Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
misterch0c-awesome-windows-domain-hardening
https://github.com/r3p3r/misterch0c-awesome-windows-domain-hardening
- EMET - Consider keeping EMET for Windows 7 but prioritize upgrades to Windows 10 and Edge).
- AppLocker
- PowerShell logging
- Block Office macros
- WEF
- GPO
- (Microsoft ATA)
- (KB2871997)
- (Microsoft LAPS)
- (Windows Firewall)
- (including GPP)
- PAWs
- (FGPP)
- Fine-Grained Password Policy
- LM/NTLMv1
- Protected Users group
- LLMNR
- WPAD
- LDAP signing
- SMB signing
- shims
- Responder - A LLMNR, NBT-NS and MDNS poisoner
- BloodHound - Six Degrees of Domain Admin
- PowerSploit - A PowerShell Post-Exploitation Framework
- PowerView - Situational Awareness PowerShell framework
- Empire - PowerShell and Python post-exploitation agent
- Mimikatz - Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets
- Tools Cheatsheets - (Beacon, PowerView, PowerUp, Empire, ...)
- UACME - Defeating Windows User Account Control
- Windows System Internals - (Including Sysmon etc.)
- Hardentools - Collection of simple utilities designed to disable a number of "features" exposed by Windows
- BSides DC 2016 - PowerShell Security: Defending the Enterprise from the Latest Attack Platform
- Six Degrees of Domain Admin... - Andy Robbins, Will Schroeder, Rohan Vazarkar
- 111 Attacking EvilCorp Anatomy of a Corporate Hack
- Red vs Blue: Modern Active Directory Attacks & Defense
- Offensive Active Directory with Powershell
- Advanced Incident Detection and Threat Hunting using Sysmon and Splunk
- Real Solutions From Real Incidents: Save Money and Your Job!
- How to go from Responding to Hunting with Sysinternals Sysmon
- 111 Attacking EvilCorp Anatomy of a Corporate Hack
- Real Solutions From Real Incidents: Save Money and Your Job!
- ADSecurity
- Harmj0y's blog
- Sysmon SecuriTay's configuration file - template with default high-quality event tracing
- Explaining and adapting Tay’s Sysmon configuration
- Use of PSExec
Programming Languages