https://github.com/redsiege/gppdeception

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers
https://github.com/redsiege/gppdeception

Last synced: 10 months ago
JSON representation

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers

Host: GitHub
URL: https://github.com/redsiege/gppdeception
Owner: RedSiege
License: mit
Created: 2020-03-07T02:42:24.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2020-03-09T03:45:05.000Z (over 6 years ago)
Last Synced: 2025-08-09T01:32:10.224Z (11 months ago)
Language: PowerShell
Size: 5.86 KB
Stars: 46
Watchers: 2
Forks: 10
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# GPPDeception
This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers.

Blue teams can use this file as a honeyfile.
By monitoring for access to the file, Blue Teams can detect pen testers or malicious actors scanning for GPP files containing usernames
and cpasswords for lateral movment.

Blue Teams can also monitor for use of the credentials as honeycreds.

# Usage
Invoke-GPPDeception -Plaintext plaintextpassword -UserName honeycredaccount

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/redsiege/gppdeception

Awesome Lists containing this project

README