Built off the open source project Osquery
Description: Identify all services running on your machines
What The Data Shows: Unquoted Service Paths is a widely known technique to perform privilege escalation on Windows machines – but one can also leveraged it to establish stealthy persistence by creating new services purposely vulnerable to this flaw. Look for least prevalent services to see what they are doing on machines and if they are legitimate or not. See this article for more information: https://blog.christophetd.fr/stealthier-persistence-using-new-services-purposely-vulnerable-to-path-...
SQL:
SELECT name, path FROM services WHERE path LIKE "% %" AND path LIKE "%.exe";
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.