ServiceUI Trick
Key Takeaways
The video demonstrates how to use ServiceUI.exe as an execution cradle to run malicious code as SYSTEM via scheduled tasks or a GUI trick, leveraging its legitimate Microsoft-signed status to evade detection rules.
Full Transcript
Say we want to gain an interactive system shell. Now, we've covered this in a couple other videos. Normally noting, okay, you could do this via the taskuler or scheduled tasks on Windows. And Richard Davey walks through this operation where you can do this via the graphical user interface, just setting up a new task and then having it run service UI with whatever you want and then it'll execute as system. and he showcases this query user technique as you would to be able to find a specific loon session but that would get you where you want to go. So on its own service UI.exe still can act as like a sort of execution cradle and I think that's a point worth mentioning here it is service UI.exe exe and that is a super teeny weeny small and tiny trit trivial thing where it could potentially break some detections detection rules hunting for execution of malicious binary out of the blue well now if it's coming from trusted legitimate real Microsoft signed binary that is not something you have rules for eh just one thing staging that could still mean a really simple proxy execution context so that you don't have a child process out of Explorer.exe or wherever, whatever.
Original Description
ServiceUI.exe can be used as an execution “cradle” to run stuff as SYSTEM via scheduled tasks or a GUI trick. It’s a tiny staging move, but because it’s a legit, Microsoft-signed binary, it can dodge simple execution rules and make detections miss the activity.
Full video: https://youtu.be/4caJw0JJZTQ?si=MRURypK1eW2O5LMu
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from John Hammond · John Hammond · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
Tutorials? MySQL connection with PHP and Bash!
John Hammond
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
JavaScript Splits The URL!
John Hammond
HTML Tables in Python!
John Hammond
HTML, Net Shares, GML!
John Hammond
Python 08 Programming Style and Comments
John Hammond
Python 26 Object Oriented Programming
John Hammond
75 Python Tutorials, Out Now!
John Hammond
Batch 14 Mathematical Expressions
John Hammond
Batch 85 Array Append
John Hammond
Batch 86 Array Count
John Hammond
Batch 87 Array Index
John Hammond
Batch 88 Array Insert
John Hammond
Batch 89 Array Remove
John Hammond
Batch 90 Array Reverse
John Hammond
Python [colorama] 00 Installing on Linux
John Hammond
Python [colorama] 09 Cursor Position
John Hammond
Python [hashlib] 02 Algorithms
John Hammond
Python 00 Installing IDLE on Linux
John Hammond
Python [pygame] 11 Rectangular Collision Detection
John Hammond
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
Python [XML-RPC] 01 Research
John Hammond
Python [pyenchant] 03 Personal Word Lists
John Hammond
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
Python 04: PEP8 Coding
John Hammond
Python Challenge! 17 COOKIES
John Hammond
Google CTF 2016: Ernst Echidna
John Hammond
Google CTF 2016: Spotted Quoll
John Hammond
Google CTF 2016: Can you Repo It?
John Hammond
Google CTF 2016: No Big Deal
John Hammond
Google CTF 2016: In Recorded Conversation
John Hammond
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
Homemade CTF Challenge: 04 "UPX"
John Hammond
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
Juniors CTF 2016 :: Six Strange Tales
John Hammond
Juniors CTF 2016 :: Lost Code
John Hammond
Juniors CTF 2016 :: Here Goes!
John Hammond
Juniors CTF 2016 :: Southern Cross
John Hammond
Juniors CTF 2016 :: Clone Attack
John Hammond
Juniors CTF 2016 :: Dirty Repo
John Hammond
Juniors CTF 2016 :: Hackers Blog
John Hammond
Juniors CTF 2016 :: Voting!!!
John Hammond
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
Juniors CTF 2016 :: Stop Thief!
John Hammond
Juniors CTF 2016 :: ROFL
John Hammond
Juniors CTF 2016 :: Restriced Area
John Hammond
Juniors CTF 2016 :: Oh SSH!
John Hammond
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
HackCon CTF 2017 "Bacche" Challenges
John Hammond
More on: AI Security
View skill →Related Reads
📰
📰
📰
📰
Broadcom extends its Apple chip work through 2031 in a fresh custom-silicon deal
The Next Web AI
How Nations Are Deploying AI for Strategic Priorities
NVIDIA AI Blog
There Are Three Levels of Using AI. Most People Are Stuck on Level One.
Medium · AI
"AI Can’t Replace Humans" Might Be the Most Dangerous Career Advice of This Decade.
Medium · AI
🎓
Tutor Explanation
DeepCamp AI