Jump to content



Recommended Posts

Yeah, "here's an executable you run it." is not a great approach.

I have seen a "killswitch" in action deployed en mass. You want to hook the .dll (possibly even replace the windows version of the .dll). By grabbing it at the OS level there is a less noticeable action/reaction to the plugging in of usb devices. If the machine just turns off the port/device then mitigation has occurred. Have windows log the time, users logged into the machine and other details for automated reporting. The "attacker," who could be a disgruntled employee, will think the machine is locked down, or even that his attack was successfully silent. 

  • Like 1
Link to comment
Share on other sites

  • kdodge changed the title to [deleted]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...