Skip to main content

Persistence

📄️ Group Policy Management

Group Policy Management (GPO) in AD provides a Central Mechanism to Manage the Local Policy Configuration of all Domain-Joined Machines. This includes Configuration such as membership to Restricted Groups, Firewall and AV Configuration, and which Scripts should be executed upon Startup. GPO can be targeted by Attackers to Deploy Persistence across the entire Estate. Even worse is that the Attacker can often hide the GPO in such a way that it becomes almost Impossible to Remove it.