[Owasp-egypt] Ransomware

Hassan Mourad hassan.mourad at owasp.org
Thu Jun 30 10:19:17 UTC 2016


And what do you think about using honey tokens for early detection
On Jun 30, 2016 10:24 AM, "Saafan, A." <a.m.saafan at gmail.com> wrote:

> Some measures I found helpful:
>
>    - Prevent files from running from %temp% and %appdata% using group
>    policy
>    - Block office macros on all users with a very tight exception process
>    - Prevent cmd and powershell for normal users
>    - Administrative users to use a non-administrative account for daily
>    interactions (office, web...etc) and use separate account for their
>    administrative actions (preferably via a staging server).
>
>
>
>
> --
> Saafan
>
> On Thu, Jun 30, 2016 at 9:37 AM, Hassan Mourad <hassan.mourad at owasp.org>
> wrote:
>
>> I came across this comprehensive list of ransomware and thought i'd share
>> it with you
>>
>>
>> https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
>>
>> Not AppSec, but definitely a nightmare for everyone in the security field
>>
>> What do you think is the best defense against ransomware
>>
>> Hassan
>>
>> _______________________________________________
>> Owasp-egypt mailing list
>> Owasp-egypt at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-egypt
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-egypt/attachments/20160630/ef298567/attachment.html>


More information about the Owasp-egypt mailing list