UltimateAppLockerByPassList
CryptoBlocker
UltimateAppLockerByPassList | CryptoBlocker | |
---|---|---|
4 | 4 | |
1,816 | 202 | |
- | - | |
2.1 | 0.0 | |
8 months ago | over 4 years ago | |
PowerShell | PowerShell | |
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
UltimateAppLockerByPassList
-
AppLocker - Deny vs Allow and Except
Check out the Ultimate AppLocker Bypass list and add those https://github.com/api0cradle/UltimateAppLockerByPassList
-
FSRM saved our asses
Too bad it's trivial to bypass. My favorite bypass is through alternate data streams, which Applocker is unaware of.
-
What group policy rule should ever network have?
Remember to block these writable paths in under c:\Windows: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md
- Safe powershell
CryptoBlocker
- New FSRM Crypto extensions list?
-
CryptoBlocker Question
For those familiar with CryptoBlocker (https://github.com/nexxai/CryptoBlocker) for FSRM, how do you handle updating the list of known bad extensions?
-
Cybersecurity Brief: Ransomware Attacks on Schools Increase.
Utilize file screens via the built in windows "File server resource manager" even better if you automate the updating via this script. to prevent the ransomware's ability to modify files.
- FSRM saved our asses
What are some alternatives?
HardeningKitty - HardeningKitty - Checks and hardens your Windows configuration
FSRM-ANTICRYPTO - Protect servers against crypto attacks
AaronLocker - Robust and practical application control for Windows
LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
GoodHound - Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
PWF - Practical Windows Forensics Training
cobalt-arsenal - My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Purpleteam - Purpleteam scripts simulation & Detection - trigger events for SOC detections
BlueTeam.Lab - Blue Team detection lab created with Terraform and Ansible in Azure.
awesome-lists - Security lists for SOC detections