-
-
Save D4stiny/03a5e27fe5bee7990e91cb0251e009d7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<CyberPatriotResource> | |
<ResourceID>Windows2008_r2_hs</ResourceID> | |
<Tier/> | |
<Branding>CyberPatriot</Branding> | |
<Title>CP-IX High School Round 2 Windows 2008</Title> | |
<TeamKey>CyberPatriot9</TeamKey> | |
<ScoringUrl>http://54.243.182.228/ccs/upload</ScoringUrl> | |
<ScoreboardUrl>http://54.243.195.23</ScoreboardUrl> | |
<HideScoreboard>false</HideScoreboard> | |
<ReadmeUrl>http://www.uscyberpatriot.org/Pages/Readme/readme_hs_tvadjak3cg.aspx</ReadmeUrl> | |
<SupportUrl>https://fedgov.webex.com/fedgov/onstage/g.php?PRID=5632977f96b90348071a216c69912878</SupportUrl> | |
<TimeServers> | |
<Primary>http://54.243.195.23/message.php</Primary> | |
<Secondary>http://time.is/UTC</Secondary> | |
<Secondary>http://nist.time.gov/</Secondary> | |
<Secondary>http://www.zulutime.net/</Secondary> | |
<Secondary>http://time1.ucla.edu/home.php</Secondary> | |
<Secondary>http://viv.ebay.com/ws/eBayISAPI.dll?EbayTime</Secondary> | |
<Secondary>http://worldtime.io/current/utc_netherlands/8554</Secondary> | |
<Secondary>http://www.timeanddate.com/worldclock/timezone/utc</Secondary> | |
<Secondary>http://www.thetimenow.com/utc/coordinated_universal_time</Secondary> | |
<Secondary>http://www.worldtimeserver.com/current_time_in_UTC.aspx</Secondary> | |
</TimeServers> | |
<DestructImage> | |
<Before>2016-11-20 05:00</Before> | |
<After>2016-12-13 06:00</After> | |
<Uptime>07:00</Uptime> | |
<Playtime/> | |
<InvalidClient>true</InvalidClient> | |
<InvalidTeam>00:20</InvalidTeam> | |
</DestructImage> | |
<DisableFeedback> | |
<Before>2016-11-20 05:00</Before> | |
<After>2016-12-13 06:00</After> | |
<Uptime>06:30</Uptime> | |
<Playtime/> | |
<NoConnection>true</NoConnection> | |
<InvalidClient>true</InvalidClient> | |
<InvalidTeam>true</InvalidTeam> | |
</DisableFeedback> | |
<WarnAfter>05:30</WarnAfter> | |
<StopImageAfter>06:00</StopImageAfter> | |
<StopTeamAfter/> | |
<StartupTime>60</StartupTime> | |
<IntervalTime>60</IntervalTime> | |
<UploadTimeout>24</UploadTimeout> | |
<OnPointsGained> | |
<Execute>C:\CyberPatriot\sox.exe C:\CyberPatriot\gain.wav -d -q</Execute> | |
<Execute>C:\CyberPatriot\Notify.exe You Gained Points</Execute> | |
</OnPointsGained> | |
<OnPointsLost> | |
<Execute>C:\CyberPatriot\sox.exe C:\CyberPatriot\alarm.wav -d -q</Execute> | |
<Execute>C:\CyberPatriot\Notify.exe You Lost Points</Execute> | |
</OnPointsLost> | |
<OnInvalidTeam> | |
<Execute>C:\CyberPatriot\sox.exe C:\CyberPatriot\alarm.wav -d -q</Execute> | |
<Execute>C:\CyberPatriot\Notify.exe WARNING: Invalid Unique Identifier</Execute> | |
</OnInvalidTeam> | |
<AutoDisplayPoints>true</AutoDisplayPoints> | |
<InstallPath>C:\CyberPatriot</InstallPath> | |
<TeamConfig>ScoringConfig</TeamConfig> | |
<HtmlReport>ScoringReport</HtmlReport> | |
<HtmlReportTemplate>ScoringReportTemplate</HtmlReportTemplate> | |
<XmlReport>ScoringData/ScoringReport</XmlReport> | |
<RedShirt>tempfile</RedShirt> | |
<ValidClient> | |
<ResourcePath>C:\CyberPatriot\ScoringResource.dat</ResourcePath> | |
<ClientPath>C:\CyberPatriot\CCSClient.exe</ClientPath> | |
<ClientHash>5AA01BD7F0B02F599176A71A01FE7E1F9E8DE834C2C8EB13D9527AC10B7ACFA3</ClientHash> | |
<ProductID>Windows Server 2008 Standard 32-bit</ProductID> | |
<DiskID>55FFF60C</DiskID> | |
<InstallDate>2013-Jul-11 00:02:40</InstallDate> | |
</ValidClient> | |
<Check> | |
<CheckID>FOR_Q1</CheckID> | |
<Description>5A57F55AA92B0CA6A7115F23F687072732F6E6F2131042A0B1D47736A2755AD91076B065D2D06C5F86B621A88EFD0E3E202C07A2AD35075D84B6432584322431</Description> | |
