Service Registry Permissions Weakness (T1058)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Service Registry Permissions Weakness

Associated Tactics

  • Persistence
  • Privilege Escalation

Persistence (TA0003)

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

View on ATT&CK

Procedure Examples

Description Source(s)
capec
Microsoft. (n.d.). Registry Key Security and Access Rights. Retrieved March 16, 2017. MSDN Registry Key Security
Hull, D. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019. TrustedSignal Service Failure
The Cyber (@r0wdy_). (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018. Twitter Service Recovery Nov 2017
Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016. TechNet Autoruns