Windows

Gpscript.exeGpscript.exe

Platform
Windows
Abuse functions
2
Mapped techniques
1

Description

Gpscript.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Gpscript.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

ExecuteT1218

Add local group policy logon script to execute file and hide from defensive counter measures

ExecuteT1218

Add local group policy logon script to execute file and hide from defensive counter measures

MITRE ATT&CK techniques· 1

T1218

Uses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont1218100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Scriptrunner.exe
LOLbin
Runscripthelper.exe
LOLbin
Wscript.exe
LOLbin
Cscript.exe
LOLbin
Mpiexec.exe
LOLbin
SQLToolsPS.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.