rubencastello90 1 Posted May 8 Share Posted May 8 (edited) Hello, Some of my clients are being audited by third party pentesters and I noticed that they use powershell scripts in order to simulate RANSOMWARE encryptions and generate panic on them indicating that they were able to encrypt files on computers. Some of those test, have compromised physical the machine, asking the user to leave them 5 min the computer in order to fix it. So, access gain to machine was easy. No point here to investigate. I'm a little bit worried because I tried today on my own with a Windows Server with ESET last version and encryption ended successfully without any alert on ESET. Anything I'm missing up? Used script that found: https://github.com/lawndoc/RanSim License used: Eset protect Entry. Should a superior license like XDR detect it? Edited May 8 by rubencastello90 new title Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.