HcInfosec · @HcInfosec
31 followers · 983 posts · Server defcon.social
Made a nice #mindmap on #mallware #apt and if defenses of #powershell or #wdac will work
#infosec #attackchain analysis
#mindmap #mallware #apt #powershell #wdac #infosec #attackchain
HcInfosec · @HcInfosec
28 followers · 898 posts · Server defcon.social@ithoughtisawa2 we have a pretty standard webbased environment so I have good hope #wdac will work
Kim Oppalfens 💎 · @kimoppalfens
19 followers · 7 posts · Server infosec.exchangeThe year of #WDAC #wdacwednesday - January 2023
January 2023 had 6 threat campaigns in Microsoft Defender for Endpoint analyzed. 1 Threat campaign did not involve executing code on client systems, so there’s no reasonable expectation that an application control technology could stop this. We mark these campaigns as out-of-scope for our analysis and statistics. 2 Threat campaign lacked enough details for us to make an informed decission as to whether an application control implementation could have stopped the campaign from wreaking havoc. We mark these campaigns as out-of-scope for our analysis and statistics.
The 3 other campaigns would have all been stopped by any Windows Defender Application Control implementation. Out of these 3, 1 campaign made use of dll’s, PowerShell scripts and the well-known RegSvr32 bypass for Applocker. The threat actors behind this campaign clearly used knowledge of Applocker and popular implementations of it to allow their campaign to move forward even when Applocker was implemented.
Summary: a perfect score for the WDAC team in january.
https://www.oscc.be/wdac/2023-The-year-of-WDAC-Month-01-January/
#infosec #security #windows10
#wdac #wdacwednesday #infosec #security #windows10
mika · @mika
65 followers · 252 posts · Server infosec.exchangeAnd why am I reading about #WDAC and #Kerberoasting on a Saturday evening? If anyone knows, please let me know cause I have no clue at all.