 |
Post At7pHKGIZtjcR3B2Ia by [email protected] |
 |
More posts by [email protected] |
|
Post #At7FzgdJAQn6D4nERc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
More Win+R Powershell stuff: https://www.cloudsek.com/blog/byte-bandits-how-fak… |
|
|
|
Post #At7Zcuw9ojdKzo1uPQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
I guess I can include the IOCs, but the biggest thing is users allowed to Win+R… |
|
|
|
Post #At7Zcv3xLjs7Nzg8Z6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w I keep yelling at mgmt to harden PS bc of this. Oh well..Curious though: … |
|
|
|
Post #At7dHSxD3uMXwYY57g by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w Interesting, looks like the same campaign described here: https://x.com/s… |
|
|
|
Post #At7dnvSId6j7bcZJuy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@bulborb That does look very similar. Why change if it keeps working, I guess. … |
|
|
|
Post #At7pHK0LXCyTdZiIQy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@AwkwardTuring It depends on the org. If you can disable PS completely, go for … |
|
|
|
Post #At7pHK8r1ZmQ3xh5hA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @AwkwardTuring it's part of the ClickFix and fake captcha attack path… |
|
|
|
Post #At7pHKGIZtjcR3B2Ia by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @cR0w ya, figured. Just didn't think that mgmt could be hesitan… |
