System Services

Adversaries may abuse system services or daemons to execute commands or programs. Adversaries can execute malicious content by interacting with or creating services either locally or remotely. Many services are set to run at boot, which can aid in achieving persistence (Create or Modify System Process), but adversaries can also abuse services for one-time or temporary execution.

ID: T2018
Sub-techniques:  No sub-techniques
Tactic: Execution
Version: 1.0
Created: 03 December 2023
Last Modified: 03 December 2023
ATT&CK Reference:  T1569

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.