BlueSide_StrongSide BlueSideStrongSide

## windows_hardening.cmd
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:

## URL_Reputation_Tracker.csv

          
            URL Reputation Provider
            URL Reputation Website
            Community API
            Commercial API
            BSSS_Supported
            API Endpoint(s)

            
              AlienVault OTX
              https://otx.alienvault.com/browse/pulses
              Yes
              Researching
              Yes

            
              BarracudaCentral
              http://www.barracudacentral.org/lookups
              Yes
              No
              Soon

            
              BrightCloud
              https://www.brightcloud.com/tools/url-ip-lookup.php
              No
              Yes
              Yes

            
              CDRF ThreatCenter
              https://threatcenter.crdf.fr
              Researching
              Researching
              Not Yet

            
              Cisco Talos
              https://www.talosintelligence.com/reputation_center
              Researching
              Researching
              Not Yet

            
              Checkpoint
              https://urlcat.checkpoint.com/urlcat
              Researching
              Researching
              Not Yet

            
              Cyren URL
              https://www.cyren.com/security-center/url-category-check
              Researching
              Researching
              Not Yet

            
              Cymon.io
              https://cymon.io
              Researching
              Researching
              Not Yet

            
              ForcePoint CSI
              https://csi.forcepoint.com
              Researching
              Researching
              Not Yet

## iana_ports.csv
Service Name,Port Number,Transport Protocol,Description,Assignee,Contact,Registration Date,Modification Date,Reference,Service Code,Unauthorized Use Reported,Assignment Notes
,0,tcp,Reserved,[Jon_Postel],[Jon_Postel],,,,,,
,0,udp,Reserved,[Jon_Postel],[Jon_Postel],,,,,,
tcpmux,1,tcp,TCP Port Service Multiplexer,[Mark_Lottor],[Mark_Lottor],,,,,,
tcpmux,1,udp,TCP Port Service Multiplexer,[Mark_Lottor],[Mark_Lottor],,,,,,
compressnet,2,tcp,Management Utility,,,,,,,,
compressnet,2,udp,Management Utility,,,,,,,,
compressnet,3,tcp,Compression Process,[Bernie_Volz],[Bernie_Volz],,,,,,
compressnet,3,udp,Compression Process,[Bernie_Volz],[Bernie_Volz],,,,,,
,4,tcp,Unassigned,,,,,,,,

## keir_ports.csv

          
            Port 
            Transport
            Service

            
              0
              TCP
              Reserved

            
              1
              TCP
              Port Service Multiplexer

            
              2
              TCP
              Management Utility

            
              3
              TCP
              Compression Process

            
              4
              TCP
              Unassigned

            
              5
              TCP
              Remote Job Entry

            
              6
              TCP
              Unassigned

            
              7
              TCP
              Echo

            
              8
              TCP
              Unassigned

## nmap_ports.csv
service_name,portnum/protocol,optional comments,,
tcpmux,1/tcp,# TCP Port Service Multiplexer [rfc-1078] | TCP Port Service Multiplexer,,
tcpmux,1/udp,# TCP Port Service Multiplexer,,
compressnet,2/tcp,# Management Utility,,
compressnet,2/udp,# Management Utility,,
compressnet,3/tcp,# Compression Process,,
compressnet,3/udp,# Compression Process,,
unknown,4/tcp,,,
rje,5/tcp,# Remote Job Entry,,
rje,5/udp,# Remote Job Entry,,

## wiki_ports.csv

          
            0
            Reserved
            Reserved
            
            
            In programming APIs (not in communication between hosts), requests a system-allocated (dynamic) port[6]

            
              1
              Yes
              Assigned
              
              
              TCP Port Service Multiplexer (TCPMUX). Historic. Both TCP and UDP have been assigned to TCPMUX by IANA,[2] but by design only TCP is specified.[7]

            
              5
              Assigned
              Assigned
              
              
              Remote Job Entry[8] was historically using socket 5 in its old socket form, while MIB PIM has identified it as TCP/5[9] and IANA has assigned both TCP and UDP 5 to it.

