Attack Tool(s): PsExec, PowerShell, ServiceController, Malware
- PsExec: https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
- PowerShell: Native Windows tool.
- ServiceController: .NET class, no external link.
- Malware: General term.
Detection Link(s):
- Endpoint Analysis
- Endpoint Security Protection Analysis
- Security Information and Event Management (SIEM) Log Analysis
Helpful Blogs (BHIS):
- “Digging Deeper: Vulnerable Windows Services” – https://www.blackhillsinfosec.com/digging-deeper-vulnerable-windows-services – Service manipulation.