<Points>9</Points> | |
<Test> | |
<Type>file</Type> | |
<Name>T1</Name> | |
<FilePath>C:\Users\leonardo\Desktop\Forensics Question 1.txt</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Contains</Condition> | |
<Equals>(?i)ANSWER:\s*(C:\\|\\)?Windows\\System32\\config</Equals> | |
</T1> | |
<T1> | |
<Condition>Contains</Condition> | |
<NotEquals>(?i)ANSWER:\s*(C:\\|\\)?Users</NotEquals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>FOR_Q2</CheckID> | |
<Description>E602039EA713888582F5B1418570BD277B5C088BB2F89235A32148DF6067D9AFD607BCE97EFDC384EC3F947D6BD81F3FE97B33E4B5415CFC1105BCE2878F6224</Description> | |
<Points>9</Points> | |
<Test> | |
<Type>file</Type> | |
<Name>T1</Name> | |
<FilePath>C:\Users\leonardo\Desktop\Forensics Question 2.txt</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Contains</Condition> | |
<Equals>(?i)ANSWER:\s*dimension\s+x</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_SCREWLO_LOCKOUT</CheckID> | |
<Description>CC50F80C8737938D99CC00C94A758F8AED73210E161AFC1BBC36089E42F9C3C805242CD953E48FF9814B3EA668C42F862F9E57C99733385137E22A5A34E7075F2CE5DCA2A1</Description> | |
<Points>3</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>screwloose</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>LockedOut</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_GUEST</CheckID> | |
<Description>446A8E2949ADC218A47A43F1BE6313FFD1BF978B20A43D8F47C8AEDE6E1557D71C2EFFB766214A32893BE38CE1A7909719AF7DE0181A9200B43A53B97203BB1A</Description> | |
<Points>2</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>Guest</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Enabled</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Password</Condition> | |
<NotEquals/> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Password</Condition> | |
<Equals/> | |
</T1> | |
<T1> | |
<Condition>LogonInteractiveEnabled</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_ROCK</CheckID> | |
<Description>4AC3C246F9DE77909D60EE524FDFB8678F5E31A46D95CB60A43A02E7D8BE0BC4E461D71363C1F2ADBCBCB35E0AD4FB396A305F193018A6ED6C06B4BFFA51EAF7ED3E339883</Description> | |
<Points>2</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>rocksteady</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Enabled</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_SHREDDER</CheckID> | |
<Description>DF9D1910EE37600FA766F6A74000589C34C0CD7ADF3B04311EB26358763AC66D4DDA94E2C45AEDADDD3E13E13C24AA8EEE929D9670B40F11349219EBF2FA92444E1F8A</Description> | |
<Points>2</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>shredder</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Enabled</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_SEYMOUR</CheckID> | |
<Description>79F3A3AA65268F830EFC4E4AC5E87F068BCFCBC222C02638CFE0E50C80A53AD8628AB78410D1BB5A48AB70CE912AA0EC4C3B5F02DCB58678B18CAB67E1CADB</Description> | |
<Points>2</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>seymour</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Password</Condition> | |
<NotEquals/> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_JAGWAR</CheckID> | |
<Description>9DAED0CF9AD4BDDFC400B15BD6993D77F3159E7C340FAFFA218FD2B546B362429C2441AC7B028846F7D6BC801B3D1B82D9B630934D1AE33BBDB484E56080</Description> | |
<Points>2</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>jagwar</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Password</Condition> | |
<NotEquals/> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_SLASH_LOCKOUT</CheckID> | |
<Description>BE87D30F8EA03799EEC72C6C399B8651705BCDCAD61645EABC2E239429DA17F5808A25481AC853A984CB3A9913C45F53A45498540047BAC1677109B6DBEE3733</Description> | |
