From @Lee_Holmes > We've updated this post to give additional context and guidance for folks being asked to disable PowerShell. Check it out and let us know what you think! https://t.co/0LqsBgjLTv — Lee Holmes (@Lee_Holmes) February 20, 2020 [https://twitter.com/Lee_Holmes/status/1230597293709000704?ref_src=twsrc%5Etfw] MS link here; > Defending Against PowerShell Attacks [https://devblogs.microsoft.com/powershell/defending-against-powershell-attacks/]…
Good list, but the whole thread is even more interesting; > Low Level Malware Protection 1. Use web proxies 🌉 (proxy awareness in all malware stages is rare) 2. Block executable downloads 🚦 (from unclassified domains; stage 2+ is often executable content) 3. Restrict workstation to workstation communication 🚧 (contains an outbreak) — Florian Roth (@cyb3rops) February 14, 2020 [https://twitter.com/cyb3rops/status/1228306241815969792?ref_src=twsrc%5Etfw]…
> We're pleased to announce the alpha release of our secure communication principles... https://t.co/BiMlqHa6a1 pic.twitter.com/V7FqHjAXy5 [https://t.co/V7FqHjAXy5] — NCSC UK (@NCSC) January 25, 2020 [https://twitter.com/NCSC/status/1221021650977730560?ref_src=twsrc%5Etfw] NCSC link here; Secure communications principles: alpha releaseGuidance to help you assess the security of voice, video and messaging communication services [https://www.ncsc.gov.uk/guidance/secure-communication-principles-a…
Some interesting ideas in this thread; > Lets assume you have DNS logs. What is some stuff you like to look for when hunting through DNS logs? Personally, I like looking for dynamic DNS stuff because if it isn't malicious, a lot of the time its plan and out bizarre. How bout you? — catte.jpg.vbs (@da_667) January 21, 2020 [https://twitter.com/da_667/status/1219668969839304704?ref_src=twsrc%5Etfw]…
> Malicious macros are still causing problems... https://t.co/x2wYQQALXg pic.twitter.com/GQxYdP51hw [https://t.co/GQxYdP51hw] — NCSC UK (@NCSC) January 8, 2020 [https://twitter.com/NCSC/status/1214931594890424325?ref_src=twsrc%5Etfw] NCSC's guidance can be found here; Malicious macros are still causing problems!Andrew A explains the updated guidance for Microsoft Office macros [https://www.ncsc.gov.uk/blog-post/malicious-macros-are-still-causing-problems]…