a.m.saafan at gmail.com
Thu Jun 30 10:29:09 UTC 2016
I find it useful to protect against exfiltration / targeted type attacks.
Not sure about ransomware. I am thinking by the time responders are to act
based on the alert, big part of the damage would have already been done.
Maybe in a more mature an environment where the incident response is very
Do you know of a ransomware that goes for lateral movement using tokens?
On Thu, Jun 30, 2016 at 12:19 PM, Hassan Mourad <hassan.mourad at owasp.org>
> And what do you think about using honey tokens for early detection
> On Jun 30, 2016 10:24 AM, "Saafan, A." <a.m.saafan at gmail.com> wrote:
>> Some measures I found helpful:
>> - Prevent files from running from %temp% and %appdata% using group
>> - Block office macros on all users with a very tight exception process
>> - Prevent cmd and powershell for normal users
>> - Administrative users to use a non-administrative account for daily
>> interactions (office, web...etc) and use separate account for their
>> administrative actions (preferably via a staging server).
>> On Thu, Jun 30, 2016 at 9:37 AM, Hassan Mourad <hassan.mourad at owasp.org>
>>> I came across this comprehensive list of ransomware and thought i'd
>>> share it with you
>>> Not AppSec, but definitely a nightmare for everyone in the security field
>>> What do you think is the best defense against ransomware
>>> Owasp-egypt mailing list
>>> Owasp-egypt at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-egypt