<Points>3</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>slash</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>LockedOut</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_APRIL</CheckID> | |
<Description>9DC0BCC61B019B2FD82BFAD97F4602DCDCEA8CED3050E60F39EC61F5295405CDCB0FF807FE22B66A39D061755CC10E7A2988E219EE883FA234CB4212F7F1B86D980A858134A9</Description> | |
<Points>2</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>april</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Admin</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>USR_MONDO</CheckID> | |
<Description>C494080D1A96315B5D0C443488645DC0805A0F3DFE31029CBECFFF453A383F7BF96C4F2B0A85257A52AA835362CF19E6FB4860CCE1CCAA5EA20AAC7D1A37F1F3811199BE5ACC3CBE5F8424</Description> | |
<Points>2</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>mondogecko</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Admin</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>ACT_MINAGE</CheckID> | |
<Description>C9DEF00E1F8E515DAFF90933884F976B541C4EBBBE94DDAD22DF33C91C7F589BD157970E2B4FF48802712A599696A6B02F244FD3EAE2332EEA2DA0B881E3C88BF8C6A3111BE23843</Description> | |
<Points>4</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>password_policy</Type> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>MinPasswordAge</Condition> | |
<GreaterThan>86399</GreaterThan> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>ACT_WIN</CheckID> | |
<Description>BB349C06D5CA14EA2022C6B607320C62EFF6019AF728E8FE59E841EA0F9A73E0DC0ED6613E186ACD1084F4345DA5A078D8B194299F8B2F61FA7CB90C18AF1EE86B0E5C9E85E878015F51BC8A4C78AE2F4052FEE7AD9D</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>account_lockout_policy</Type> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>LockoutThreshold</Condition> | |
<GreaterThan>0</GreaterThan> | |
</T1> | |
<T1> | |
<Condition>LockoutObservationWindow</Condition> | |
<GreaterThan>240</GreaterThan> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>POL_IL_CAD</CheckID> | |
<Description>F16F7F3039C2512BC02B0AC58B6993E5B6B53C531FC283C8056793CF84EBEA5A75B37D3C68698E01867A3028922AAAC4CE4CB8FD7CBF521134D66A7ECF193524CE8ECB278599C26C820C</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath> | |
<KeyName>DisableCAD</KeyName> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath> | |
<KeyName>DisableCAD</KeyName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Value</Condition> | |
<Equals>0</Equals> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T2> | |
<T2> | |
<Condition>Value</Condition> | |
<Equals>0</Equals> | |
</T2> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>POL_MNS_ESIG</CheckID> | |
<Description>F116AA8C7E4CACAC17B8415426A64884E4F7A76AFE9ED6AD5C64E8A8C3752340563D35C62A998282C4FF748089B2B21E4E423A8F7C58077E4BDDE87648C5D5F6A92DFB9452DB87788518E29F3974986B0D4AF1983D25E975CC7D70120ECBA3DE05E5E46FB2</Description> | |
<Points>7</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath> | |
<KeyName>EnableSecuritySignature</KeyName> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath> | |
<KeyName>RequireSecuritySignature</KeyName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Value</Condition> | |
<Equals>1</Equals> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T2> | |
<Condition>Value</Condition> | |
<Equals>1</Equals> | |
</T2> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>SYS_SHC</CheckID> | |
<Description>9D527EBAC9662F0BF98AB17A9B90F9DF3F063AD8D59C50D2346046C2F40D0C3B21B7C6DE58CB518F15AB8DB0F4A340807B4F8A8B4AB08E1E7F2549A62DADDD8A11B9B6F48C</Description> | |
