Service Binary Verification
Analyzing changes in service binary files by comparing to a source of truth.
How it works
System service applications may originate from the operating system installation or third-party applications installed with administrative privileges. These services have an entry point of some executable file-- a binary or a script. Attackers sometimes modify these executables to launch their own code. Analyzing changes in these files may uncover unauthorized activity.
- These files change for legitimate reasons when the system or software updates.
- The source of truth must not be corrupted in order for this method to work.
The following references were used to develop the Service Binary Verification knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)