Threat actors may try to gather information about registered local system services. Threat actors may obtain information about services using tools as well as OS utility commands. Threat actors may use the information from System Service Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.