<Points>6</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>SYSTEM\CurrentControlSet\services\LanmanServer\Shares</KeyPath> | |
<KeyName>C</KeyName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>SRV_TLNT</CheckID> | |
<Description>46F0543DA67F293994E1D30DFF8734CFB1A6485C4FF7A0204C3E341EBE6B98B1E31587E1353E29133874EEB733A9A91EC1D69CA4C8ABC0AF69ED71294A7B9C358DD56D7DAC7CD0A782BDC6AE985852CC</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>service</Type> | |
<ServiceName>TlntSvr</ServiceName> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>SYSTEM\CurrentControlSet\Services\TlntSvr</KeyPath> | |
<KeyName>Start</KeyName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>State</Condition> | |
<NotEquals>Running</NotEquals> | |
</T1> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T2> | |
<T2> | |
<Condition>Value</Condition> | |
<GreaterThan>2</GreaterThan> | |
</T2> | |
</PassIf> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T2> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>OUP_AUTO</CheckID> | |
<Description>12C30F78C9C36CF275302F466AAAEF34774B3A9A89D7F28FEC7D7CF14BD0422A32A1AF03003B4CA18E9AD3901C380B15E14FB93CC8F1156C1284F03AB4497155F40E837138A6EB5CC56E3B5D</Description> | |
<Points>3</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update</KeyPath> | |
<KeyName>AUOptions</KeyName> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU</KeyPath> | |
<KeyName>AUOptions</KeyName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Value</Condition> | |
<GreaterThan>1</GreaterThan> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T2> | |
<T2> | |
<Condition>Value</Condition> | |
<GreaterThan>1</GreaterThan> | |
</T2> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>OUP_SP2</CheckID> | |
<Description>B8635E9D9D142DEA4DCF260FC6FDEE3698DBAA82B64987B7385A006880FBFB96982F971361088F40682FC09C4D2925CD078337504F7C91A092E7F145C42C168993143DEDB437A0</Description> | |
<Points>3</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>win_version</Type> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>ServicePack</Condition> | |
<Equals>Service Pack 2</Equals> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>AUP_NOTEP</CheckID> | |
<Description>DE728A9A2F14048E5A8A3106FB311AF4039D6F6958D50DC2A5A52BE3D0012538D8F38D0870AC23A0156EC03754991F7FAF9B20C1FA4C40E2B3CA726E3DFE</Description> | |
<Points>3</Points> | |
<Test> | |
<Type>file</Type> | |
<Name>T1</Name> | |
<FilePath>C:\Program Files\Notepad++\notepad++.exe</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>FileVersionMajor</Condition> | |
<GreaterThan>6</GreaterThan> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>FileVersionMajor</Condition> | |
<Equals>6</Equals> | |
</T1> | |
<T1> | |
<Condition>FileVersionMinor</Condition> | |
<GreaterThan>5</GreaterThan> | |
</T1> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>FIL_SMBPASSWD</CheckID> | |
<Description>B0A6C9CC30CAF854EFDA21EE31742B8752CBA37558B6CE7523E2944EBDFA859EB41E5BB6FE3F2D943FF005744EE6A6E08BF9BBD89C9CB596653517B3B9E081C0A73163DFA1DC4E3388AB4223AF1F204C8F51206CEBC5D9</Description> | |
<Points>6</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>file</Type> | |
<FilePath>C:\Share\secret.txt</FilePath> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>file</Type> | |
<FilePath>C:\Share</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T2> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>SFT_HLIUM</CheckID> | |
<Description>C72FA3FD03B618BD61F14DCB30B8BF58D6CDD44397E17DD65ED33CE1BC3EC9778D2F2CCB610910227D6E73183C39FCFE46FFB355</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>file</Type> | |
