diff --git a/Windows/Discovery/Query Registry.md b/Windows/Discovery/Query_Registry.md
similarity index 100%
rename from Windows/Discovery/Query Registry.md
rename to Windows/Discovery/Query_Registry.md
diff --git a/Windows/Discovery/Remote System Discovery.md b/Windows/Discovery/Remote_System_Discovery.md
similarity index 100%
rename from Windows/Discovery/Remote System Discovery.md
rename to Windows/Discovery/Remote_System_Discovery.md
diff --git a/Windows/Discovery/System Information Discovery.md b/Windows/Discovery/System_Information_Discovery.md
similarity index 100%
rename from Windows/Discovery/System Information Discovery.md
rename to Windows/Discovery/System_Information_Discovery.md
diff --git a/Windows/Discovery/System Owner-User Discovery.md b/Windows/Discovery/System_Owner-User_Discovery.md
similarity index 100%
rename from Windows/Discovery/System Owner-User Discovery.md
rename to Windows/Discovery/System_Owner-User_Discovery.md
diff --git a/Windows/Discovery/System_Service_Discovery.md b/Windows/Discovery/System_Service_Discovery.md
new file mode 100644
index 00000000..55b0562c
--- /dev/null
+++ b/Windows/Discovery/System_Service_Discovery.md
@@ -0,0 +1,36 @@
+## System Service Discovery
+
+MITRE ATT&CK Technique: [T1007](https://attack.mitre.org/wiki/Technique/T1007)
+
+## Tasklist.exe
+
+Input:
+
+    tasklist.exe
+
+## sc.exe
+
+Input:
+
+    sc query
+
+Input:
+
+    sc query state= all
+
+Start/Stop a service
+
+    sc start <service name>
+
+Stop:
+
+    sc stop <service name>
+
+
+GUI:
+
+    services.msc
+
+## WMIC.exe
+
+    wmic service where (displayname like "%<whatever>%") get name
diff --git a/Windows/Payloads/Discovery.bat b/Windows/Payloads/Discovery.bat
index c2038750..8c51854a 100644
--- a/Windows/Payloads/Discovery.bat
+++ b/Windows/Payloads/Discovery.bat
@@ -8,6 +8,7 @@ net config workstation
 net accounts
 net accounts /domain
 net view
+sc query
 reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows"
 reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
 reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce