How one can detect and remove the remote command execution tool DoublePulsar?

In April 2017 a hacker group called The Shadow Brokers has leaked a set of Windows exploits developed by the NSA. One of these exploits, called EternalBlue, was used to install on a compromised computer a remote command execu… Continue reading How one can detect and remove the remote command execution tool DoublePulsar?

My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?

My AV sends an export by-weekly with all the scripts that ran in my environment.It can not determine if its a malicious script or benign. After I receive the export the list is about 70k scripts long. I look at all the applic… Continue reading My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?

My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?

My AV sends an export bi-weekly with all the scripts that ran in my environment. It cannot determine if it’s a malicious script or a benign one. After I receive the export the list is about 70k scripts long. I look at all th… Continue reading My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?

My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?

My AV sends an export bi-weekly with all the scripts that ran in my environment. It cannot determine if it’s a malicious script or a benign one. After I receive the export the list is about 70k scripts long. I look at all th… Continue reading My AV gives me a export of all the scripts that run in my environment every 2 weeks. How do I spot malicious scripts?

How to protect open ports for Services/Programs needed for network connectivity?

I’ve noticed a number of Windows services required for network connectivity maintain open ports.

What can be done to ensure Service functionality without allowing the always-open ports to act as a network liability (i.e. hacking vulnerabi… Continue reading How to protect open ports for Services/Programs needed for network connectivity?