Reveal(x) queues RTR Windows Firewall update to block unmanaged IoT Device.

In this video, we observed an unmanaged system using crackmapexec to enumerate shares on a PC. Reveal(x) observes this behavior and initiates a Real-Time Response API call to issue a POSH command to update the firewall and block the offending device.

Reveal(x)queuesWindows