{"id":40764,"date":"2021-05-06T21:20:00","date_gmt":"2021-05-06T21:20:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/d\/d-id\/1340948"},"modified":"2021-05-06T21:20:00","modified_gmt":"2021-05-06T21:20:00","slug":"new-techniques-emerge-for-abusing-windows-services-to-gain-system-control","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/","title":{"rendered":"New Techniques Emerge for Abusing Windows Services to Gain System Control"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">Organizations should apply principles of least privilege to mitigate threats, security researcher says.<\/span><\/p>\n<p class>Several new techniques have become available recently that give attackers a way to abuse legitimate Windows services and relatively easily escalate low-level privileges on a system to gain full control of it.<\/p>\n<p>The newer exploits take advantage of the same or similar Windows services capabilities that attackers have abused previously and work on even some of the more recent versions of the operating system, warns Antonio Cocomazzi, system engineer at SentinelOne. Cocomazzi described some of the techniques in a briefing at the Black Hat Asia 2021 virtual conference this week.<\/p>\n<p>For organizations, the biggest problem dealing with these attacks is that they abuse services that hold impersonation privileges and exist by design in Windows operating systems, Cocomazzi tells Dark Reading. The services are enabled, available by default, and play an essential part in the implementation of Web servers, database servers, mail servers, and other services, Cocomazzi says.<\/p>\n<p>&#8220;These recent techniques allow an attacker to exploit even the latest and updated Windows systems,&#8221; he says.<\/p>\n<p>An exploit known as &#8220;Juicy Potato&#8221; continues to be the most common way for attackers to escalate privileges on a Windows system using a legitimate Windows service, Cocomazzi says. SentinelOne has observed evidence of the exploit being used in multiple APT campaigns, he adds.<\/p>\n<p>There have been no signs of the new updated techniques being used in the wild, but that does not mean they are not being actively exploited.<\/p>\n<p>&#8220;Considering that those techniques have been discovered recently, it&#8217;s just a matter of time before they will be found [and] used by attackers in the future attacks,&#8221; he says.<\/p>\n<p>Juicy Potato is an exploit that allows an attacker with low-level service privileges on a Windows system to gain system level access on it. The exploit takes advantage of an impersonation privilege setting in Windows called &#8220;SeImpersonatePrivilege.&#8221; Microsoft first introduced the feature in Windows 2000 SP4, ironically enough as a security measure to prevent &#8220;<a href=\"https:\/\/docs.microsoft.com\/en-us\/troubleshoot\/windows-server\/windows-security\/seimpersonateprivilege-secreateglobalprivilege\" target=\"_blank\" rel=\"noopener noreferrer\">unauthorized servers from impersonating clients<\/a>&#8221; that connect to them remotely via remote procedure calls or what are known as named pipes.<\/p>\n<p>On systems where the service is enabled, all an attacker would need to do is download the JuicyPotato tool and use it to execute malicious code of their choice \u2014 like setting a reverse shell payload.<\/p>\n<p>&#8220;JuicyPotato tricks the DCOM activation service into performing a privileged and authenticated RPC call to a malicious RPC server under attacker control,&#8221; says Cocomazzi.<\/p>\n<p>It then executes a couple of steps that allow it to steal a token that allows the attacker to carry out malicious activity with system-level privileges.<\/p>\n<p>Microsoft has fixed the exploit in newer versions of its software. But JuicyPotato still works on every updated Windows Server until version 2016 and on every updated Windows Client machine until version 10, build 1803, he says. &nbsp;And newer versions of the so-called Potato family of exploits \u2014 such as RoguePotato and Juicy 2 \u2014 are now available&nbsp;that bypass the Microsoft fix that shut down JuicyPotato, Cocomazzi says.<\/p>\n<p>In addition, several other exploits are available that allow attackers to exploit impersonation privilege settings and other Windows services to gain system level access on Windows systems. Examples include RogueWinRM, PrintSpoofer, and Network Service Impersonation. Each of these tools exploits different Windows services and mechanisms to give attackers the most privileged access on a Windows machine: the NT Authority\/System privilege, he notes.<\/p>\n<p>&#8220;In recent years, one of the most used\/abused exploits for privilege escalation from a service compromise was the JuicyPotato,&#8221; he says. &#8220;Since then, other exploits have been seen that abuse the same concepts: coercing a more privileged service into authenticating a resource under the attacker&#8217;s control, thus allowing the attacker to steal and use the privileged authentication.