wmic service get name,displayname,pathname,startmode | findstr /i "nssm" Use code with caution. Copied to clipboard Look for a
: Because NSSM is designed to keep services running no matter what, threat actors often use it to ensure their backdoors or coinminers (like XMRig) stay active on compromised systems. Notable "Bugs" vs. Exploits
NSSM (Non-Sucking Service Manager) is an open-source utility that allows users to run any executable as a Windows service. Unlike sc create or instsrv , NSSM automatically handles restart policies, logging, and process monitoring. Version 2.24 is the last stable release before the beta 2.25 (2016) and the current 2.25-101 (2024). nssm-2.24 exploit
Are you trying to secure a system against these persistence techniques, or are you looking for details on a specific recent security report? Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
If you are using NSSM 2.24 in your environment, consider these steps found in security research from Doyensec and Snyk : Are you trying to secure a system against
The NSSM-2.24 exploit refers to a specific vulnerability in the Non-Sucking Service Manager (NSSM) version 2.24. NSSM is a service manager for Windows that allows users to easily install, configure, and manage services on their systems. While NSSM is a popular and widely-used tool, the 2.24 version has been found to contain a critical vulnerability that can be exploited by attackers.
Given its dual‑use nature, NSSM is often flagged by security software. Trend Micro, for instance, classifies certain NSSM samples as – a hacking tool that registers itself as a system service and adds entries to the Windows event log registry keys to ensure automatic execution at startup. This classification does not imply that NSSM itself is malware, but rather that its behaviour (installing an unknown service) is typical of malicious activity. and manage services on their systems.
Elias had found it nested deep within the architecture of the city’s automated transit grid. To the untrained eye, it looked like a routine service handler. To Elias, it looked like a Trojan horse made of pure, crystalline logic.
LigoWave is excited to announce that Deliberant and LigoWave are merging. Great on their own, even better together. One website combining the PTP & PTMP products, LinkCalc, software tools, and renowned support to make your job easier. The former Deliberant APC product line will be the “APC series” under LigoWave. Take a look and give us your feedback!