yet another it blog
Many times when inspecting logs you may encounter security identifiers (SID) instead of usernames. What if you would like to know the account behind this security identifier? This can be easily done with few line of PowerShell. Simple and quick.
A lot of malware uses common tools built into Windows for downloading payloads from remote servers. (Image Copyright Sophos Labs) Many of Antivirus and intrusion detection systems can block these kind of activities but similar protection can be done for no additional costs with Group Policy & Windows Firewall. Blocking PowerShell and other tools from …
Continue reading “Block malware with Windows Firewall and Group Policies”