Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Simple Windows Hardening
Message
<blockquote data-quote="Andy Ful" data-source="post: 892558" data-attributes="member: 32260"><p><strong>Post updated in September 2024.</strong></p><p><span style="color: rgb(0, 168, 133)"><strong>SWH works with Windows 10 and 11 (all versions including 24H2) </strong></span></p><p></p><h3>SWH ver. 2.1.1.1 - July 2023 <span style="font-size: 15px">(added support for Windows 11 ver. 22H2)</span></h3><p>[URL unfurl="true"]https://github.com/AndyFul/Hard_Configurator/raw/master/Simple%20Windows%20Hardening/SimpleWindowsHardening_2111.zip[/URL]</p><p></p><h3>SWH ver. 2.0.0.1 - August 2022 (no support for Windows 11 ver. 22H2)</h3><p><a href="https://github.com/AndyFul/Hard_Configurator/raw/master/Simple%20Windows%20Hardening/SimpleWindowsHardening_2001.zip" target="_blank">https://github.com/AndyFul/Hard_Configurator/raw/master/Simple Windows Hardening/SimpleWindowsHardening_2001.zip</a></p><p></p><p>Windows 11 ver. 22H2 (fresh installation) turns off by default Software Restriction Policies. So, SimpleWindowsHardening ver. 2.0.0.1 (and prior) cannot use the SWH options related to SRP. This issue is corrected in version 2.1.1.1. It can also work with enabled Smart App Control.</p><p></p><p>Microsoft documentation for Software Restriction Policies (July 2021):</p><p>[URL unfurl="true"]https://learn.microsoft.com/en-us/windows-server/identity/software-restriction-policies/software-restriction-policies-technical-overview[/URL]</p><p>This documentation was made for Windows Server (2012-2022), but SRP works the same on Windows 7, 8, 8.1, 10, and 11. From Windows 11, one has to pay attention to AppLocker policies.</p><p></p><p><strong><span style="font-size: 18px">Overview</span></strong></p><p>Simple Windows Hardening (SWH) works on Windows Home and Pro editions. It is a portable application that allows configuring Windows built-in features to support antivirus and prevent fileless malware. SWH is adjusted to the home environment. After the initial configuration, it can be closed and all protection comes from the Windows built-in features.</p><p></p><p>SWH is based on Software Restriction Policies (SRP) and some useful Windows Policies. Users on Windows 11 should bear in mind that Microsoft stopped the development of SRP a few years ago. One cannot exclude the possibility that some problems related to SRP may arise in the future on Windows 11. It is also possible that Microsoft will remove SRP on Windows 12. SWH is tested via the Windows Insider program, so any possible problem is recognized in advance and reported on the Dev. Website.</p><p></p><p>The security setup is adjusted to keep usability and prevent fileless malware in the home environment. So, the EXE and MSI files are not restricted in SWH, except when executed from archives and email clients. But non-executable files like scripts, shortcuts, and other files with unsafe extensions are restricted. Such a setup can be very efficient because nowadays, many initial vectors of attack are performed via non-executable files.</p><p></p><p><strong><span style="color: rgb(184, 49, 47)">The more sophisticated attack, the fewer chances that AV can detect it, but the greater chances that SWH can prevent it.</span></strong></p><p></p><p>The restrictions made by SWH can be switched OFF/ON by using two switches on the right of the green buttons: <span style="color: rgb(0, 168, 133)"><strong><Software Restriction Policies></strong></span> and <strong><span style="color: rgb(0, 168, 133)"><Windows Hardening></span></strong>. In the OFF position, the restrictions are remembered and next removed - Windows default settings are applied for previously restricted features. When switching ON, the remembered settings are restored. Furthermore, in the ON position, the configurable settings can be changed by the user from the Settings menu.</p><p></p><p>[ATTACH=full]266763[/ATTACH]</p><p></p><p></p><p># <strong>THE EXE / MSI 0-DAY MALWARE</strong></p><p></p><p>The SWH application does not apply restrictions to EXE and MSI files, because these files are often used to install/update applications. Nowadays, many antivirus solutions have very good detection of such files, as compared to the detection of scripts. But still, the antivirus proactive features can have a problem with 0-day malware. In the home environment, the main delivery vectors of 0-day malware are spam emails and flash drives (USB drives).</p><p></p><p>The user has to be very careful when running EXE/MSI files originating from:</p><ul> <li data-xf-list-type="ul">Internet web links embedded in the emails.</li> <li data-xf-list-type="ul">Attachments embedded in the emails.</li> <li data-xf-list-type="ul">Flash drives (USB drives) shared with other people.