Advice Request Attack methods and free tools / configs to mitigate risks - Windows 10/11

[kongchaos]

Hello.

I'd say this is a very complex question, and many people might have different opinion about how to deal with them.
In the past many would recommend moving to Linux based distros, like they would be safer than windows. Some even would say Apple products were safer.
Nowadays everyone agrees there's no such a thing. An extensive list of vulnerabilities exist for most systems, and they keep pooping out.
Ex: Dirty pipe
Not to mention the need to use windows for some tasks which have no parallel alternative on Linux.

That being said, I'd like to focus on the topic subject.
I'm not an IT Security Expert, though I've concerns about security, especially when malware can be used to steal large sums of money in a few minutes like stealing crypto wallets, or destroying important files like pics of a deceased loved one.

Spoiler: Newbie

I know backups can avoid this, but just theoretically

I've seen good information at the Computer Security section, but it lacks this detailed information to help me understand what am I protected against and what I'm not.
So I'd like to ask for the experts to kindly help me list known threats and the tools or configs to help protecting against them.
Please feel free to add everything we possibly can to make a comprehensive list.
Even hardware flaws like Spectre, or those who don't have any known way to be prevented like an UEFI or BIOS flaws.
Please If more than one tool is needed, add that too.
I think this would help not me, but the majority of the community who are not specialists.

I would make it look like this:
TROJAN - WINDOWS SECURITY
LOLBINS - H_C
FILELESS ATTACK - ???

...

 

[Kongo]

Hello.

I'd say this is a very complex question, and many people might have different opinion about how to deal with them.
In the past many would recommend moving to Linux based distros, like they would be safer than windows. Some even would say Apple products were safer.
Nowadays everyone agrees there's no such a thing. An extensive list of vulnerabilities exist for most systems, and they keep pooping out.
Ex: Dirty pipe
Not to mention the need to use windows for some tasks which have no parallel alternative on Linux.

That being said, I'd like to focus on the topic subject.
I'm not an IT Security Expert, though I've concerns about security, especially when malware can be used to steal large sums of money in a few minutes like stealing crypto wallets, or destroying important files like pics of a deceased loved one.

Spoiler: Newbie

I know backups can avoid this, but just theoretically

I've seen good information at the Computer Security section, but it lacks this detailed information to help me understand what am I protected against and what I'm not.
So I'd like to ask for the experts to kindly help me list known threats and the tools or configs to help protecting against them.
Please feel free to add everything we possibly can to make a comprehensive list.
Even hardware flaws like Spectre, or those who don't have any known way to be prevented like an UEFI or BIOS flaws.
Please If more than one tool is needed, add that too.
I think this would help not me, but the majority of the community who are not specialists.

I would make it look like this:
TROJAN - WINDOWS SECURITY
LOLBINS - H_C
FILELESS ATTACK - ???

...

Microsoft Defender --> Protection against all kinds of threats (Detection and prevention of a variety of threats)

H_C or SWH --> Attack Surface Reduction (For example specific file extensions are blocked so that they can't be run on your system. If for example all script extensions like e.g. js, jar, ps1 are blocked, attackers are not able to perform fileless attacks on your system anymore. So there is basically one less attack vector that a hacker can use. He has to find another way to attack your system. That's simplified the idea behind attack surface reduction.) That's only one thing that H_C is doing. Read more about it here: Hard_Configurator – GUI to manage Software Restriction Policy (SRP) and harden Windows

Firewall Hardening --> LOLBins (Blocking outbound connections for LOLBins which can be abused by hackers)

That's just some basic info. I am sure @Andy Ful can tell you more.

 

[Andy Ful]

There are many such free tools, for example, Hard_Configurator (also H_C_HardeningTools, SWH), Hardentools, Syshardener, VoodooShield.

Hello.

I'd say this is a very complex question, and many people might have different opinion about how to deal with them.
In the past many would recommend moving to Linux based distros, like they would be safer than windows. Some even would say Apple products were safer.

There is no need to change Linux, Mac, or Windows for security reasons. All of them can be configured to get acceptable security. So, you are much safer compared to driving a car or shopping (in the time of COVID-19).

Not to mention the need to use windows for some tasks which have no parallel alternative on Linux.

This can be a reason.

Even hardware flaws like Spectre, or those who don't have any known way to be prevented like an UEFI or BIOS flaws.
Please If more than one tool is needed, add that too.

The malware/exploit has to be first somehow delivered to your system. The chances for that are not great. If you would ask MT members, then most of them were not infected for many years, and the rest were infected by stupid risky actions.
Are you worried about the possibility of being accidentally killed by a professional killer? If so then you should not also use computers. If not, then you can skip thinking about such flaws like Spectre.
It is impossible to protect Windows (Linux, MAC, etc.) against all possible attack vectors. If you would try to do it, then your computer would be hardly usable. Just learn more about the attack vectors and your worries will decrease significantly. You are in a good place here on MT.

 

[kongchaos]

Microsoft Defender --> Protection against all kinds of threats (Detection and prevention of a variety of threats)

H_C or SWH --> Attack Surface Reduction (For example specific file extensions are blocked so that they can't be run on your system. If for example all script extensions like e.g. js, jar, ps1 are blocked, attackers are not able to perform fileless attacks on your system anymore. So there is basically one less attack vector that a hacker can use. He has to find another way to attack your system. That's simplified the idea behind attack surface reduction.) That's only one thing that H_C is doing. Read more about it here: Hard_Configurator – GUI to manage Software Restriction Policy (SRP) and harden Windows

Firewall Hardening --> LOLBins (Blocking outbound connections for LOLBins which can be abused by hackers)

That's just some basic info. I am sure @Andy Ful can tell you more.

Thanks for your kind answer @SecureKongo .