<FilePath>C:\Program Files\Intermedia Software\Helium 9\helium9.exe</FilePath> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>file</Type> | |
<FilePath>C:\Program Files</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T2> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>SFT_NEXUS</CheckID> | |
<Description>7D6FAC3CFAC32C1ADDE6FA0A363149CC8998F39664E5D0B2BA651171E5FE5B9597C705A810D9F0E6AC13FC0E56A17998FB161834E44C91</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>file</Type> | |
<FilePath>C:\Program Files\Nexus Radio\Nexus Radio.exe</FilePath> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>file</Type> | |
<FilePath>C:\Program Files</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T2> | |
</PassIf> | |
</Check> | |
<Check> | |
<CheckID>SFT_TVEXE</CheckID> | |
<Description>5A34D87049C559C9DA4704ABBB1F9B013BC7791C236800951BD7802F643F8F173C840C1CFA55D3D036C1D5D266AF1D6982</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>file</Type> | |
<FilePath>C:\Program Files\TVexe\TVexe TV HD.exe</FilePath> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>file</Type> | |
<FilePath>C:\Program Files</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T2> | |
</PassIf> | |
</Check> | |
<Penalty> | |
<CheckID>PEN_USRA</CheckID> | |
<Description>E1EAB38A478CD7B41616D1BDC34BBE8C039441BF57142370C0CE25348A6CECE45345AFABBC3DE0A6A96A284D968F6F50A4C4F003869A9F1C86672B92BD87B93AB58D7FDBC29C7C73CED1BFDAF17C</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>user</Type> | |
<UserName>leonardo</UserName> | |
</Test> | |
<Test> | |
<Name>T2</Name> | |
<Type>user</Type> | |
<UserName>michelangelo</UserName> | |
</Test> | |
<Test> | |
<Name>T3</Name> | |
<Type>user</Type> | |
<UserName>donatello</UserName> | |
</Test> | |
<Test> | |
<Name>T4</Name> | |
<Type>user</Type> | |
<UserName>raphael</UserName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>Admin</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
<PassIf> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T2> | |
<T2> | |
<Condition>Admin</Condition> | |
<Equals>false</Equals> | |
</T2> | |
</PassIf> | |
<PassIf> | |
<T2> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T2> | |
</PassIf> | |
<PassIf> | |
<T3> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T3> | |
<T3> | |
<Condition>Admin</Condition> | |
<Equals>false</Equals> | |
</T3> | |
</PassIf> | |
<PassIf> | |
<T3> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T3> | |
</PassIf> | |
<PassIf> | |
<T4> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T4> | |
<T4> | |
<Condition>Admin</Condition> | |
<Equals>false</Equals> | |
</T4> | |
</PassIf> | |
<PassIf> | |
<T4> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T4> | |
</PassIf> | |
</Penalty> | |
<Penalty> | |
<CheckID>PEN_LOCK</CheckID> | |
<Description>BB8F1D55B7DF97274F1F3A04C9CCAA7F87B25C6F831CAB6A9E102F99A07223A145667529E10386EE4CE2BA6EE0F76608E49997EE6B5C7286318FD268E3B9381599D6FA675994EDD9C494B1C7F2C772799A228111</Description> | |
<Points>2</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>account_lockout_policy</Type> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>true</Equals> | |
</T1> | |
<T1> | |
<Condition>LockoutThreshold</Condition> | |
<GreaterThan>0</GreaterThan> | |
</T1> | |
<T1> | |
<Condition>LockoutThreshold</Condition> | |
<LessThan>3</LessThan> | |
</T1> | |
</PassIf> | |
</Penalty> | |
<Penalty> | |
<CheckID>PEN_SMB</CheckID> | |
<Description>93FAAA795CC51392F6925A9628AC84B5FB90CA54DD26AF9E83AA423A675D4B34BB640942E3A63DF60D73037F1F92F43A74C5BC4BA1E8078BB998A58D606B1C9A928E2668B1</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>registry</Type> | |
