Block Visaul Studio Dev Tunnels

## Summary

Dev Tunnel has been increasingly getting popular amongst legitimate developers and threat actors alike. Specifically, TAs are installing and running VSCode post-exploitation and establishing Dev Tunnels between the victim and the attacker. It might be a good idea to add blocking Dev Tunnels to the machine hardening list? Microsoft offers a group policy for managing the behavior, so it can probably be added via a registry key.

## References

- https://aka.ms/devtunnels/policies/download
- https://detect.fyi/detecting-dev-tunnels-16f0994dc3e2?gi=05a26f671e47
- https://newtonpaul.com/vscode-remote-tunnels-abuse-and-detections/
- https://jsac.jpcert.or.jp/archive/2024/pdf/JSAC2024_2_3_sasada_hazuru_en.pdf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Block Visaul Studio Dev Tunnels #179

Summary

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Block Visaul Studio Dev Tunnels #179

Description

Summary

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions