Turn on Hyper V on Windows 10
Tip # 1: Turn on Hyper V on Windows 10
Windows 10 introduced Virtual Secure Mode (VSM). This technology is enabled by turning-on Hyper-V and it protects the LSASS process from password dumping.
VSM protects credentials stored in LSASS. It will help defend against tools such as Mimikatz, PwDump, gsecdump, and secretsdump.py
We should note however that not all credentials are stored in LSASS. Additional security countermeasures should be implemented to harden Windows machines against other types of credentials dumping attacks. Furthermore, adversaries may disable Hyper-V. Hence this cyber defence tactic should be used in conjunction with hardening settings to prevent and detect downgrade attacks.
Enable Hyper-V Using PowerShell
- Open a PowerShell console as Administrator
- Run the following command: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
Enable the Hyper-V role Through 'Apps and Features'
- Right click on the Windows button and select 'Apps and Features'
- Select 'Programs and Features' on the right under related settings
- Select 'Turn Windows Features on or off'
- Select Hyper-V and click OK.
- Reboot machine
Virtual Secure Mode
Here's a diagram from Microsoft that explains VSM at a high level:
Use MS Guard Today
MS Guard is a FREE Windows security assessment tool that helps organisations save money,improve their ROI, reduce cyber risks, achieve compliance and deliver security at scale. Learn more