Security News > 2024 > July > The Power and Peril of RMM Tools

The Power and Peril of RMM Tools
2024-07-30 11:26

Abusing existing RMM tools: Attackers gain initial access to an organization's network using preexisting RMM tools.

Installing new RMM tools: Attackers install their preferred RMM tools by first gaining access to the network.

It's important to note that creating WDAC policies requires administrative privileges, and deploying them via Group Policy requires domain administrative privileges.

Open PowerShell with administrative privileges Create a new policy: You can create a new policy using the New-CIPolicy cmdlet.

Fallback Hash means that if the file is not signed, the policy will allow it based on its hash,-Enable means that the policy will be enabled, and -OutputFilePath specifies the path where the policy will be saved.

You can convert the policy using the ConvertFrom-CIPolicy cmdlet: ConvertFrom-CIPolicy -XmlFilePath "C:PathToPolicy.xml" -BinaryFilePath "C:PathToPolicy.bin" Deploy the policy: You can deploy the policy using the group policy management console.


News URL

https://thehackernews.com/2024/07/the-power-and-peril-of-rmm-tools.html