Potential Privilege Escalation via Service Permissions Weakness (0f9c21f1-6a73-4b0e-9809-cb562cb8d981)

Detect modification of services configuration (ImagePath, FailureCommand and ServiceDLL) in registry by processes with Medium integrity level

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential Privilege Escalation via Service Permissions Weakness (0f9c21f1-6a73-4b0e-9809-cb562cb8d981)	Sigma-Rules	Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	1
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2