Esc

Service Binary Verification

Definition

Analyzing changes in service binary files by comparing to a source of truth.

How it works

System service applications may originate from the operating system installation or third-party applications installed with administrative privileges. These services have an entry point of some executable file-- a binary or a script. Attackers sometimes modify these executables to launch their own code. Analyzing changes in these files may uncover unauthorized activity.

Considerations

These files change for legitimate reasons when the system or software updates.
The source of truth must not be corrupted in order for this method to work.

json

References

All

External Knowledge Base

The following references were used to develop the Service Binary Verification knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

CAR-2014-02-001: Service Binary Modifications

Reference Type: External Knowledge Base Organization: MITRE Author: MITRE

Source: https://car.mitre.org/analytics/CAR-2014-02-001/

D3FEND^™

A knowledge graph of cybersecurity countermeasures