I've been around the online world for quite a long time (a former Tibia player - Antica server)

I've seen ages of AVs and complimentary programs come and go. Some of them still exist today.
Even if I didn't take part of discussions at this forum, I lurked around a bit. And I agree, @Andy Ful tools are good. I use them myself. As Defender properly configured.
Maybe I'm aiming too high with my intention, but it's a fun fact after so many years I've never seen a comprehensive list of threats and how to remedy them.
It's more like news here and there, and most people can't keep up with them and compile all.
Many products boast they do mitigate this or that, yet there's no real proof and it's not uncommon they are filled with bloatware.
Some are even malware disguised as antivirus and advertised on tech forums as legit.
And people get confused about what software is really needed? What should I worry about? Is my config safe?

I like to think of this as a project to start a newbie map soundly and in high spirits.

I hope more people join me.

 

[kongchaos]

The malware/exploit has to be first somehow delivered to your system. The chances for that are not great. If you would ask MT members, then most of them were not infected for many years, and the rest were infected by stupid risky actions.

Indeed. But maybe ignorance is bliss. There are massive botnets around the world. I believe most infected computer owners would wipe the viruses if they knew they were infected. But many don't even notice. Most security configs are not default on windows, browsers, and so. In the past I was infected by a virus that installed itself directly from the browser without any download. In fact I didn't even do much. Just clicked on a link shown at a "safe" forum. I can say things are different today. Many security holes were patched. But things keep coming up.

It is impossible to protect Windows (Linux, MAC, etc.) against all possible attack vectors. If you would try to do it, then your computer would be hardly usable. Just learn more about the attack vectors and your worries will decrease significantly.

I've seen ages of AVs and complimentary programs come and go. Some of them still exist today.
Even if I didn't take part of discussions at this forum, I lurked around a bit. And I agree, @Andy Ful tools are good. I use them myself. As Defender properly configured.
Maybe I'm aiming too high with my intention, but it's a fun fact after so many years I've never seen a comprehensive list of threats and how to remedy them.
It's more like news here and there, and most people can't keep up with them and compile all.
Many products boast they do mitigate this or that, yet there's no real proof and it's not uncommon they are filled with bloatware.
Some are even malware disguised as antivirus and advertised on tech forums as legit.
And people get confused about what software is really needed? What should I worry about? Is my config safe?

That's the point. As I said above, it's very hard for a regular user to read all security news and find out between hundreds of software advertised on the internet what's legit, what is better, what complements or conflicts. There is malware been distributed disguised as antivirus software at a very popular tech forum (not to mention compromised apps available on Google Play Store). I installed it for testing purpose at a VM and soon after it was "done", some shady processes under "system" level began phoning China. Not the "AV" process, but legit windows processes hijacked.

My idea is to help make things clear.

 

[cruelsister]

Firewall Hardening --> LOLBins (Blocking outbound connections for LOLBins which can be abused by hackers)

For giggles Chaos may want to try out some simple LoLbin techniques to get a feel for how stuff works. Using certutil as an example, one can see how it can be made to connect out and download a file. I've dropped examples on my profile in case anyone is bored.

 

[Andy Ful]

...
And people get confused about what software is really needed? What should I worry about? Is my config safe?
...

These are questions without easy answers.
Generally, If you are going to be infected then you need more security (joke).
According to the AV vendors, all you need is a good AV.
Most people on MT will probably agree that on the well updated Windows 10 one can do some things to be effectively safer, for example:

1. Develop some safe habits (probably the most important for security).
2. Learn how to recognize scam and phishing attempts. I do not think only about the scam & phishing techniques but rather about psychology. The attackers usually try to convince people about easy profits or about something that is important for the targeted victims.
3. Accept that your security software is not for saving you when installing cracks and pirated software.
4. Use slightly more security layers than the rest of the world and accept that more layers means also less convenience.
5. Additional security is also required If you use popular vulnerable software like MS Office, Adobe Acrobat Reader, etc.
6. Learn how to be protected when doing risky things like visiting DarkNet, etc.

Point 4 can mean different things for different people. The happy clickers, casual users, and children will require more security. The cautious MT members would probably need only a good AV, but many of them will apply point 4 anyway.

 

[Andy Ful]

My idea is to help make things clear.

So, many threads on MT.

I would not focus on the security software. It looks like many users want to win a race for amateurs by buying a bicycle for professionals. They forget about proper training.

The OS with strict security can be for casual users like the kindergarten. The difference is that children are taught by elders how to live in the normal world. It seems that most computer users are left alone. Anyone can buy a computer with Windows, but most users are not taught how to use it safely.

 

[Andy Ful]

...
Maybe I'm aiming too high with my intention, but it's a fun fact after so many years I've never seen a comprehensive list of threats and how to remedy them.
...

I think that Mitre ATT&CK Matrix could help:

Matrix - Enterprise - Windows | MITRE ATT&CK®

attack.mitre.org

It includes a comprehensive list of attack techniques and many examples seen in the wild.

 

[kongchaos]

So, many threads on MT.

I would not focus on the security software. It looks like many users want to win a race for amateurs by buying a bicycle for professionals. They forget about proper training.

The OS with strict security can be for casual users like the kindergarten. The difference is that children are taught by elders how to live in the normal world. It seems that most computer users are left alone. Anyone can buy a computer with Windows, but most users are not taught how to use it safely.

That's how I feel. When you go buy a car the salesman show you all the security features: ABS, EBD, 6 airbags, and so.
But OS are like swiss cheese. You can't even count how many holes are there.

 

[kongchaos]

I think that Mitre ATT&CK Matrix could help:

Matrix - Enterprise - Windows | MITRE ATT&CK®

attack.mitre.org

It includes a comprehensive list of attack techniques and many examples seen in the wild.

Thanks for this. It's exactly what I was looking for!