About Gary

Interesting thread here, particularly if there's any remote powershell being used > If you are a firewall admin stop right now, apply these 2 rules. Block 137, 139, 445 inbound and outbound on your firewalls. While you are at it on all your workstations block inbound on the same ports, also add in 5985 and 5986. It will piss off admins but will stop worms! — EvilMog (@Evil_Mog) March 10, 2020 [https://twitter.com/Evil_Mog/status/1237511446570790912?ref_src=twsrc%5Etfw]…

Read More

> If you're auditing security configurations on Windows, take a look at the open source Attack Surface Analyzer from @msftsecurity [https://twitter.com/msftsecurity?ref_src=twsrc%5Etfw] pic.twitter.com/UgjhgHQZsb [https://t.co/UgjhgHQZsb] — Jake Williams (@MalwareJake) February 25, 2020 [https://twitter.com/MalwareJake/status/1232434371623186432?ref_src=twsrc%5Etfw] Attack Surface Analyzer (updated) announcement here; Announcing the all new Attack Surface Analyzer 2.0Attack Surface Analyzer 2…

Read More

From @Lee_Holmes > We've updated this post to give additional context and guidance for folks being asked to disable PowerShell. Check it out and let us know what you think! https://t.co/0LqsBgjLTv — Lee Holmes (@Lee_Holmes) February 20, 2020 [https://twitter.com/Lee_Holmes/status/1230597293709000704?ref_src=twsrc%5Etfw] MS link here; > Defending Against PowerShell Attacks [https://devblogs.microsoft.com/powershell/defending-against-powershell-attacks/]…

Read More

Good list, but the whole thread is even more interesting; > Low Level Malware Protection 1. Use web proxies 🌉 (proxy awareness in all malware stages is rare) 2. Block executable downloads 🚦 (from unclassified domains; stage 2+ is often executable content) 3. Restrict workstation to workstation communication 🚧 (contains an outbreak) — Florian Roth (@cyb3rops) February 14, 2020 [https://twitter.com/cyb3rops/status/1228306241815969792?ref_src=twsrc%5Etfw]…

Read More