.. /DeviceCredentialDeployment.exe
Star

Device Credential Deployment

Paths:

C:\Windows\System32\DeviceCredentialDeployment.exe

Acknowledgements:

Elliot Killick (@elliotkillick)

Detection:

IOC: DeviceCredentialDeployment.exe should not be run on a normal workstation
Sigma: https://github.com/SigmaHQ/sigma/blob/ff5102832031425f6eed011dd3a2e62653008c94/rules/windows/process_creation/proc_creation_win_lolbin_device_credential_deployment.yml

Conceal

Grab the console window handle and set it to hidden
```
DeviceCredentialDeployment
```
Use case
Can be used to stealthily run a console application (e.g. cmd.exe) in the background

Privileges required
User

Operating systems
Windows 10

ATT&CK® technique
T1564