Nssm-2.24 Exploit -
The following proof-of-concept exploit demonstrates the vulnerability:
// Start the service with the malicious configuration file STARTUPINFOA si; PROCESS_INFORMATION pi; ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); ZeroMemory(&pi, sizeof(pi)); nssm-2.24 exploit
: Configure EDR rules to trigger alerts when nssm.exe creates new services outside of scheduled maintenance windows or when it executes from non-standard paths. si.cb = sizeof(si)
The Video File Blog