Increase your logging abilities to further your ability to detect threats and malicious activity on your systems.
This script blocks Telemetry related domains via the hosts file and related IPs via Windows Firewall.
For those who seek to minimize their Windows 10 installs.
A collection of example configurations and scripts to aid system administrators in hardening Apache web servers.GLVK Auto Install Script for KMS Activation
Harden Windows with Windows Defender Application Control (WDAC)
Install the PowerShell RSAT ActiveDirectory Module Offline
SolarWinds Orion Supply Chain Compromised, C2, and Mitigations
A collection of PowerShell Modules for Interacting with the VirusTotal API
Lock down system resources to bare minumum needed for basic OS functionality
Scripts and Documentation for Hardening Windows Command Prompt and PowerShell
A collection of PowerShell Modules for Interacting with the Shodan API
Harden Windows Defender by enabling enterprise or command line only features
Import all the GPOs provided by SimeonOnSecurity to assist in making your domain compliant with all applicable STIGs and SRGs.
On July 14, 2020, Microsoft released a security updatApplying the .NET STIG is definitely not straightforward. For many administrators it can take hours to fully implement on a single system. This script applies the required registry changes and modifies the machine.config file to implement FIPS and other controls as required.
Organizations like PrivacyTools.io and ffprofile have suggested changes to make FireFox more secure and private. These changes cover suggested browser extentions, blocking telemetry, disabling 3rd-party cookies, disabling trackers, etc.
The Firefox V4R29 isn’t the easiest of STIGs to apply. This script will implement most of the required FireFox policies. In the future, the FireFox ADMX templates and GPO’s will be applied in this script.
Many organizations have a need or want to control the branding of a Windows system. This includes the desktop wallpaper, the users avatar, the Windows lock screen, and sometimes the OEM Logo. In Windows 10, Windows Server 2016, and Windows Server 2019 this is not particularly easy. But, with the aide of the linked script, we can partially automate it and make the process much easier.
A collection of WMI filters to assist with Windows Group Policy deployments When deploying GPOs, Microsoft reccomends to use WMI filters to speed up the process and isolate policies in large domains. WMI Filters allow you to specify GPOs down to a specific piece of software or Windows version with the potential to get significantly much more complex. The linked GitHub Repository includes some of the most commonly used WMI filters so that you don’t have to create them.
The Oracle JRE STIGs aren’t so straight forward, requiring administrators to research JAVA documentation and generate java config files, when most administrators are used to solely STIG-ing using group policy.
A collection of example configurations and scripts to aid system administrators in hardening Apache web servers.
On July 14, 2020, Microsoft released a security update for the issue that is described in CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability. This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role. We strongly recommend that server administrators apply the security update at their earliest convenience.
Brave, as a company, has failed to release ADMX templates for the brave browser siteing pushing pure registries as the only supported option. As the Brave Browser is build off of Chromium, it should support most, if not all, the same policies from the Chromium and Google Chrome ADMX templates. With that in mind, we’ve modified the Google Chrome ADMX templates to reflect the Brave Browser’s registry path. After some initial troubleshooting and testing, the templatates seem to work.
Windows 10 is an invasive and insecure operating system out of the box. Organizations like PrivacyTools.io, Microsoft, Cyber.mil, the Department of Defense, and the [National Security Agency have recommended configuration changes to lockdown, harden, and secure the operating system. These changes cover a wide range of mitigations including blocking telemetry, macros, removing bloatware, and preventing many digital and physical attacks on a system. This script aims to automate the configurations recommended by those organizations.
In today’s modern workplace environment, system administrators constantly are battling for time. Rolling out the latest Windows updates can be extremely time consuming taking up to a week given enough systems. Along with some assistance from Chocolatey, PSWindowsUpdates, and Startup Scripts, Systems Administrators can roll out update with as little as a single reboot of each machine.
Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” and that affect many modern processors including Intel, AMD, VIA, and ARM.