Return
-
Title
InTrust - Defense Against PowerShell Attacks -
Description
In this video, the presenter demonstrates how to minimize the impact of attacks based on PowerShell scripts, specifically pass the hash attacks. They set up alerts and emergency response actions for suspicious PowerShell activity, using a rule that detects potentially dangerous keywords found in modules like PowerSploit. When an attack is detected, the user account is disabled, the user is forcefully logged off, the Windows Remote Management Service is stopped, and emergency auditing is turned on. The video shows examples of successful and unsuccessful attacks, highlighting the effectiveness of the defense measures.
Sign In Required
You need to be signed in and under a current maintenance contract to view premium knowledge articles.