How to prevent legitimate Windows Executables to be used to gain foothold in your infrastructure

MITRE Att&ck Framework

Today is the last day at RSA US 2020, and attended various interesting keynotes. Looking forward to come back again next year without the COVID-19. In one the keynotes, MITRE Att&ck Framework - The Sequel, we learned that quite a number of attacks used Powershell.exe to invoke external connection through commands to upload system information or even download malicious code. Powershell is a legitimate windows executable, but still can be made to perform malicious tasks by the perpetrators. The good news is this can be easily mitigated, by using Windows Firewall. Refer to the content from Dimitris Margaritis for more details on how you can configure your windows firewall to protect your organization from such attacks. 

Click here to go to Dimitris Margaritis Blog for details