Service Execution
Code Execution, Privilege Escalation
Execution
Creating an evil service with a netcat reverse shell:
attacker@victim
Observations
The reverse shell lives under services.exe as expected:
Windows security, application, Service Control Manager and sysmon logs provide some juicy details:
References
Last updated