Suspicious Service DACL Modification Via Set-Service Cmdlet - PS (22d80745-6f2c-46da-826b-77adaededd74)

Detects usage of the "Set-Service" powershell cmdlet to configure a new SecurityDescriptor that allows a service to be hidden from other utilities such as "sc.exe", "Get-Service"...etc. (Works only in powershell 7)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Service DACL Modification Via Set-Service Cmdlet - PS (22d80745-6f2c-46da-826b-77adaededd74)	Sigma-Rules	Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	1
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2