DetailedDraft

CAPEC-550Install New Service

Abstraction
Detailed
Status
Draft

Description

When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.

Related weaknesses· 1

CWE-284

MITRE ATT&CK crosswalk· 1

T1543: Create or Modify System Process

Related attack patterns· 1

CAPEC-542 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live

Related to1

TypeTargetConfidenceTier
TechniqueCreate or Modify System Processt1543100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Modify Existing Service
CAPEC
Install Rootkit
CAPEC
Modification of Windows Service Configuration
Technique
System Services
CAPEC
Services Footprinting
CAPEC
Replace Trusted Executable
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.