From 8d7e90ebcaaeaff6c4fee218c6ca66e27354ea64 Mon Sep 17 00:00:00 2001 From: whx Date: Tue, 20 Sep 2022 23:47:18 +0200 Subject: [PATCH] windows hardening --- misc/Blue Teaming/windows-hardening.md | 88 ++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 misc/Blue Teaming/windows-hardening.md diff --git a/misc/Blue Teaming/windows-hardening.md b/misc/Blue Teaming/windows-hardening.md new file mode 100644 index 0000000..b4ec3dd --- /dev/null +++ b/misc/Blue Teaming/windows-hardening.md @@ -0,0 +1,88 @@ +# Windows hardening + +## UAC Sharpening + +* Control Panel -> User Accounts -> Change User Account Control Setting -> Set to "Always Notify" + +## User and Group Policy + +* Local Group Policy Editor + +## Password Policy + +* Security Settings -> Account Policies -> Password policy +* Local Security Policy -> Windows Settings -> Account Policies -> Account Lockout Policy + +## Windows Defender + +### Antivirus + +* Check excluded file endings: Settings -> Windows Security -> Virus & Threat Protection -> Virus & threat protection settings -> Manage Settings -> Exclusions -> Add or remove exclusions + +### Firewall + +* wf.msc -> Windows Defender Firewall Properties -> Public / Private Profile -> Inbound connections -> On +* wf.msc -> Windows Defender Firewall Properties -> Monitoring -> Check the active Profile + +## Network + +### Disable Unused Interfaces + +* Control Panel -> System and Security Setting -> System -> Device Manager + +### SMB + +* Disable SMB via Powershell +```sh +Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol +``` + +### Hosts File + +* Check `C:\Windows\System32\Drivers\etc\hosts` for unwanted domain resolution + +### ARP + +* After potential ARP poisoning the cache can be deleted via `arp -d` + +### RDP + +* Settings -> Windows Security Settings -> For developers -> Remote Desktop -> Show settings -> Don't allow remote connections to this computer + +## Third Pary Applications + +### Signed Software Only +* Settings -> Select Apps and Features -> Choose where to get apps -> The Microsoft Store only + +### Applocker + +* Local Group Policy Editor -> Windows Settings -> Security Settings -> Application Control Policies -> AppLocker + +## Web Browsing + +### Edge + +* Settings -> Windows Security -> App and Browser Control -> Reputation-based Protection -> SmartScreen for Microsoft Edge -> On +* Edge -> `edge://settings/privacy` -> Privacy, Search and Services -> Tracking Prevention -> Strict + +## Encryption + +### BitLocker + +* Control Panel -> System and Security -> BitLocker Drive Encryption -> Turn on BitLocker + +## Sandbox + +* Settings -> Windows Features -> Windows Sandbox -> OK + +## Secure Boot + +* Check status under: msinfo32 -> System Summary -> BIOS Mode / Secure Boot State + +## Backups + +* Settings -> Update & Security -> Backup -> Backup using File History + + + +