</li> </ul><p>When using SWH restrictions, the user can consider the RunBySmartScreen tool. It allows checking any EXE/MSI file against the Microsoft SmartScreen Application Reputation service in the cloud. Many such files are accepted by SmartScreen, and this is the best way to avoid the 0-day malware. If the EXE/MSI file is not recognized by SmartScreen as safe or malicious, then the simplest method is to wait a minimum one day before running the unsafe file. After one day most of the malicious links are dead and most of the 0-day malware samples are properly detected by a good antivirus.</p><p>RunBySmartscreen is available as a part of Hard_Confugurator Hardening Tools (together with ConfigureDefender and FirewallHardening): <a href="https://github.com/AndyFul/ConfigureDefender/tree/master/H_C_HardeningTools" target="_blank">ConfigureDefender/H_C_HardeningTools at master · AndyFul/ConfigureDefender</a></p><p></p><p></p><p><strong># QUICK CONFIGURATION</strong></p><ol> <li data-xf-list-type="ol">Run SWH - the restrictions are automatically configured.</li> <li data-xf-list-type="ol">Log OFF the account or reboot is required, depending on what restrictions were applied in SWH.</li> <li data-xf-list-type="ol"><strong>If MS Office (or Adobe Acrobat Reader) is installed, then it is recommended to apply additional hardening by using the DocumentsAntiExploit tool. More info can be found in the "DocumentsAntiExploit tool - Manual".</strong></li> </ol><p>Please keep updating your system/software. Use SWH on the default settings for some time, until you are accustomed to it. Most users will probably not see any difference, but rarely a legal script or file with an unsafe extension will be blocked by SWH settings. You can use blue buttons <span style="color: rgb(41, 105, 176)"> <strong><View Blocked Events></strong></span> and <strong><span style="color: rgb(41, 105, 176)"><Manage the Whitelist></span></strong> to recognize and whitelist the blocked files. Please be careful, if you are not certain that the blocked file is safe, then wait one day or two before whitelisting it.</p><p></p><p></p><p></p><p><strong># RECOMMENDED SETTINGS</strong></p><p></p><p>[ATTACH=full]266787[/ATTACH]</p><p></p><p>The above settings are installed by default. They are recommended if MS Office and Adobe Acrobat Reader are not installed.</p><p>If MS Office and Adobe Acrobat Reader DC are installed then additional hardening is recommended via the DocumentsAntiExploit tool.</p><ol> <li data-xf-list-type="ol">Recommended settings for Microsoft Defender with ConfigureDefender HIGH Protection Level:<br /> <br /> [ATTACH=full]266789[/ATTACH]<br /> <br /> </li> <li data-xf-list-type="ol">Otherwise:<br /> <br /> [ATTACH=full]266790[/ATTACH]</li> </ol><p></p><p></p><p># <strong>SOFTWARE INCOMPATIBILITIES</strong></p><ol> <li data-xf-list-type="ol">Software Restriction Policies (SRP) used in SWH may conflict with SRP introduced via Group Policy Object (GPO), available in Windows Pro, Education, and Enterprise editions. Before using SWH, the SRP has to be removed from GPO.</li> <li data-xf-list-type="ol">Caution is required when applying policies via GPO on Windows 11 - this can turn OFF the SRP. So, after each GPO session, it is necessary to run and close SWH, which will automatically turn ON the SRP again (Windows restart is required).</li> <li data-xf-list-type="ol">SWH can also conflict with any software that uses SRP, but such applications are rare (CryptoPrevent, SBGuard, AskAdmin). Before using SWH, the conflicting application should be uninstalled.</li> <li data-xf-list-type="ol">It is not recommended to use SWH alongside WindowsHybridHardening and Hard_Configurator. These applications share several settings, which can lead to misconfigurations.</li> <li data-xf-list-type="ol">Windows built-in Software Restriction Policies (SRP) are incompatible with AppLocker. Any active AppLocker rule introduced via GPO or MDM WMI Bridge, turns off SRP. When running SWH, it checks for active AppLocker rules and alerts about the issue.</li> <li data-xf-list-type="ol">The Child Account activated via Microsoft Family Safety also uses AppLocker (via MDM), so SRP cannot work with it. This issue is persistent even after removing the Child Account because (due to a bug) the AppLocker rules are not removed. To recover SRP functionality, one must remove the AppLocker rules manually from the directory %Windir%\System32\AppLocker.</li> </ol><p></p><p><strong><span style="font-size: 18px">SWH vs. ATTACKS IN THE WILD (examples of how SWH works):</span></strong></p><p>In most cases, SWH blocks the attacks at the delivery stage, before the final payload could be dropped/executed.