<Key>HKEY_LOCAL_MACHINE</Key> | |
<KeyPath>SYSTEM\CurrentControlSet\services\LanmanServer\Shares</KeyPath> | |
<KeyName>Share</KeyName> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Penalty> | |
<Penalty> | |
<CheckID>PEN_SHARE</CheckID> | |
<Description>37664B334EB68496393B5F9BA14E579DCFD02E51C9D4CCB57F514059AB0B63CCF994F7293291A55975D8175927A74EB7A4C2925DE3BB670693764D5B28472BF1CF999084248638B6E01447C4F342485D43FD70D37117</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>file</Type> | |
<FilePath>C:\Share\npp.7.2.Installer.exe</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Penalty> | |
<Penalty> | |
<CheckID>PEN_FFOX</CheckID> | |
<Description>34AB328E5B5EF25F913125FDF79276322DEAC0935BCF5C32BF6793D21AAB493AA5EE714C8D30EEE870749B153F57BB42EFD92C8FB93987B48A06A870907E1323A97D7731E47215529EB8BB898063E4872C1F0D4A</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>file</Type> | |
<FilePath>C:\Program Files\Mozilla Firefox\firefox.exe</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Penalty> | |
<Penalty> | |
<CheckID>PEN_NOTE</CheckID> | |
<Description>3CDAF63524B4456CBFC0780FEE0B9084DD286D009654A2B940951510AD94B2BEDB67137ED3321D5AD4C5A3566FB7333AD82E1EE066A468F1A9A8A6A95AF17A7E87940285A1B8B0D544F8D4C7E7EB4C8F39F095712CFF</Description> | |
<Points>5</Points> | |
<Test> | |
<Name>T1</Name> | |
<Type>file</Type> | |
<FilePath>C:\Program Files\Notepad++\notepad++.exe</FilePath> | |
</Test> | |
<PassIf> | |
<T1> | |
<Condition>Exists</Condition> | |
<Equals>false</Equals> | |
</T1> | |
</PassIf> | |
</Penalty> | |
<AllFiles> | |
<FilePath>C:\</FilePath> | |
<FilePath>C:\mytrojan.exe</FilePath> | |
<FilePath>C:\rootkit.exe</FilePath> | |
<FilePath>C:\Windows\</FilePath> | |
<FilePath>C:\Windows\mytrojan.exe</FilePath> | |
<FilePath>C:\Windows\en-US\</FilePath> | |
<FilePath>C:\Windows\Media\</FilePath> | |
<FilePath>C:\Windows\Microsoft.NET\Framework</FilePath> | |
<FilePath>C:\Windows\PolicyDefinitions\</FilePath> | |
<FilePath>C:\Windows\Prefetch\</FilePath> | |
<FilePath>C:\Windows\servicing\</FilePath> | |
<FilePath>C:\Windows\System32\rootkit.exe</FilePath> | |
<FilePath>C:\Windows\System32\GroupPolicy\Machine\</FilePath> | |
</AllFiles> | |
<AllQueries> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbasedirectories</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbaseobjects</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxPacketSize</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableEncryption</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\HibernateEnabled</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SNMP\Parameters\ExtensionAgents</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TermSrv\</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TermSrv\ServiceName</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NETFramework\Performance\Library</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser\Parameters\ServiceDll</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso\Security\Security</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Lsa\Performance\Library</Key> | |
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMPTRAP\Start</Key> | |
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\</Key> | |
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tcpip\CurrentVersion\</Key> | |
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Build</Key> | |
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\CleanupTime</Key> | |
</AllQueries> | |
</CyberPatriotResource> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment