kdodge Posted June 16, 2019 Share Posted June 16, 2019 (edited) [deleted] Edited October 1, 2021 by kdodge Quote Link to comment Share on other sites More sharing options...
whiteknight Posted June 21, 2019 Share Posted June 21, 2019 Yeah, "here's an executable you run it." is not a great approach. I have seen a "killswitch" in action deployed en mass. You want to hook the .dll (possibly even replace the windows version of the .dll). By grabbing it at the OS level there is a less noticeable action/reaction to the plugging in of usb devices. If the machine just turns off the port/device then mitigation has occurred. Have windows log the time, users logged into the machine and other details for automated reporting. The "attacker," who could be a disgruntled employee, will think the machine is locked down, or even that his attack was successfully silent. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.