</p><p>Nobelium: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-945840" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Zloader: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-970934" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Log4Shell: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-971687" target="_blank">Q&A - Simple Windows Hardening</a></p><p>GootLoader: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-971785" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Emotet: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973099" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Warzone and AgentTesla: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973109" target="_blank">Q&A - Simple Windows Hardening</a></p><p>AsyncRAT: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973380" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Shuckworm RATS: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973847" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Muddywater: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973919" target="_blank">Q&A - Simple Windows Hardening</a></p><p>SolarMarker: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973934" target="_blank">Q&A - Simple Windows Hardening</a></p><p>BazarLoader: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-974122" target="_blank">Q&A - Simple Windows Hardening</a></p><p>PPAM attack: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-974196" target="_blank">Q&A - Simple Windows Hardening</a></p><p>HTML ---> ISO ---> scripts: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-975059" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Hermetic Wiper: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-976772" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Asylum Ambuscade spear-phishing: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-977598" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Quakbot: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-978585" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Vidar infostealer: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-980775" target="_blank">Q&A - Simple Windows Hardening</a> <strong>(RunBySmartscreen)</strong></p><p>Emotet: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-985880" target="_blank">Q&A - Simple Windows Hardening</a></p><p>IceID (Cobalt Strike, Quantum ransomware): <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-985951" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Fileless RAT (CHM file): <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/page-25#post-988985" target="_blank">Q&A - Simple Windows Hardening</a></p><p>SocGholish: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-989692" target="_blank">Q&A - Simple Windows Hardening</a></p><p>TA551 phishing campaigns: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-989778" target="_blank">Q&A - Simple Windows Hardening</a></p><p>GuLoader: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-989993" target="_blank">Q&A - Simple Windows Hardening</a> <strong>(RunBySmartscreen)</strong></p><p>Follina exploit: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-992545" target="_blank">Q&A - Simple Windows Hardening</a></p><p>AstraLocker 2.0: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-995210" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Raspberry Robin worm: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-995348" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Magniber (CPL variant): <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-998128" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Batloader (MSI <em>PowerShellScriptInline</em> custom action): <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-1014030" target="_blank">Question - Simple Windows Hardening</a></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 892558, member: 32260"] [B]Post updated in September 2024.[/B] [COLOR=rgb(0, 168, 133)][B]SWH works with Windows 10 and 11 (all versions including 24H2) [/B][/COLOR] [HEADING=2]SWH ver. 2.1.1.1 - July 2023 [SIZE=4](added support for Windows 11 ver. 22H2)[/SIZE][/HEADING] [URL unfurl="true"]https://github.com/AndyFul/Hard_Configurator/raw/master/Simple%20Windows%20Hardening/SimpleWindowsHardening_2111.zip[/URL] [HEADING=2]SWH ver. 2.0.0.1 - August 2022 (no support for Windows 11 ver. 22H2)[/HEADING] [URL='https://github.com/AndyFul/Hard_Configurator/raw/master/Simple%20Windows%20Hardening/SimpleWindowsHardening_2001.zip']https://github.com/AndyFul/Hard_Configurator/raw/master/Simple Windows Hardening/SimpleWindowsHardening_2001.zip[/URL] Windows 11 ver. 22H2 (fresh installation) turns off by default Software Restriction Policies. So, SimpleWindowsHardening ver. 2.0.0.1 (and prior) cannot use the SWH options related to SRP. This issue is corrected in version 2.1.1.1. It can also work with enabled Smart App Control. Microsoft documentation for Software Restriction Policies (July 2021): [URL unfurl="true"]https://learn.microsoft.com/en-us/windows-server/identity/software-restriction-policies/software-restriction-policies-technical-overview[/URL] This documentation was made for Windows Server (2012-2022), but SRP works the same on Windows 7, 8, 8.1, 10, and 11. From Windows 11, one has to pay attention to AppLocker policies. [B][SIZE=5]Overview[/SIZE][/B] Simple Windows Hardening (SWH) works on Windows Home and Pro editions. It is a portable application that allows configuring Windows built-in features to support antivirus and prevent fileless malware. SWH is adjusted to the home environment. After