返回
-
标题
InTrust - Defense Against PowerShell Attacks -
说明
In this video, the presenter demonstrates how to minimize the impact of attacks based on PowerShell scripts, specifically pass the hash attacks. They set up alerts and emergency response actions for suspicious PowerShell activity, using a rule that detects potentially dangerous keywords found in modules like PowerSploit. When an attack is detected, the user account is disabled, the user is forcefully logged off, the Windows Remote Management Service is stopped, and emergency auditing is turned on. The video shows examples of successful and unsuccessful attacks, highlighting the effectiveness of the defense measures.