToString /@ {current, total}, " of "],     ProgressIndicator[current, {0, total}]}, Alignment -> Center]  (* counting very slowly *)  takeyourtime[howmany_, kernelnum_] := Module[{},    For[i = 1, i <= howmany, i++,     status[[Key[\$  KernelID]]] = <|       "Kernel" -> "Kernel " <> ToString@kernelnum,        "Monitor" -> progress[i, howmany]|>;     Pause[1];     ];   ]  (* will count up to iterations, k times over numkernel kernels *)  For[k = 1, k <= 3, k = k + 1;,   Print[k];    (*clean up*)   Clear[parrallel];   (* how to divide the counting *)   division = Round[iterations/numkernel];   (* remainder on the first kernel *)   divisionmod =    Round[iterations/numkernel] + Mod[iterations, numkernel];   (* put the first evaluation in, with the remainder*)   parrallel = {Hold[ParallelSubmit[{takeyourtime[divisionmod, 1]}]]};   (*for number of kernels, set up the parrallel stuff *)   For[i = 2, i <=  numkernel, i++ ,    parrallel =     Append[parrallel,      Hold[ParallelSubmit[{takeyourtime[division, 1]}]]];   (*to this, so we can add i and do the monitoring better,    have to be careful when expressions are evaluated,    want to keep that for the parralel bit *)    parrallel[[i]] =     StringReplace[ToString[parrallel[[i]]],      ", i]" -> ", " <> ToString[i] <> "]"];   parrallel[[i]] = ToExpression[parrallel[[i]]];   ] ;   LaunchKernels[];   (* the monitoring variable we will print *)   status =    Association @@     ParallelTable[$$KernelID -> <|"Kernel" -> "", "Monitor" -> ""|>, {i,$$KernelCount}];   (*distribute the required definitions around the kernels *)   DistributeDefinitions[takeyourtime, division, divisionmod ];   SetSharedVariable[status];   (* this is the monitoring bit *)   PrintTemporary[   Dynamic[Row[     Riffle[Column[#, Alignment -> Center] & /@        Query[Values, Values]@Select[#"Monitor" =!= "" &]@status,       Spacer[5]]]]];   (*execute the parralel process *)   results = WaitAll[ReleaseHold[parrallel]];   CloseKernels[];  ] ``

## In Markov Decision Processes, why does R0 get skipped?

I’m in the process of learning the MDP, and a pretty small thing is bugging me. Everywhere I look, I see the order of things go in this order:

$$S_{0}, A_{0}, R_{1}, S_{1}, A_{1}, R_{2}, \ldots, A_{t}, S_{t}, R_{t}$$

My question is, why did $$R_{0}$$ get skipped?