-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invoke-Phant0m detecting #3
Comments
You can restrict the type of powershell language for this type of attacks to be ineffective. https://itfordummies.net/2015/06/01/powershell-constrained-mode/ Regards. |
And how Can I detect it? |
I wrote the script author about your question. As soon as we know something we tell you. |
Here is what he told me: Hi, Thank you for your interest. Basically, you need to watch endpoint system for detecting attacks like Invoke-Phant0m. I would recommend you to check this resources; https://securitylogsdotorg.files.wordpress.com/2017/06/bsides-athens-sysmon-final.pdf Regards. |
How Can I detect this attack and prevent it?
The text was updated successfully, but these errors were encountered: