Turn on Hyper V on Windows 10

Tip # 1: Turn on Hyper V on Windows 10

Windows 10 introduced Virtual Secure Mode (VSM). This technology is enabled by turning-on Hyper-V and it protects the LSASS process from password dumping.

VSM protects credentials stored in LSASS. It will help defend against tools such as Mimikatz, PwDump, gsecdump, and secretsdump.py

We should note however that not all credentials are stored in LSASS. Additional security countermeasures should be implemented to harden Windows machines against other types of credentials dumping attacks. Furthermore, adversaries may disable Hyper-V. Hence this cyber defence tactic should be used in conjunction with hardening settings to prevent and detect downgrade attacks.

Enable Hyper-V Using PowerShell

  • Open a PowerShell console as Administrator
  • Run the following command: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

Enable the Hyper-V role Through 'Apps and Features'

  • Right click on the Windows button and select 'Apps and Features'
  • Select 'Programs and Features' on the right under related settings
  • Select 'Turn Windows Features on or off'
  • Select Hyper-V and click OK.
  • Reboot machine

Virtual Secure Mode

Here's a diagram from Microsoft that explains VSM at a high level:

Use MS Guard Today

MS Guard is a FREE Windows security assessment tool that helps organisations save money,improve their ROI, reduce cyber risks, achieve compliance and deliver security at scale. Learn more