Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 833767" data-attributes="member: 32260"><p><strong>[USER=79653]Correlate[/USER]</strong> has posted a very nice article about fileless attacks:</p><p>[URL unfurl="true"]https://malwaretips.com/threads/today’s-threat-trend-the-rise-of-file-less-attacks.94891/[/URL]</p><p></p><p>This is a summary of Deep Instinct white paper "Making Sence of Fileless malware".</p><p>Fileless attack (common definition) is an attack during which no portable executable (PE) file is written to and executed from disk.</p><p>There are some recommendations in the above white paper:</p><p></p><p><span style="font-size: 18px">"</span><em><span style="font-size: 18px"><strong>Recommendations and summary </strong></span></em></p><p><em>Regardless of an organizations choice of a security solution, there are some steps organizations and users can take to protect themselves from fileless attacks:</em></p><ol> <li data-xf-list-type="ol"><em><strong>Restrict the use of scripts and scripting languages</strong> inside the organization, by applying different policies to different areas of the network. Allow scripts to run from read-only network locations or access only specific machines.</em></li> <li data-xf-list-type="ol"><em>Restrict and monitor the use of Interactive PowerShell and WMI within the organization.</em></li> <li data-xf-list-type="ol"><em>Block execution of macros, and digitally sign trusted macros, which can be allowed to run within the organization.</em></li> <li data-xf-list-type="ol"><em>Make sure all your computers and programs are updated regularly and on time. This will prevent the exploitation of known and patched vulnerabilities. </em></li> <li data-xf-list-type="ol"><em>In any case, do not click on unknown or untrusted links, and do not open email attachments which are unknown or untrusted. Infection through social engineering is the most common method of infection.</em></li> <li data-xf-list-type="ol"><em>Deploy an advanced endpoint protection solution which can detect and mitigate fileless attacks. Some advanced endpoint solutions can also enforce all the points mentioned above."</em></li> </ol><p>In a few further posts, I will try to address the first three steps to Hard_Configurator settings.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 833767, member: 32260"] [B][USER=79653]Correlate[/USER][/B] has posted a very nice article about fileless attacks: [URL unfurl="true"]https://malwaretips.com/threads/today’s-threat-trend-the-rise-of-file-less-attacks.94891/[/URL] This is a summary of Deep Instinct white paper "Making Sence of Fileless malware". Fileless attack (common definition) is an attack during which no portable executable (PE) file is written to and executed from disk. There are some recommendations in the above white paper: [SIZE=5]"[/SIZE][I][SIZE=5][B]Recommendations and summary [/B][/SIZE] Regardless of an organizations choice of a security solution, there are some steps organizations and users can take to protect themselves from fileless attacks:[/I] [LIST=1] [*][I][B]Restrict the use of scripts and scripting languages[/B] inside the organization, by applying different policies to different areas of the network. Allow scripts to run from read-only network locations or access only specific machines.[/I] [*][I]Restrict and monitor the use of Interactive PowerShell and WMI within the organization.[/I] [*][I]Block execution of macros, and digitally sign trusted macros, which can be allowed to run within the organization.[/I] [*][I]Make sure all your computers and programs are updated regularly and on time. This will prevent the exploitation of known and patched vulnerabilities. [/I] [*][I]In any case, do not click on unknown or untrusted links, and do not open email attachments which are unknown or untrusted. Infection through social engineering is the most common method of infection.[/I] [*][I]Deploy an advanced endpoint protection solution which can detect and mitigate fileless attacks. Some advanced endpoint solutions can also enforce all the points mentioned above."[/I] [/LIST] In a few further posts, I will try to address the first three steps to Hard_Configurator settings. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
