Techniques
Sample rules
Sysinternals PsService Execution
- source: sigma
- technicques:
- t1543
- t1543.003
Description
Detects usage of Sysinternals PsService which can be abused for service reconnaissance and tampering
Detection logic
condition: selection
selection:
- OriginalFileName: psservice.exe
- Image|endswith:
- \PsService.exe
- \PsService64.exe