-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create mitigations.md #52
Conversation
This adds a space to put ways to mitigate the viruses effects, will compile from what we have in other spots
Could you mark this as a draft? |
done |
Also should close issue 14 |
General | ||
- **Do not use a VM it can escape** | ||
- set 'neko.run' to an empty string | ||
* May change due to Stage 1 sourcing | ||
- protect your startup programs | ||
- Sandbox mincraft to only acess '.minecraft' and its recursive descendants and the internet | ||
|
||
Windows | ||
|
||
- Delete the 'C:\Users\[User]\AppData\Local\Microsoft Edge' path, however this is a removal of the virus so password change is necssary | ||
- Password protect editing of registy 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ||
|
||
Linux | ||
- Premake ~\.config.\data dirrectroy, make it owned by root. Then set Immutable Flag | ||
* prevents stage 2 saving |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this section needs a bit of rework such as formatting and paths
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good, i was just setting up an outline
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed merge conflicts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better formatting, see suggestions.
@@ -0,0 +1,15 @@ | |||
General |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
General | |
# Mitigations | |
Temporary mitigations to prevent infections and stop the malware from running. These are not a permenant solution. | |
## General |
- protect your startup programs | ||
- Sandbox mincraft to only acess '.minecraft' and its recursive descendants and the internet | ||
|
||
Windows |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Windows | |
## Windows |
- Delete the 'C:\Users\[User]\AppData\Local\Microsoft Edge' path, however this is a removal of the virus so password change is necssary | ||
- Password protect editing of registy 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ||
|
||
Linux |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Linux | |
## Linux |
I dont think this is needed - Mitigations are already listed in users.md, these can all be bypassed by a C2 update anyway. |
This adds a space to put ways to mitigate the viruses effects, will compile from what we have in other spots