---
type: "term"
title: "Dual-Use Tool"
description: "A legitimate administrative utility that can be used for both legitimate administrative purposes and malicious activities when invoked by an attacker."
resource: "tlctc:term:dual-use-tool"
tags:
  - "glossary"
---
# Dual-Use Tool

A legitimate administrative utility that can be used for both legitimate administrative purposes and malicious activities when invoked by an attacker. Examples include PowerShell, PsExec, WMI, and remote administration tools. In TLCTC: invocation/abuse of the tool may be `#1` (if no implementation flaw is exploited), while the actual execution of attacker-controlled FEC through that tool is `#7`, resulting in a `#1 → #7` sequence.

**Reference:** §4.2.5 (R-EXEC, LOLBAS Clarification)

---