Interesting thread here, and Dimitrios's medium article has interesting ideas too.
Before developing advanced detection techniques for powershell and lateral movement lets think if we can use the build-in free Windows firewall to prevent widely used techniques. Then we can detect unmanaged poweshell etc https://t.co/5jwH3EWKQq
— Dimitrios Margaritis (@dmargaritis) November 24, 2019