Remote Code Execution - focodecided/ops401-cybersecurity GitHub Wiki

1. You just got a new job as a Cyber Threat Analyst, how would you explain your role to a family member?

I would explain that as a Cyber Threat Analyst, my role is to help protect my company's computer systems and data from cyberattacks. I monitor the systems to identify any security issues or vulnerabilities, and investigate any potential cyber threats. I also make recommendations on improving security and help train employees on cybersecurity best practices.

2. Explain what makes PowerShell such an effective attack vector.

PowerShell is an effective attack vector because it is a built-in and trusted Windows tool used by system administrators, so malicious scripts executed through PowerShell can avoid detection by security software. Also, PowerShell provides deep access to Windows components and systems, allowing attackers to carry out damaging attacks once they gain access.

3. What are two things you can do to mitigate attacks that leverage PowerShell?

Two things you can do to mitigate PowerShell attacks are: Enable detailed logging of PowerShell activity through Group Policy so you can monitor and analyze PowerShell usage to identify any suspicious behavior. Use security solutions like antivirus with behavior monitoring that can detect anomalous PowerShell activity and script executions. Solutions like Trend Micro Deep Security can analyze PowerShell logs and highlight risky events.

Sources:

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/tracking-detecting-and-thwarting-powershell-based-malware-and-attacks https://www.spiceworks.com/it-security/vulnerability-management/articles/cyber-threat-analyst-key-jobs-and-salary/