Listen to this Post
In this article, Nathan McNulty emphasizes the importance of implementing security controls to block commonly abused applications. He highlights that while these controls may not deter skilled attackers, they are effective against less sophisticated threats. Nathan recommends using Access Packages to govern access to risky apps and provides automation scripts for setup:
– Automation Script for Access Packages: https://lnkd.in/gCEU_XMV
Nilotpal Sarkar further discusses the Zero Trust Principles and the Least Privileged Access Model, advocating for restricting access to PowerShell modules and Graph Explorer to mitigate insider threats and reconnaissance activities.
Practice-Verified Commands and Codes
Here are some practical commands and scripts to implement the discussed security measures:
1. Restricting PowerShell Modules:
Use the following PowerShell command to restrict access to specific modules:
Set-ExecutionPolicy -ExecutionPolicy Restricted -Scope LocalMachine
2. Locking Down Graph Explorer Access:
Use Azure CLI to restrict access to Graph Explorer:
az ad sp update --id <app-id> --add properties.requiredResourceAccess <resource-access-id>
3. Automating Access Packages with PowerShell:
Use Nathan’s provided script to automate Access Packages for risky apps:
<h1>Download and run the script</h1> Invoke-WebRequest -Uri "https://lnkd.in/gCEU_XMV" -OutFile "AccessPackageAutomation.ps1" .\AccessPackageAutomation.ps1
What Undercode Say
The article underscores the critical role of security controls in mitigating threats, particularly against less sophisticated attackers. By locking down access to commonly abused applications and PowerShell modules, organizations can significantly reduce their attack surface. Nathan’s automation script for Access Packages simplifies the implementation of these controls, making it accessible for organizations of all sizes.
Nilotpal’s emphasis on Zero Trust Principles and the Least Privileged Access Model highlights the need for a proactive approach to security. Restricting access to tools like PowerShell and Graph Explorer is essential to prevent reconnaissance and insider threats.
To further enhance your security posture, consider implementing the following Linux and Windows commands:
- Linux Command to Monitor User Activity:
auditctl -w /etc/passwd -p wa -k user_changes
-
Windows Command to Enable Auditing:
auditpol /set /category:"Account Logon" /success:enable /failure:enable
-
Linux Command to Restrict SSH Access:
sudo nano /etc/ssh/sshd_config</p></li> </ul> <h1>Add the following line:</h1> <p>AllowUsers <username>
- Windows Command to Disable Unused Services:
Get-Service | Where-Object { $<em>.Status -eq "Running" -and $</em>.StartType -eq "Automatic" } | Stop-Service -Force
By combining these practices with the principles discussed in the article, organizations can build a robust defense against both external and internal threats. For further reading on Zero Trust and security automation, visit:
– Microsoft Zero Trust Framework
– PowerShell Documentation
– Azure CLI DocumentationReferences:
Hackers Feeds, Undercode AI

- Windows Command to Disable Unused Services:


