Insecure Services

MITRE ATT&CK™ Hijack Execution Flow - Technique T1574

Theory

One of the basic features of Microsoft Windows is the ability to run services. These are background processes, similar to Unix deamons. They are managed by the Service Control Manager. If they are misconfigured, as they usually run as a local system account, they can lead to privilege escalation.

Practice

Enumerate

Processes & Services

Exploit

Weak Service Permissions Weak File/Folder Permissions Weak Registry Permissions Unquoted Service Path

Last updated 1 year ago

Was this helpful?