Simple initial steps to Securing Powershell
Tip 1
setup host based firewall to prevent powershell from accessing the internet / proxy, will prevent a lot of common 2nd stage droppers or persistence
Tip 2
Use applocker to prevent your general users from running powershel.exe. You can create a very permissive ruleset which allows admins, service accounts etc to run powershell but your general user population from using it.
Credit the SANS advisory board
No comments:
Post a Comment