A service is a program that runs in the background without any user interface, and it provides core operating system features such as event logging, printing, error reporting, and so on. An adversary with Administrator privilege can persist on the system by installing the malicious program as a service or by modifying an existing service. For an adversary, the advantage of using the service is that it can be set to start automatically when the operating system starts, and it mostly runs with a privileged account such as SYSTEM; this allows an attacker to elevate privileges. An attacker may implement the malicious program as an EXE, DLL, or kernel driver and run it as a service. Windows supports various service types, and the ...