Ransomware & Delete Volume Shadow Copies
TitleĀ Common Threat Actors TTPs: Execute Ransomware and Delete Volume Shadow CopiesĀ ObjectiveĀ Auto-Containment for Immediate BlockingĀ RequirementsĀ Windows 10 Lab MachineĀ Ā Windows 2019 ServerĀ A C2 platform running with .NetĀ Basic file encryption of RansomwareĀ Zscaler Active DefenseĀ Fortinet Fortigate FirewallĀ ScopeĀ One victimās windows machine (Joined Domain)Ā One attackerās machineĀ One Windows 2019 […]