Remediation Tehniques
Here is a collection of various settings, mainly Group Policy but also Registry settings and command line tools collected in response to configuration vulnerabilites I have seen
- Documentation and scripts to modify logging settings on Windows.
- LM Hashes
- NTLMv1
- SMBv1
- Zerologon
- Disabling Print Spooler Service
- NetBIOS over TCP and LLMNR
- Golden Ticket
- PowerShell Script Block & Module Logging
- WinRM Behavior
- Terminal Services - Network Level Authentication (CredSSP)
- Disable anonymous enumeration of Users and Shares
- Structured Exception Handling Overwrite Protection (SEHOP)
- Autorun and Autoplay
Scripts created to help a client pass PCI certification. On Github
- disable-anonymousshares.ps1 Disable Anonymous SAM accounts and shares.
- disable-netbiostcpip.ps1 Disable NetBIOS over TCPIP
- disable-sslv2.ps1 Disable SSLV2 Ciphers.
- enable-wins.ps1 Enable Wins service and start it.
- >disable-wins.ps1 Stop Wins service and disable it.
- disable-winvnc4.ps1 Disable WinVNC v4
- enable-smbsigning.ps1 Enable SMB Signing
- rename-localadmin.ps1 Rename Local Admin and Guest Accounts