401 Reading 26 - marsecguy/reading-notes-cyberops GitHub Wiki

Cyber Threat Analysis

1. You just got a new job as a Cyber Threat Analyst, how would you explain your role to a family member?

   • A cyber threat analyst monitors their organization's network for attacks and mitigates those threats. They also proactively seek vulnerabilities and work to close them.

2. Explain what makes PowerShell such an effective attack vector.

   • It is a trusted application, so scripts run through it will nearly always be accepted and won't need extra permissions to run
   • It has access to deep within the OS system to be able to effect deeper, more persistent changes
   • It enables "living off the land" where files don't need to be downloaded that my be caught by firewalls or anti-malware programs

3. What are two things you can do to mitigate attacks that leverage PowerShell?

   • Utilize script block logging
   • Use an automated log analysis tool, such as Trend Micro Deep Security

Sources: Spiceworks TrendMicro