Skip to content

RedSiege/GPPDeception

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

GPPDeception.ps1

GPPDeception.ps1

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

GPPDeception

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers.

Blue teams can use this file as a honeyfile. By monitoring for access to the file, Blue Teams can detect pen testers or malicious actors scanning for GPP files containing usernames and cpasswords for lateral movment.

Blue Teams can also monitor for use of the credentials as honeycreds.

Usage

Invoke-GPPDeception -Plaintext plaintextpassword -UserName honeycredaccount

About

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

43 stars

Watchers

3 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages