TI Mindmap HUB
Threat Intelligence Report

ARP Around and Find Out: Hijacking GPO UNC Paths for Code Execution and NTLM Relay

๐Ÿ“… April 30, 2026 ๐Ÿ“ฐ trustedsec.com ๐Ÿ” 0 CVE(s) referenced

Attackers can abuse WriteGPLink permissions and ARP spoofing to hijack UNC paths in Group Policy Objects, enabling stealthy code execution as SYSTEM and NTLM relay attacks without modifying SYSVOL or creating new accounts.

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle