Skip to content
/ GPPDeception Public

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers

License

MIT license
45 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RedSiege/GPPDeception

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
GPPDeception.ps1
GPPDeception.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

GPPDeception

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers.

Blue teams can use this file as a honeyfile. By monitoring for access to the file, Blue Teams can detect pen testers or malicious actors scanning for GPP files containing usernames and cpasswords for lateral movment.

Blue Teams can also monitor for use of the credentials as honeycreds.

Usage

Invoke-GPPDeception -Plaintext plaintextpassword -UserName honeycredaccount

About

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

45 stars

Watchers

3 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages