Techniques
Sample rules
Start Windows Service Via Net.EXE
- source: sigma
- technicques:
- t1569
- t1569.002
Description
Detects the usage of the “net.exe” command to start a service using the “start” flag
Detection logic
condition: all of selection_*
selection_cli:
CommandLine|contains: ' start '
selection_img:
- Image|endswith:
- \net.exe
- \net1.exe
- OriginalFileName:
- net.exe
- net1.exe