Command Prompt (CMD) Obfuscation

• Description: This technique doesn't prevent commands from executing but aims to visually conceal the commands being typed or the output being displayed within the Command Prompt (cmd.exe) window during the screenshare.

• Mechanism: Involves manipulating the properties of the CMD window itself:

  • Transparency: Setting the window opacity to near-zero, making it almost invisible.

  • Color Matching: Setting the screen text color to be identical to the screen background color (e.g., black text on a black background, or white text on a white background). This renders any typed commands or output invisible against the background.

• Why Cheaters Use It: To hide actions performed via CMD (like running cleanup scripts, executing cheats, deleting files using del commands) from the ScreenSharer's real-time view, hoping they won't notice or won't check alternative logs.

• Detection:

  • Check Window Properties: If a CMD window seems unresponsive or blank, right-click on its title bar -> Properties -> Colors tab. Check if the "Screen Text" and "Screen Background" colors are identical or if opacity settings (if available/modified) are abnormal. Resetting colors to default can reveal hidden text.

  • Alternative Logs: This method only affects the visual display. The commands executed might still be logged elsewhere, such as:

    • PowerShell command history (ConsoleHost_history.txt) if commands were relayed through PowerShell.

    • Specific Event Logs (e.g., process creation logs ID 4688 if enabled and capturing command lines).

    • Traces left by the executed commands themselves (e.g., Prefetch entries for programs launched via CMD, USN Journal entries for files deleted via del).