PowerUp
Get services with unquoted paths and a space in their name.
Get-ServiceUnquoted -Verbose Get-WmiObject -class win32_service | select pathname (wmi command/lists all paths)
Get services where the current user can write to its binary path or change arguments to the binary
Get-ModifiableServiceFile -Verbose
Get the services whose configuration current user can modify
Get-ModifiableService -Verbose
Run all checks from :
PowerUp
Invoke-Allchecks
BeRoot is an executable:
.\beRoot.exe
Privesc:
Invoke-PrivEsc
Show Comments