Sometimes there will be services that have executables attached to them. If we have the permissions to manipulate it (FILE_ALL_ACCESS) then we can replace it with a malicious executable and get it to do what we want as system.
Run PowerUp and check for ModifileableFileIdentityReference within Service executables.
Manually check the permissions on the service using accesschk64
Compile, upload the malicious exe, replacing the old executable and start the service
