Today I Learned about Auditpol, Sysmon, and Sysmon Configurations

Today I learned / Read About… # What SimeonOnSecurity learned about and found interesting today SimeonOnSecurity learned and discovered several interesting things today related to Windows security and event monitoring. First, two new and updated repositories were identified. The Automate-Sysmon repository provides a solution for automating the installation, configuration, and management of Sysmon, a popular tool for monitoring and logging system activity on Windows systems. The Windows-Audit-Policy repository provides a solution for automating the configuration of Windows audit policies, which control the auditing of various security-related events on Windows systems.
Learn more →

Today I Learned How to Manipulate and Parse JSON in PowerShell and Bash

Today I learned / Read About… # What SimeonOnSecurity learned about and found interesting today SimeonOnSecurity has updated a page on his website and learned about a few resources that he finds interesting. The updated page is the writeup for the Invite Challenge on HackTheBox. This page provides an in-depth analysis of the process of solving the challenge on both Windows and Linux systems. In addition to the updated page, SimeonOnSecurity also discovered some useful learning resources.
Learn more →

Harden Windows with Windows Defender Application Control (WDAC)

Harden Windows with Windows Defender Application Control (WDAC)
Learn more →

Dot NET STIG Script

On July 14, 2020, Microsoft released a security updatApplying the .NET STIG is definitely not straightforward. For many administrators it can take hours to fully implement on a single system. This script applies the required registry changes and modifies the machine.config file to implement FIPS and other controls as required.
Learn more →

Windows 10 Branding

Many organizations have a need or want to control the branding of a Windows system. This includes the desktop wallpaper, the users avatar, the Windows lock screen, and sometimes the OEM Logo. In Windows 10, Windows Server 2016, and Windows Server 2019 this is not particularly easy. But, with the aide of the linked script, we can partially automate it and make the process much easier.
Learn more →

CVE-2020-1350 KB4569509 DNS Server Vulnerability

On July 14, 2020, Microsoft released a security update for the issue that is described in CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability. This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role. We strongly recommend that server administrators apply the security update at their earliest convenience.
Learn more →

Optimize, Harden, and Debloat Windows 10 Deployments

Windows 10 is an invasive and insecure operating system out of the box. Organizations like PrivacyTools.io, Microsoft, Cyber.mil, the Department of Defense, and the [National Security Agency have recommended configuration changes to lockdown, harden, and secure the operating system. These changes cover a wide range of mitigations including blocking telemetry, macros, removing bloatware, and preventing many digital and physical attacks on a system. This script aims to automate the configurations recommended by those organizations.
Learn more →

Automating Windows Updates with Chocolatey, PSWindowsUpdate, and Startup Scripts

In today’s modern workplace environment, system administrators constantly are battling for time. Rolling out the latest Windows updates can be extremely time consuming taking up to a week given enough systems. Along with some assistance from Chocolatey, PSWindowsUpdates, and Startup Scripts, Systems Administrators can roll out update with as little as a single reboot of each machine.
Learn more →

Windows Spectre Meltdown Mitigation Script

Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” and that affect many modern processors including Intel, AMD, VIA, and ARM.
Learn more →

HackTheBox - Invite Challenge (Windows/Linux)

Get step by step instructions to complete the HackTheBox invite challenge on Windows or Linux. Learn how to generate an invite code and join the online platform to test and advance your skills in penetration testing and cyber security. The article presents both simple and advanced solutions, making it easy for users of all levels to complete the challenge and gain access to the platform.
Learn more →