| ID | Name |
|---|---|
| ATAGS-T1064.001 | Launchctl |
| ATAGS-T1064.002 | Service Execution |
| ATAGS-T1064.003 | Systemctl |
Threat actors may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (services.exe) is an interface to manage and manipulate services. The service control manager is accessible to users via GUI components as well as system utilities such as sc.exe and Net.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.