Thawd Saturday: T1543.003 Windows Services

Minute Read

Thawd Satruday

In this Thawd Saturday session, we dive deep into Windows Services, exploring how they operate, their purpose, and why they exist. We'll focus on how attackers can take advantage of these services for malicious purposes, while also providing guidance on detecting and defending against such attacks.

‍

Reference:

Thawd Repo

Thawd Labs

Copy link

Vulnerability Research

July 20, 2025

CVE-2025-53770 Unauthenticated SharePoint RCE ("ToolShell") Exploit Uncovered

a critical zero-day vulnerability, CVE-2025-53770, was uncovered in on-premises Microsoft SharePoint servers, enabling unauthenticated remote code execution. This exploit, known as "ToolShell," is actively being used in the wild and affects SharePoint 2013, 2016, 2019, and Subscription Edition.

See Thawd In Action

Submit a request and we'll share answers to your top security validation and exposure management questions.

Thawd Saturday: T1543.003 Windows Services

Related articles

CVE-2025-53770 Unauthenticated SharePoint RCE ("ToolShell") Exploit Uncovered

See Thawd In Action