Log Review Cheatsheet Critical Log Review Checklist for Security Incidents
Hardening GPO Reference UT Windows Hardening Checklist
sswares
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // unmodified | |
| contract Token { | |
| uint8 public decimals = 18; | |
| string public name; | |
| uint256 public lastTouched; | |
| address public hub; | |
| address public owner; |
sswares
/ infosec-tools.txt
Created
May 24, 2020 20:18
— forked from diegoalbuquerque/infosec-tools.txt
many infosec tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security Tool List | |
| ├───AD | |
| │ ├───ACLPwn | |
| │ ├───ACL_PWN | |
| │ ├───ADAPE | |
| │ ├───ADAudit | |
| │ ├───ADCollector | |
| │ ├───ADpwn | |
| │ ├───ADRecon | |
| │ ├───ADReconPowershell |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########## | |
| # Win10 Initial Setup Script | |
| # Author: Disassembler <[email protected]> | |
| # Version: 1.4, 2016-01-16 | |
| ########## | |
| # Ask for elevated permissions if required | |
| If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { | |
| Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs | |
| Exit |
sswares
/ Blue_Team_Hardening_Windows.csv
Created
May 24, 2020 20:13
— forked from mikes-hacks/Blue_Team_Hardening_Windows.csv
Blue Team Hardening Windows
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ID | Task | Command | Description | |
|---|---|---|---|---|
| 1 | IP | cmd (as admin) > ipconfig | confirm good ip for dns/dhcp | |
| 2 | Clear DNS Cache | ipconfig /flushdns | clear possible dns poison | |
| 3 | Hosts | notepad C:\Windows\System32\drivers\etc\hosts | delete bad entries | |
| 4 | View Hidden Files | Windows Explorer > View > Hidden/Ext/OS/Drives | good practice | |
| 5 | DUO | duo.com > Signup > Weblogin > Install > Auth | Consider duo.com for Auth | |
| 6 | Stopping Network Shares | net share /delete somebadshare | delete bad shares | |
| 7 | User and Group Config | Control panel > System settings > Users and Groups | ||
| New Admin PW, Disable Guest, Del Bad Users | This needs development | |||
| Check/Remove bad users from Admin Group |
sswares
/ windows_hardening.cmd
Created
May 24, 2020 19:53
— forked from ricardojba/windows_hardening.cmd
A Windows hardening script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::############################################################################################################### | |
| :: Credits and More info: https://gist.github.com/mackwage/08604751462126599d7e52f233490efe | |
| :: https://github.com/LOLBAS-Project/LOLBAS | |
| :: https://lolbas-project.github.io/ | |
| :: https://github.com/Disassembler0/Win10-Initial-Setup-Script | |
| :: https://github.com/cryps1s/DARKSURGEON/tree/master/configuration/configuration-scripts | |
| :: https://gist.github.com/alirobe/7f3b34ad89a159e6daa1#file-reclaimwindows10-ps1-L71 | |
| :: https://github.com/teusink/Home-Security-by-W10-Hardening | |
| :: | |
| ::############################################################################################################### |
sswares
/ smb_is_compromised.ps1
Created
May 24, 2020 19:53
— forked from ypcrts/smb_is_compromised.ps1
Windows 10 Hardening - Powershell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # disable smb 1 | |
| Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol | |
| # disable smb2 / smb3 | |
| Set-SmbServerConfiguration -EnableSMB2Protocol $false |
sswares
/ blue_team_notes.md
Created
May 24, 2020 19:50
— forked from alexiasa/blue_team_notes.md
Blue Team Notes
sswares
/ kerberos_attacks_cheatsheet.md
Created
February 26, 2020 09:01
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module: