From 27e63abcc4aef1581d184194e7a257202b4424ba Mon Sep 17 00:00:00 2001 From: yugoslavskiy Date: Tue, 5 Nov 2019 02:57:15 +0300 Subject: [PATCH] Update and rename win_custom_service_execution.yml to win_service_execution.yml --- ...n_custom_service_execution.yml => win_service_execution.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename rules/windows/process_creation/{win_custom_service_execution.yml => win_service_execution.yml} (95%) diff --git a/rules/windows/process_creation/win_custom_service_execution.yml b/rules/windows/process_creation/win_service_execution.yml similarity index 95% rename from rules/windows/process_creation/win_custom_service_execution.yml rename to rules/windows/process_creation/win_service_execution.yml index ff9b9e25..2c409f12 100644 --- a/rules/windows/process_creation/win_custom_service_execution.yml +++ b/rules/windows/process_creation/win_service_execution.yml @@ -1,4 +1,4 @@ -title: Custom Service Execution +title: Service Execution status: experimental description: Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager. This can be done by either creating a new service or modifying an existing service. This technique is the execution used in conjunction with New Service and Modify Existing Service during service persistence or privilege escalation. author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community