&#8221;&nbsp;&nbsp;<\/p>\n<p><strong>Most Potent Threats<br \/><\/strong>Cocomazzi describes RoguePotato and PrintSpoofer as the two most potent Windows privilege escalation techniques currently available to attackers. That&#8217;s because the exploits work in every Windows client and server installation and require very few conditions to function correctly.<\/p>\n<p>PrintSpoofer exploits a highly privileged internal Windows component called a &#8220;spooler&#8221; service.<\/p>\n<p>&#8220;It does not require any external network interaction and could be run fully locally, which is ideal for an attacker,&#8221; Cocomazzi says.<\/p>\n<p>RoguePotato, meanwhile, exploits &#8220;rpcss&#8221; another critical \u2014 and highly abused \u2014 Windows service. The exploit gives attackers a way to trick rpcss to authenticate a resource under the attacker&#8217;s control so the attacker can steal and use the authentication to remotely execute code with system-level privileges. Unlike PrintSpoofer, the RoguePotato exploit requires network interaction. But it is a lot harder to mitigate because rpcss services cannot be stopped like the spooler service, Cocomazzi says.<\/p>\n<p>Web applications running on Windows servers are a favorite target. A common scenario is for attackers to gain some form of limited access to the server by compromising a Web server app like IIS or MSSQL and then using that foothold to elevate privileges.<\/p>\n<p>The best way for organizations to mitigate the threat posed by these techniques is to apply the principle of least privilege, the security researcher says. Organizations should take advantage of the Windows Service Hardening (WSH) mechanism to segregate and restrict service privileges \u2014 for example, by disabling impersonation privileges.<\/p>\n<p>&#8220;The favorite targets for attackers are the IIS Web servers, so applying some restrictions on the application pool identities used by the system could be a great way to be protected against those techniques,&#8221; Cocomazzi says.<\/p>\n<p>Using the default configuration offered by the operating system can leave organizations vulnerable to these attacks, he says.<\/p>\n<p><span class=\"italic\">Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1912\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/d\/d-id\/1340948?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Organizations should apply principles of least privilege to mitigate threats, security researcher says. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/d\/d-id\/1340948?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-40764","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Techniques Emerge for Abusing Windows Services to Gain System Control 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Techniques Emerge for Abusing Windows Services to Gain System Control 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-06T21:20:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Techniques Emerge for Abusing Windows Services to Gain System Control\",\"datePublished\":\"2021-05-06T21:20:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/\"},\"wordCount\":983,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/\",\"name\":\"New Techniques Emerge for Abusing Windows Services to Gain System Control 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"datePublished\":\"2021-05-06T21:20:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Techniques Emerge for Abusing Windows Services to Gain System Control\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Techniques Emerge for Abusing Windows Services to Gain System Control 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/","og_locale":"en_US","og_type":"article","og_title":"New Techniques Emerge for Abusing Windows Services to Gain System Control 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-06T21:20:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Techniques Emerge for Abusing Windows Services to Gain System Control","datePublished":"2021-05-06T21:20:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/"},"wordCount":983,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/","url":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/","name":"New Techniques Emerge for Abusing Windows Services to Gain System Control 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","datePublished":"2021-05-06T21:20:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-techniques-emerge-for-abusing-windows-services-to-gain-system-control\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"New Techniques Emerge for Abusing Windows Services to Gain System Control"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40764"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40764\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}