![Back to home Valhalla Logo](/static/valhalla-logo.png)
Rule Info
Name
Allow Service Access Using Security Descriptor Tampering Via Sc.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects suspicious DACL modifications to allow access to a service from a suspicious trustee. This can be used to override access restrictions set by previous ACLs.
Date
2023-02-28 00:00:00
Modified
None
Id
6c8fbee5-dee8-49bc-851d-c3142d02aa47
Tags
attack.persistence attack.t1543.003 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
chore: promote older rules status from `experimental` to `test` (#4651)
2024-01-01