|
@drshellface | |||||
|
1. Windows Defender 2. EDR 3. Automated defanging of documents 4. Disabling macros, OLE, DDE, etc. 5. Disabling Windows Script Hosting 6. Private VLANs 7. Application whitelisting 8. Users not being local admins 9. 2FA on everything 10. Up-to-date patching twitter.com/jhencinski/sta…
|
||||||
|
||||||
|
Richard Gold
@drshellface
|
29. sij |
|
1. EDR if you can afford it, Windows Defender if you can’t.
That frees up one extra point for Powershell security measures such as Constrained Language mode: digitalshadows.com/blog-and-resea… H/T: @isidor_mon
|
||
|
|
||
|
Charles
@maxdose_
|
28. sij |
|
Host isolation!
|
||
|
|
||
|
Richard Gold
@drshellface
|
29. sij |
|
If you can do it via Private VLANs, then great. If not, Windows Firewall can do it.
|
||
|
|
||
|
Russ
@rustla
|
29. sij |
|
Lots of cross over with ACSC guidance 👌🏻 cyber.gov.au/publications/e…
|
||
|
|
||
|
Richard Gold
@drshellface
|
29. sij |
|
Indeed: digitalshadows.com/blog-and-resea… :-) I’m a big fan!
|
||
|
|
||
|
Kevin Bryant
@CyberScapegoat
|
29. sij |
|
What do you suggest for automatic defanging of documents?
|
||
|
|
||
|
Richard Gold
@drshellface
|
29. sij |
|
Some kind of email filtering gateway or cloud service. There’s a few options out there!
|
||
|
|
||
|
Blackfire
@Blackfi21021372
|
29. sij |
|
Wonder what the Linux variation would be
|
||
|
|
||
|
Richard Gold
@drshellface
|
29. sij |
|
Panic? :-(
|
||
|
|
||
|
Dillon Korman
@dillonkorman
|
29. sij |
|
What do you mean by automatic defanging of documents?
|
||
|
|
||
|
Richard Gold
@drshellface
|
29. sij |
|
Turning MS Office documents into PDFs, for example.
|
||
|
|
||