Reading 20 - Foodisthebest/401-Reading-Notes GitHub Wiki

Readings: Remote Code Execution

Below you will find reading materials and additional resources that support today’s topic and the upcoming lecture.

Review the Submission Instructions for guidance on completing and submitting this assignment.


Cyber Threat Analyst: Key Job Skills and Expected Salary

Tracking, Detecting, and Thwarting PowerShell-based Malware and Attacks

You just_ got a new job as a Cyber Threat Analyst, how would you explain your role to a family member?_ __

  • A Cyber Threat Analyst watches over computer networks (i.e. groups of computers and/or servers at home or a business) to make sure that bad actors don't get into your computer and/or home/business networks. We do this by using software that monitors exactly where computer/internet traffic is coming to/from, what information is being sent over a network, and what activities are being done an individual device.

**Explain what makes PowerShell such an effective attack vector. **

  • Because PowerShell is widely deployed and has access to all parts of a host (via the .NET framework), hackers can inject payloads into apps or use scripting. Because developing scripts for payload delivery is easy, and because PowerShell is a trusted application, it's almost always allowed to execute scripts.

What are two things you can do to mitigate attacks that leverage PowerShell?