Windows

ConfigSecurityPolicy.exeConfigSecurityPolicy.exe

Platform
Windows
Abuse functions
2
Mapped techniques
2

Description

ConfigSecurityPolicy.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Upload, Download. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1567. Defenders should monitor execution of ConfigSecurityPolicy.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

UploadT1567

Upload file

DownloadT1105

Downloads payload from remote server

MITRE ATT&CK techniques· 2

T1567T1105

Uses2

TypeTargetConfidenceTier
TechniqueExfiltration Over Web Servicet1567100%live
TechniqueIngress Tool Transfert1105100%live

Abuses2

TypeTargetConfidenceTier
TechniqueExfiltration Over Web Servicet1567100%live
TechniqueIngress Tool Transfert110585%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Msconfig.exe
LOLbin
Conhost.exe
LOLbin
SettingSyncHost.exe
LOLbin
DataSvcUtil.exe
LOLbin
Csc.exe
LOLbin
Gpscript.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.