Windows
DeviceCredentialDeployment.exeDeviceCredentialDeployment.exe
Platform
Windows
Abuse functions
1
Mapped techniques
1
Description
DeviceCredentialDeployment.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Conceal. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1564. Defenders should monitor execution of DeviceCredentialDeployment.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.
Abuse functions· 1
ConcealT1564
Can be used to stealthily run a console application (e.g. cmd.exe) in the background
MITRE ATT&CK techniques· 1
Uses1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Hide Artifactst1564 | 100% | live |
Abuses1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Hide Artifactst1564 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.