Nexus

Home
Science
Politics
Technology
Space
News
Health

Home Unlabelled Blocking outbound PowerShell traffic using the Windows Firewall

Blocking outbound PowerShell traffic using the Windows Firewall

Wednesday, March 01, 2017

Read

Some malware use PowerShell to download additional components, such as highlighted in the blog posting found at https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/. To block outbound traffic using the Windows Firewall, add two rules:

64-bit

%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

32-bit

%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe

To test the rule, use the command below.

cmd /c PowerShell (New-Object System.Net.Webclient).DownloadFile('http://test.com','%TMP%\test.txt');

The following commands can be excuted as a test within PowerShell.

$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile("http://www.test.com/","%TEMP%")

Blocking outbound PowerShell traffic using the Windows Firewall

Blocking outbound PowerShell traffic using the Windows Firewall

Reviewed by 0x000216 on Wednesday, March 01, 2017 Rating: 5

Tags :

Share it Tweet it Share it Share it Pin it

You Might Also Like

Recent Posts

Facebook

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us