cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Follow the latest information and updates available on the FireEye and SolarWinds situations here.

Stealthier persistence using new services purposely vulnerable to path interception

Description: Identify all services running on your machines 

What The Data Shows: Unquoted Service Paths is a widely known technique to perform privilege escalation on Windows machines – but one can also leveraged it to establish stealthy persistence by creating new services purposely vulnerable to this flaw. Look for least prevalent services to see what they are doing on machines and if they are legitimate or not. See this article for more information: https://blog.christophetd.fr/stealthier-persistence-using-new-services-purposely-vulnerable-to-path-...

SQL: 

SELECT name, path FROM services WHERE path LIKE "% %" AND path LIKE "%.exe";

 

1 Comment
Carbon Black Employee
Status changed to: Approved