the initial configuration, it can be closed and all protection comes from the Windows built-in features. SWH is based on Software Restriction Policies (SRP) and some useful Windows Policies. Users on Windows 11 should bear in mind that Microsoft stopped the development of SRP a few years ago. One cannot exclude the possibility that some problems related to SRP may arise in the future on Windows 11. It is also possible that Microsoft will remove SRP on Windows 12. SWH is tested via the Windows Insider program, so any possible problem is recognized in advance and reported on the Dev. Website. The security setup is adjusted to keep usability and prevent fileless malware in the home environment. So, the EXE and MSI files are not restricted in SWH, except when executed from archives and email clients. But non-executable files like scripts, shortcuts, and other files with unsafe extensions are restricted. Such a setup can be very efficient because nowadays, many initial vectors of attack are performed via non-executable files. [B][COLOR=rgb(184, 49, 47)]The more sophisticated attack, the fewer chances that AV can detect it, but the greater chances that SWH can prevent it.[/COLOR][/B] The restrictions made by SWH can be switched OFF/ON by using two switches on the right of the green buttons: [COLOR=rgb(0, 168, 133)][B]<Software Restriction Policies>[/B][/COLOR] and [B][COLOR=rgb(0, 168, 133)]<Windows Hardening>[/COLOR][/B]. In the OFF position, the restrictions are remembered and next removed - Windows default settings are applied for previously restricted features. When switching ON, the remembered settings are restored. Furthermore, in the ON position, the configurable settings can be changed by the user from the Settings menu. [ATTACH type="full" alt="1652994197094.png"]266763[/ATTACH] # [B]THE EXE / MSI 0-DAY MALWARE[/B] The SWH application does not apply restrictions to EXE and MSI files, because these files are often used to install/update applications. Nowadays, many antivirus solutions have very good detection of such files, as compared to the detection of scripts. But still, the antivirus proactive features can have a problem with 0-day malware. In the home environment, the main delivery vectors of 0-day malware are spam emails and flash drives (USB drives). The user has to be very careful when running EXE/MSI files originating from: [LIST] [*]Internet web links embedded in the emails. [*]Attachments embedded in the emails. [*]Flash drives (USB drives) shared with other people. [/LIST] When using SWH restrictions, the user can consider the RunBySmartScreen tool. It allows checking any EXE/MSI file against the Microsoft SmartScreen Application Reputation service in the cloud. Many such files are accepted by SmartScreen, and this is the best way to avoid the 0-day malware. If the EXE/MSI file is not recognized by SmartScreen as safe or malicious, then the simplest method is to wait a minimum one day before running the unsafe file. After one day most of the malicious links are dead and most of the 0-day malware samples are properly detected by a good antivirus. RunBySmartscreen is available as a part of Hard_Confugurator Hardening Tools (together with ConfigureDefender and FirewallHardening): [URL='https://github.com/AndyFul/ConfigureDefender/tree/master/H_C_HardeningTools']ConfigureDefender/H_C_HardeningTools at master · AndyFul/ConfigureDefender[/URL] [B]# QUICK CONFIGURATION[/B] [LIST=1] [*]Run SWH - the restrictions are automatically configured. [*]Log OFF the account or reboot is required, depending on what restrictions were applied in SWH. [*][B]If MS Office (or Adobe Acrobat Reader) is installed, then it is recommended to apply additional hardening by using the DocumentsAntiExploit tool. More info can be found in the "DocumentsAntiExploit tool - Manual".[/B] [/LIST] Please keep updating your system/software. Use SWH on the default settings for some time, until you are accustomed to it. Most users will probably not see any difference, but rarely a legal script or file with an unsafe extension will be blocked by SWH settings. You can use blue buttons [COLOR=rgb(41, 105, 176)] [B]<View Blocked Events>[/B][/COLOR] and [B][COLOR=rgb(41, 105, 176)]<Manage the Whitelist>[/COLOR][/B] to recognize and whitelist the blocked files. Please be careful, if you are not certain that the blocked file is safe, then wait one day or two before whitelisting it. [B]# RECOMMENDED SETTINGS[/B] [ATTACH type="full" alt="1653080690834.png"]266787[/ATTACH] The above settings are installed by default. They are recommended if MS Office and Adobe Acrobat Reader are not installed. If MS Office and Adobe Acrobat Reader DC are installed then additional hardening is recommended via the DocumentsAntiExploit tool. [LIST=1] [*]Recommended settings for Microsoft Defender with ConfigureDefender HIGH Protection Level: [ATTACH type="full" alt="1653081203691.png"]266789[/ATTACH] [*]Otherwise: [ATTACH type="full" alt="1653081292321.png"]266790[/ATTACH] [/LIST] # [B]SOFTWARE