            
              7
              Yes
              Yes
              
              
              Echo Protocol[10][11]

            
              9
              Yes
              Yes
              Yes[12]
              
              Discard Protocol[13]

            
              No
              Unofficial
              
              
              Wake-on-LAN[14]

            
              11
              Yes
              Yes
              
              
              Active Users (systat service)[15][16]

            
              13
              Yes
              Yes
              
              
              Daytime Protocol[17]

            
              15
              Unofficial
              No
              
              
              Previously netstat service[2][15]

            
              17
              Yes
              Yes
              
              
              Quote of the Day (QOTD)[18]

## meridian_ports.csv

          
            Port
            Transport
            Service/Comment
            Official

            
              0
              TCP, UDP
              Reserved; do not use (but is a permissible source port value if the sending process does not expect messages in response)
              Official

            
              1
              TCP, UDP
              TCPMUX
              Official

            
              5
              TCP, UDP
              RJE (Remote Job Entry)
              Official

            
              7
              TCP, UDP
              ECHO protocol
              Official

            
              9
              TCP, UDP
              DISCARD protocol
              Official

            
              11
              TCP, UDP
              SYSTAT protocol
              Official

            
              13
              TCP, UDP
              DAYTIME protocol
              Official

            
              17
              TCP, UDP
              QOTD (Quote of the Day) protocol
              Official

            
              18
              TCP, UDP
              Message Send Protocol
              Official

## out.py
import csv
import os


# input arguments your track dict
# input arguments the filename of the newly created csv
def _export_to_csv(input_dict: dict = None, export_filename: str = None):
    try:
        # example.csv is the name of our exported file
        # mode = a+ we open a file handled in append plus mode

## log_locations_aws_local.txt
/var/log/amazon/ssm/amazon-ssm-agent.log
/var/log/amazon/ssm/errors.log
/var/log/audit/audit.log
/var/log/cloud-init-output.log
/var/log/cfn-init.log
/var/log/cfn-init-cmd.log
/var/log/cloud-init.log (Amazon Linux 1 / Amazon Linux 2 only)
/var/log/cron
/var/log/maillog
/var/log/messages

