NOT My work, creds to maldev academy, but as always, I want to share with you.
taskhostw.exe & sihost.exe can be used to proxy execution, only if you have GUI (RDP for example) access to them.
With sihost.exe you can enter the full path of the binary you'd like to run in the windows search bar and the result will be your binary spawning as a child of sihost.exe
When you are on w10 you can parse args to the binary. Maldev says that this thing about args cant be done on w11 (not tested).
Same thing with taskhostw.exe.
As maldev said, the fact that you need GUI access may compromise how useful it could be, but still good to know. +1
taskhostw.exe & sihost.exe can be used to proxy execution, only if you have GUI (RDP for example) access to them.
With sihost.exe you can enter the full path of the binary you'd like to run in the windows search bar and the result will be your binary spawning as a child of sihost.exe
When you are on w10 you can parse args to the binary. Maldev says that this thing about args cant be done on w11 (not tested).
Same thing with taskhostw.exe.
As maldev said, the fact that you need GUI access may compromise how useful it could be, but still good to know. +1
