Stealth Persistence aka RID Hijacking
- by Vince
-
in Blog
-
Hits: 338
Somehow you make your way onto a system and perhaps you want to maintain that access. There are a number of reasons and methods for maintaining persistence and one such method is RID Hijacking. The short of it is this -- each account is assigned a relative identifier (RID). The Administrator account is assigned 500 and user accounts begin at 1000. If we modify a user account and assign it the same RID as the Administrator account, for all intents and purposes, we are an administrator.