← Back to Explore
T1216.001
PubPrn
Adversaries may use PubPrn to proxy execution of malicious remote files. PubPrn.vbs is a [Visual Basic](https://attack.mitre.org/techniques/T1059/005) script that publishes a printer to Active Directory Domain Services. The script may be signed by Microsoft and is commonly executed through the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) via <code>Cscript.exe</code>. For example, the following code publishes a printer within the specified domain: <code>cscript pubprn Pr...
Windows
2
Detections
1
Sources
1
Threat Actors
BY SOURCE
2sigma
PROCEDURES (1)
Process Creation Monitoring2 detections
Auto-extracted: 2 detections for process creation monitoring