Skip to content

Hide Navigation Hide TOC

Findstr GPP Passwords (91a2c315-9ee6-4052-a853-6f6a8238f90d)

Look for the encrypted cpassword value within Group Policy Preference files on the Domain Controller. This value can be decrypted with gpp-decrypt.

Cluster A Galaxy A Cluster B Galaxy B Level
Findstr GPP Passwords (91a2c315-9ee6-4052-a853-6f6a8238f90d) Sigma-Rules Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern 2