<<< Hide Navigation Hide TOC >>>
Abuse of Service Permissions to Hide Services Via Set-Service - PS (953945c5-22fe-4a92-9f8a-a9edc1e522da)
Detects usage of the "Set-Service" powershell cmdlet to configure a new SecurityDescriptor that allows a service to be hidden from other utilities such as "sc.exe", "Get-Service"...etc. (Works only in powershell 7)
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) | Attack Pattern | Abuse of Service Permissions to Hide Services Via Set-Service - PS (953945c5-22fe-4a92-9f8a-a9edc1e522da) | Sigma-Rules | 1 |
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) | Attack Pattern | Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) | Attack Pattern | 2 |