Insecure Services

MITRE ATT&CK™ Hijack Execution Flow - Technique T1574

Theory

One of the basic features of Microsoft Windows is the ability to run services. These are background processes, similar to Unix deamons. They are managed by the Service Control Manager. If they are misconfigured, as they usually run as a local system account, they can lead to privilege escalation.

Practice

Enumerate

pageProcesses & Services

Exploit

pageWeak Service Permissions pageWeak File/Folder Permissions pageWeak Registry Permissions pageUnquoted Service Path

Last updated 7 months ago