Update T1569.002.yaml (#2776)

* Update T1569.002.yaml Added new test Modifying ACL of Service Control Manager via SDET * correction --------- Co-authored-by: Carrie Roberts <clr2of8@gmail.com> Co-authored-by: Hare Sudhan <code@0x6c.dev>
2024-05-15 06:23:45 +05:30
parent 7bf6eaa80d
commit efa3370b62
1 changed files with 12 additions and 1 deletions
@@ -194,4 +194,15 @@ atomic_tests:
    cleanup_command: |
      sc.exe delete "WerFaultSvc"
    name: command_prompt
-    elevation_required: true
+    elevation_required: true
+- name: Modifying ACL of Service Control Manager via SDET
+  description: |
+    Modify permissions of Service Control Manager via SDSET. This allows any administrative user to escalate privilege and create a service with SYSTEM level privileges.Restart is required.
+    [Blog](https://0xv1n.github.io/posts/scmanager/)  
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      sc.exe sdset scmanager D:(A;;KA;;;WD)
+    name: command_prompt
+    elevation_required: true