vulnerabilities when bundled with other software. Because NSSM runs as a service—often with LocalSystem
wmic service get name,displayname,pathname,startmode | findstr /i "nssm" Use code with caution. Copied to clipboard Look for a nssm-2.24 exploit
More broadly, many intrusion campaigns use NSSM to achieve persistence in a stealthy manner. A threat actor who has already obtained administrative privileges can run the following command to install their backdoor as a persistent service: vulnerabilities when bundled with other software