Malicious Powershell Executed As A Service

Malicious Powershell Executed As A Service

Description

This detection is to identify the abuse the Windows SC.exe to execute malicious commands or payloads via PowerShell.

   Help

Malicious Powershell Executed As A Service Help

To successfully implement this search, you need to be ingesting Windows System logs with the Service name, Service File Name Service Start type, and Service Type from your endpoints.

   Search

Open in Search