INCOMPATIBILITIES[/B] [LIST=1] [*]Software Restriction Policies (SRP) used in SWH may conflict with SRP introduced via Group Policy Object (GPO), available in Windows Pro, Education, and Enterprise editions. Before using SWH, the SRP has to be removed from GPO. [*]Caution is required when applying policies via GPO on Windows 11 - this can turn OFF the SRP. So, after each GPO session, it is necessary to run and close SWH, which will automatically turn ON the SRP again (Windows restart is required). [*]SWH can also conflict with any software that uses SRP, but such applications are rare (CryptoPrevent, SBGuard, AskAdmin). Before using SWH, the conflicting application should be uninstalled. [*]It is not recommended to use SWH alongside WindowsHybridHardening and Hard_Configurator. These applications share several settings, which can lead to misconfigurations. [*]Windows built-in Software Restriction Policies (SRP) are incompatible with AppLocker. Any active AppLocker rule introduced via GPO or MDM WMI Bridge, turns off SRP. When running SWH, it checks for active AppLocker rules and alerts about the issue. [*]The Child Account activated via Microsoft Family Safety also uses AppLocker (via MDM), so SRP cannot work with it. This issue is persistent even after removing the Child Account because (due to a bug) the AppLocker rules are not removed. To recover SRP functionality, one must remove the AppLocker rules manually from the directory %Windir%\System32\AppLocker. [/LIST] [B][SIZE=5]SWH vs. ATTACKS IN THE WILD (examples of how SWH works):[/SIZE][/B] In most cases, SWH blocks the attacks at the delivery stage, before the final payload could be dropped/executed. Nobelium: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-945840']Q&A - Simple Windows Hardening[/URL] Zloader: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-970934']Q&A - Simple Windows Hardening[/URL] Log4Shell: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-971687']Q&A - Simple Windows Hardening[/URL] GootLoader: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-971785']Q&A - Simple Windows Hardening[/URL] Emotet: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973099']Q&A - Simple Windows Hardening[/URL] Warzone and AgentTesla: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973109']Q&A - Simple Windows Hardening[/URL] AsyncRAT: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973380']Q&A - Simple Windows Hardening[/URL] Shuckworm RATS: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973847']Q&A - Simple Windows Hardening[/URL] Muddywater: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973919']Q&A - Simple Windows Hardening[/URL] SolarMarker: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973934']Q&A - Simple Windows Hardening[/URL] BazarLoader: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-974122']Q&A - Simple Windows Hardening[/URL] PPAM attack: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-974196']Q&A - Simple Windows Hardening[/URL] HTML ---> ISO ---> scripts: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-975059']Q&A - Simple Windows Hardening[/URL] Hermetic Wiper: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-976772']Q&A - Simple Windows Hardening[/URL] Asylum Ambuscade spear-phishing: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-977598']Q&A - Simple Windows Hardening[/URL] Quakbot: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-978585']Q&A - Simple Windows Hardening[/URL] Vidar infostealer: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-980775']Q&A - Simple Windows Hardening[/URL] [B](RunBySmartscreen)[/B] Emotet: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-985880']Q&A - Simple Windows Hardening[/URL] IceID (Cobalt Strike, Quantum ransomware): [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-985951']Q&A - Simple Windows Hardening[/URL] Fileless RAT (CHM file): [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/page-25#post-988985']Q&A - Simple Windows Hardening[/URL] SocGholish: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-989692']Q&A - Simple Windows Hardening[/URL] TA551 phishing campaigns: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-989778']Q&A - Simple Windows Hardening[/URL] GuLoader: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-989993']Q&A - Simple Windows Hardening[/URL] [B](RunBySmartscreen)[/B] Follina exploit: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-992545']Q&A - Simple Windows Hardening[/URL] AstraLocker 2.0: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-995210']Q&A - Simple Windows Hardening[/URL] Raspberry Robin worm: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-995348']Q&A - Simple Windows Hardening[/URL] Magniber (CPL variant): [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-998128']Q&A - Simple Windows Hardening[/URL] Batloader (MSI [I]PowerShellScriptInline[/I] custom action): [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-1014030']Question - Simple Windows Hardening[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
