Automating Sysmon Deployment and Configuration

Increase your logging abilities to further your ability to detect threats and malicious activity on your systems.
Learn more →

Block Ads and Trackers System Wide on Windows 10

This script blocks Telemetry related domains via the hosts file and related IPs via Windows Firewall.
Learn more →

Optimize and Debloat Windows 10 Deployments

For those who seek to minimize their Windows 10 installs.
Learn more →

GLVK Auto Install Script for KMS Activation

A collection of example configurations and scripts to aid system administrators in hardening Apache web servers.GLVK Auto Install Script for KMS Activation
Learn more →

Harden Windows with Windows Defender Application Control (WDAC)

Harden Windows with Windows Defender Application Control (WDAC)
Learn more →

Install RSAT ActiveDirectory PowerShell Module Offline

Install the PowerShell RSAT ActiveDirectory Module Offline
Learn more →

SolarWinds Orion Supply Chain Compromised, C2, and Mitigations

SolarWinds Orion Supply Chain Compromised, C2, and Mitigations
Learn more →

VirusTotal PowerShell Modules

A collection of PowerShell Modules for Interacting with the VirusTotal API
Learn more →

Hardening Windows Systems with Applocker

Lock down system resources to bare minumum needed for basic OS functionality
Learn more →

Hardening Windows Terminals. Command Prompt and PowerShell

Scripts and Documentation for Hardening Windows Command Prompt and PowerShell
Learn more →

Shodan Powershell Modules

A collection of PowerShell Modules for Interacting with the Shodan API
Learn more →

Automating the Windows Defender STIG

Automate the Windows Defender STIG
Learn more →

Hardening Windows Defender

Harden Windows Defender by enabling enterprise or command line only features
Learn more →

STIG Compliant GPOs and Importing them into a Windows Domain

Import all the GPOs provided by SimeonOnSecurity to assist in making your domain compliant with all applicable STIGs and SRGs.
Learn more →

Adobe Reader DC STIG Script

Apply the Adobe Reader Pro DC STIGs in one simple script.
Learn more →

STIGing Standalone Windows Systems

Automate STIGing Windows 10
Learn more →

Dot NET STIG Script

On July 14, 2020, Microsoft released a security updatApplying the .NET STIG is definitely not straightforward. For many administrators it can take hours to fully implement on a single system. This script applies the required registry changes and modifies the machine.config file to implement FIPS and other controls as required.
Learn more →

FireFox Privacy Script

Organizations like PrivacyTools.io and ffprofile have suggested changes to make FireFox more secure and private. These changes cover suggested browser extentions, blocking telemetry, disabling 3rd-party cookies, disabling trackers, etc.
Learn more →

FireFox STIG Script

The Firefox V4R29 isn’t the easiest of STIGs to apply. This script will implement most of the required FireFox policies. In the future, the FireFox ADMX templates and GPO’s will be applied in this script.
Learn more →

Windows 10 Branding

Many organizations have a need or want to control the branding of a Windows system. This includes the desktop wallpaper, the users avatar, the Windows lock screen, and sometimes the OEM Logo. In Windows 10, Windows Server 2016, and Windows Server 2019 this is not particularly easy. But, with the aide of the linked script, we can partially automate it and make the process much easier.
Learn more →

WMI Filters

A collection of WMI filters to assist with Windows Group Policy deployments When deploying GPOs, Microsoft reccomends to use WMI filters to speed up the process and isolate policies in large domains. WMI Filters allow you to specify GPOs down to a specific piece of software or Windows version with the potential to get significantly much more complex. The linked GitHub Repository includes some of the most commonly used WMI filters so that you don’t have to create them.
Learn more →

Automating Oracle JRE 8 STIG

The Oracle JRE STIGs aren’t so straight forward, requiring administrators to research JAVA documentation and generate java config files, when most administrators are used to solely STIG-ing using group policy.
Learn more →

Hardening Apache Web Server

A collection of example configurations and scripts to aid system administrators in hardening Apache web servers.
Learn more →

CVE-2020-1350 KB4569509 DNS Server Vulnerability

On July 14, 2020, Microsoft released a security update for the issue that is described in CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability. This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role. We strongly recommend that server administrators apply the security update at their earliest convenience.
Learn more →

Brave ADMX Templates

Brave, as a company, has failed to release ADMX templates for the brave browser siteing pushing pure registries as the only supported option. As the Brave Browser is build off of Chromium, it should support most, if not all, the same policies from the Chromium and Google Chrome ADMX templates. With that in mind, we’ve modified the Google Chrome ADMX templates to reflect the Brave Browser’s registry path. After some initial troubleshooting and testing, the templatates seem to work.
Learn more →

Chromium ADMX Templates

Proper ADMX Template for the Chromium Browser
Learn more →

Optimize, Harden, and Debloat Windows 10 Deployments

Windows 10 is an invasive and insecure operating system out of the box. Organizations like PrivacyTools.io, Microsoft, Cyber.mil, the Department of Defense, and the [National Security Agency have recommended configuration changes to lockdown, harden, and secure the operating system. These changes cover a wide range of mitigations including blocking telemetry, macros, removing bloatware, and preventing many digital and physical attacks on a system. This script aims to automate the configurations recommended by those organizations.
Learn more →

Automating Windows Updates with Chocolatey, PSWindowsUpdate, and Startup Scripts

In today’s modern workplace environment, system administrators constantly are battling for time. Rolling out the latest Windows updates can be extremely time consuming taking up to a week given enough systems. Along with some assistance from Chocolatey, PSWindowsUpdates, and Startup Scripts, Systems Administrators can roll out update with as little as a single reboot of each machine.
Learn more →

Windows Spectre Meltdown Mitigation Script

Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” and that affect many modern processors including Intel, AMD, VIA, and ARM.
Learn more →

STIGing Standalone Windows Servers

Automate STIGing Windows Server 2012, 2016, and 2019
Learn more →