We've noted our findings after a couple of years auditing #Windows #Defender Attack Surface Reduction events.
— Chad Duffey (@duff22b) January 11, 2021
Hopefully it will help anyone considering block mode.
Being able to use the credential stealing/lsass rule was the surprise for me. https://t.co/CodZFDtOla
Palantir's Microsoft Defender Attack Surface Reduction recommendations;
Microsoft Defender Attack Surface Reduction recommendations
Palantir’s Infosec team provides their recommendations for deploying Microsoft’s Windows Defender Attack Surface Reduction family of controls.
Palantir