Friday, January 19, 2018

Infosec quotes - Powershell Security

Simple initial steps to Securing Powershell 

Tip 1 
setup host based firewall to prevent powershell from accessing the internet / proxy, will prevent a lot of common 2nd stage droppers or persistence

Tip 2
Use applocker to prevent your general users from running powershel.exe. You can create a very permissive ruleset which allows admins, service accounts etc to run powershell but your general user population from using it. 


Credit the SANS advisory board

No comments:

Post a Comment