Read: Class 26 Remote Code Execution
- Cyber Threat Analyst: Key Job Skills and Expected Salary
- Tracking, Detecting, and Thwarting PowerShell-based Malware and Attacks
You just got a new job as a Cyber Threat Analyst, how would you explain your role to a family member?
My job is to identify and reduce security risks to a company's computer networks and information systems. I monitor the network for threats like malicious software, hacker attacks, and careless or unaware employees. When I detect suspicious activity, I investigate further to determine if it's a real threat. If so, I work with the IT and security teams to stop the threat and prevent it from causing damage. I also make recommendations on how to improve the company's security and reduce risks in the future.
It gives deep access to the operating system. PowerShell commands can access and modify almost any part of a Windows system. This gives attackers extensive capabilities once they compromise PowerShell. PowerShell is trusted and often run with high privileges. Since PowerShell is a legitimate administration tool, it runs with full access by default. This means attackers can abuse PowerShell's privileges to cause damage.
Enable PowerShell logging and monitoring. Features like module logging, transcription, and script block logging can detect suspicious PowerShell activity and commands. Monitoring tools can detect obfuscated commands. Implement a detection and response solution to identify suspicious PowerShell techniques. Technologies like behaviour analytics and threat intelligence can detect common attacker techniques and respond quickly.