I.e., don't focus on making the attacker's life harder by constraining yourself to their playing field, but rather focus on making the defender's life easier by focusing on the things that we control
Great point, and our industry misses opportunities for this all the time. When we were looking to make PowerShell less attractive to attackers, attempting only to remove its power would have been a fool's errand.
By focusing on making it the noisiest possible tool to use, we made far more progress: https://devblogs.microsoft.com/powershell/powershell-the-blue-team/
Lee Holmes :donor:
npub10n…yvymp
2024-10-17 16:41:59 UTC
in reply to nevent1q…2tws
Author Public Key
npub10nrg25d2v23mxukzvqtptr25cp6dlsxzwunm7jnsd5cavkmsmc8svyvympSeen on
wss://relay.momostr.pinkPublished at
2024-10-17 16:41:59 UTCEvent JSON
{
"id": "30b133d92f7a937587b3b8eb1c036d27defaddb675b0cc91ff66dcffd34573fa",
"pubkey": "7cc68551aa62a3b372c26016158d54c074dfc0c27727bf4a706d31d65b70de0f",
"created_at": 1729183319,
"kind": 1,
"tags": [
[
"p",
"81540706346e051fa2dd7bec0baf9a16d0c403595df00e64041ca7f18c88ca12"
],
[
"p",
"eb8ff7c0f471777ca6b667ae615b056e13cbe0f456b28867edb76971f958fee2"
],
[
"e",
"2e1822adac0c8751763e677d9ff32d9973651ce59dec84b5466899d94a9be096",
"",
"reply",
"eb8ff7c0f471777ca6b667ae615b056e13cbe0f456b28867edb76971f958fee2"
],
[
"proxy",
"https://infosec.exchange/@Lee_Holmes/113323757993889547",
"web"
],
[
"e",
"9846aa0a92cdad3d1d44991359776f2bfaba1a207d4c0919de3450db882cf040",
"",
"root",
"eb8ff7c0f471777ca6b667ae615b056e13cbe0f456b28867edb76971f958fee2"
],
[
"p",
"3d35aa8bf9af9992893d4eb46ad155a70ec2b907d7928bc54b5112efa8727566"
],
[
"proxy",
"https://infosec.exchange/users/Lee_Holmes/statuses/113323757993889547",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/Lee_Holmes/statuses/113323757993889547",
"pink.momostr"
],
[
"-"
]
],
"content": "I.e., don't focus on making the attacker's life harder by constraining yourself to their playing field, but rather focus on making the defender's life easier by focusing on the things that we control\n\n\n\nGreat point, and our industry misses opportunities for this all the time. When we were looking to make PowerShell less attractive to attackers, attempting only to remove its power would have been a fool's errand.\n\nBy focusing on making it the noisiest possible tool to use, we made far more progress: https://devblogs.microsoft.com/powershell/powershell-the-blue-team/",
"sig": "26ccec6a971c2f5313bc8e2c01871b8bea972d270100f1c5e4491ff5cb77d0c239defdb840125991dace2dc5e3b1acf3e1e4f648c2506f4d8d56c9c44374a365"
}