From f6e1cd810c06f86f1b9ee564fa028cc847f0f25c Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Sun, 24 Dec 2023 14:06:55 +0100 Subject: [PATCH] SOCIAL - Cards --- .github/workflows/ci.yml | 1 + docs/redteam/evasion/windows-defenses.md | 6 +++--- mkdocs.yml | 7 ++++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1dbc62e..7c65f68 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,4 +20,5 @@ jobs: - run: pip install mkdocs-material - run: pip install mkdocs-git-revision-date-localized-plugin - run: pip install mkdocs-git-committers-plugin + - run: pip install mkdocs-material[imaging] - run: mkdocs gh-deploy --force diff --git a/docs/redteam/evasion/windows-defenses.md b/docs/redteam/evasion/windows-defenses.md index 00f5fe4..48667ea 100644 --- a/docs/redteam/evasion/windows-defenses.md +++ b/docs/redteam/evasion/windows-defenses.md @@ -302,11 +302,11 @@ The most common bypassing technique is patching the function `EtwEventWrite` whi > Attack Surface Reduction (ASR) refers to strategies and techniques used to decrease the potential points of entry that attackers could use to exploit a system or network. ```ps1 -Add-MpPreference -AttackSurfaceReductionRules_Ids 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions AuditMode -Add-MpPreference -AttackSurfaceReductionRules_Ids 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Enabled +Add-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions AuditMode +Add-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions Enabled ``` -| Description | Ids | +| Description | Id | |---------------------------------------------------------------------------|--------------------------------------| | Block execution of potentially obfuscated scripts | 5beb7efe-fd9a-4556-801d-275e5ffc04cc | | Block JavaScript or VBScript from launching downloaded executable content | d3e037e1-3eb8-44c8-a917-57927947596d | diff --git a/mkdocs.yml b/mkdocs.yml index 3c3f547..892d9f8 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -40,11 +40,12 @@ markdown_extensions: - pymdownx.snippets - attr_list - pymdownx.emoji: - emoji_index: !!python/name:materialx.emoji.twemoji - emoji_generator: !!python/name:materialx.emoji.to_svg + emoji_index: !!python/name:material.extensions.emoji.twemoji + emoji_generator: !!python/name:material.extensions.emoji.to_svg repo_url: https://github.com/swisskyrepo/InternalAllTheThings/ edit_uri: edit/master/ plugins: - search - - git-revision-date-localized \ No newline at end of file + - git-revision-date-localized + - social \ No newline at end of file