Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
How do you secure PowerShell?
Message
<blockquote data-quote="509322" data-source="post: 625241"><p>Do it as an experiment in VM.</p><p></p><p></p><p></p><p>PowerShell can be run by using a custom *.dll or executable = even if you disable PowerShell in the Windows Shell and, I believe, disable System.Management.Automation.dll (not 100 % sure on this), then PowerShell can still run on the system. For example, as a post-exploit.</p><p></p><p>That is why you want to run commonly exploited programs - like Office and browsers - with robust restricted privileges. You might end up with a User Session infection that can still cause problems, but once you reboot the system it should not persist if the restrictions are robust with inheritance.</p><p></p><p>Restricted Privileges does not prevent encryption, key-logging, data theft, network connects, etc; it blocks persistence. Encryption does not need persistence. That is why additional User Space policies are needed to bolster Restricted Privileges.</p></blockquote><p></p>
[QUOTE="509322, post: 625241"] Do it as an experiment in VM. PowerShell can be run by using a custom *.dll or executable = even if you disable PowerShell in the Windows Shell and, I believe, disable System.Management.Automation.dll (not 100 % sure on this), then PowerShell can still run on the system. For example, as a post-exploit. That is why you want to run commonly exploited programs - like Office and browsers - with robust restricted privileges. You might end up with a User Session infection that can still cause problems, but once you reboot the system it should not persist if the restrictions are robust with inheritance. Restricted Privileges does not prevent encryption, key-logging, data theft, network connects, etc; it blocks persistence. Encryption does not need persistence. That is why additional User Space policies are needed to bolster Restricted Privileges. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