## gist:f11685859ab86259929bc019c6d20519
# Malware Analysis Report GPTemplate

**Table of Contents**

1. [Executive Summary](#executive-summary)
2. [Introduction](#introduction)
3. [Malware Overview](#malware-overview)
4. [Infection Vector](#infection-vector)
5. [Malware Behavior](#malware-behavior)
6. [Indicators of Compromise (IOCs)](#indicators-of-compromise-iocs)
	:: Windows 10 Hardening Script
	:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
	:: Obligatory 'views are my own'. :)
	:: Thank you @jaredhaight for the Win Firewall config recommendations!
	:: Thank you @ricardojba for the DLL Safe Order Search reg key!
	:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
	:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
	:
URL Reputation Provider	URL Reputation Website	Community API	Commercial API	BSSS_Supported	API Endpoint(s)
AlienVault OTX	https://otx.alienvault.com/browse/pulses	Yes	Researching	Yes
BarracudaCentral	http://www.barracudacentral.org/lookups	Yes	No	Soon
BrightCloud	https://www.brightcloud.com/tools/url-ip-lookup.php	No	Yes	Yes
CDRF ThreatCenter	https://threatcenter.crdf.fr	Researching	Researching	Not Yet
Cisco Talos	https://www.talosintelligence.com/reputation_center	Researching	Researching	Not Yet
Checkpoint	https://urlcat.checkpoint.com/urlcat	Researching	Researching	Not Yet
Cyren URL	https://www.cyren.com/security-center/url-category-check	Researching	Researching	Not Yet
Cymon.io	https://cymon.io	Researching	Researching	Not Yet
ForcePoint CSI	https://csi.forcepoint.com	Researching	Researching	Not Yet
	Service Name,Port Number,Transport Protocol,Description,Assignee,Contact,Registration Date,Modification Date,Reference,Service Code,Unauthorized Use Reported,Assignment Notes
	,0,tcp,Reserved,[Jon_Postel],[Jon_Postel],,,,,,
	,0,udp,Reserved,[Jon_Postel],[Jon_Postel],,,,,,
	tcpmux,1,tcp,TCP Port Service Multiplexer,[Mark_Lottor],[Mark_Lottor],,,,,,
	tcpmux,1,udp,TCP Port Service Multiplexer,[Mark_Lottor],[Mark_Lottor],,,,,,
	compressnet,2,tcp,Management Utility,,,,,,,,
	compressnet,2,udp,Management Utility,,,,,,,,
	compressnet,3,tcp,Compression Process,[Bernie_Volz],[Bernie_Volz],,,,,,
	compressnet,3,udp,Compression Process,[Bernie_Volz],[Bernie_Volz],,,,,,
	,4,tcp,Unassigned,,,,,,,,
Port	Transport	Service
0	TCP	Reserved
1	TCP	Port Service Multiplexer
2	TCP	Management Utility
3	TCP	Compression Process
4	TCP	Unassigned
5	TCP	Remote Job Entry
6	TCP	Unassigned
7	TCP	Echo
8	TCP	Unassigned
	service_name,portnum/protocol,optional comments,,
	tcpmux,1/tcp,# TCP Port Service Multiplexer [rfc-1078] \| TCP Port Service Multiplexer,,
	tcpmux,1/udp,# TCP Port Service Multiplexer,,
	compressnet,2/tcp,# Management Utility,,
	compressnet,2/udp,# Management Utility,,
	compressnet,3/tcp,# Compression Process,,
	compressnet,3/udp,# Compression Process,,
	unknown,4/tcp,,,
	rje,5/tcp,# Remote Job Entry,,
	rje,5/udp,# Remote Job Entry,,
0	Reserved	Reserved		In programming APIs (not in communication between hosts), requests a system-allocated (dynamic) port[6]
1	Yes	Assigned		TCP Port Service Multiplexer (TCPMUX). Historic. Both TCP and UDP have been assigned to TCPMUX by IANA,[2] but by design only TCP is specified.[7]
5	Assigned	Assigned		Remote Job Entry[8] was historically using socket 5 in its old socket form, while MIB PIM has identified it as TCP/5[9] and IANA has assigned both TCP and UDP 5 to it.
7	Yes	Yes		Echo Protocol[10][11]
9	Yes	Yes	Yes[12]	Discard Protocol[13]
	No	Unofficial		Wake-on-LAN[14]
11	Yes	Yes		Active Users (systat service)[15][16]
13	Yes	Yes		Daytime Protocol[17]
15	Unofficial	No		Previously netstat service[2][15]
17	Yes	Yes		Quote of the Day (QOTD)[18]
Port	Transport	Service/Comment	Official
0	TCP, UDP	Reserved; do not use (but is a permissible source port value if the sending process does not expect messages in response)	Official
1	TCP, UDP	TCPMUX	Official
5	TCP, UDP	RJE (Remote Job Entry)	Official
7	TCP, UDP	ECHO protocol	Official
9	TCP, UDP	DISCARD protocol	Official
11	TCP, UDP	SYSTAT protocol	Official
13	TCP, UDP	DAYTIME protocol	Official
17	TCP, UDP	QOTD (Quote of the Day) protocol	Official
18	TCP, UDP	Message Send Protocol	Official
	import csv
	import os


	# input arguments your track dict
	# input arguments the filename of the newly created csv
	def _export_to_csv(input_dict: dict = None, export_filename: str = None):
	try:
	# example.csv is the name of our exported file
	# mode = a+ we open a file handled in append plus mode
	/var/log/amazon/ssm/amazon-ssm-agent.log
	/var/log/amazon/ssm/errors.log
	/var/log/audit/audit.log
	/var/log/cloud-init-output.log
	/var/log/cfn-init.log
	/var/log/cfn-init-cmd.log
	/var/log/cloud-init.log (Amazon Linux 1 / Amazon Linux 2 only)
	/var/log/cron
	/var/log/maillog
	/var/log/messages
	# Malware Analysis Report GPTemplate

	Table of Contents

	1. [Executive Summary](#executive-summary)
	2. [Introduction](#introduction)
	3. [Malware Overview](#malware-overview)
	4. [Infection Vector](#infection-vector)
	5. [Malware Behavior](#malware-behavior)
	6. [Indicators of Compromise (IOCs)](#indicators-of-compromise-iocs)