Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<?xml version="1.0" encoding="utf-8"?>
<CyberPatriotResource>
<ResourceID>Windows2008_r2_hs</ResourceID>
<Tier/>
<Branding>CyberPatriot</Branding>
<Title>CP-IX High School Round 2 Windows 2008</Title>
<TeamKey>CyberPatriot9</TeamKey>
<ScoringUrl>http://54.243.182.228/ccs/upload</ScoringUrl>
<ScoreboardUrl>http://54.243.195.23</ScoreboardUrl>
<HideScoreboard>false</HideScoreboard>
<ReadmeUrl>http://www.uscyberpatriot.org/Pages/Readme/readme_hs_tvadjak3cg.aspx</ReadmeUrl>
<SupportUrl>https://fedgov.webex.com/fedgov/onstage/g.php?PRID=5632977f96b90348071a216c69912878</SupportUrl>
<TimeServers>
<Primary>http://54.243.195.23/message.php</Primary>
<Secondary>http://time.is/UTC</Secondary>
<Secondary>http://nist.time.gov/</Secondary>
<Secondary>http://www.zulutime.net/</Secondary>
<Secondary>http://time1.ucla.edu/home.php</Secondary>
<Secondary>http://viv.ebay.com/ws/eBayISAPI.dll?EbayTime</Secondary>
<Secondary>http://worldtime.io/current/utc_netherlands/8554</Secondary>
<Secondary>http://www.timeanddate.com/worldclock/timezone/utc</Secondary>
<Secondary>http://www.thetimenow.com/utc/coordinated_universal_time</Secondary>
<Secondary>http://www.worldtimeserver.com/current_time_in_UTC.aspx</Secondary>
</TimeServers>
<DestructImage>
<Before>2016-11-20 05:00</Before>
<After>2016-12-13 06:00</After>
<Uptime>07:00</Uptime>
<Playtime/>
<InvalidClient>true</InvalidClient>
<InvalidTeam>00:20</InvalidTeam>
</DestructImage>
<DisableFeedback>
<Before>2016-11-20 05:00</Before>
<After>2016-12-13 06:00</After>
<Uptime>06:30</Uptime>
<Playtime/>
<NoConnection>true</NoConnection>
<InvalidClient>true</InvalidClient>
<InvalidTeam>true</InvalidTeam>
</DisableFeedback>
<WarnAfter>05:30</WarnAfter>
<StopImageAfter>06:00</StopImageAfter>
<StopTeamAfter/>
<StartupTime>60</StartupTime>
<IntervalTime>60</IntervalTime>
<UploadTimeout>24</UploadTimeout>
<OnPointsGained>
<Execute>C:\CyberPatriot\sox.exe C:\CyberPatriot\gain.wav -d -q</Execute>
<Execute>C:\CyberPatriot\Notify.exe You Gained Points</Execute>
</OnPointsGained>
<OnPointsLost>
<Execute>C:\CyberPatriot\sox.exe C:\CyberPatriot\alarm.wav -d -q</Execute>
<Execute>C:\CyberPatriot\Notify.exe You Lost Points</Execute>
</OnPointsLost>
<OnInvalidTeam>
<Execute>C:\CyberPatriot\sox.exe C:\CyberPatriot\alarm.wav -d -q</Execute>
<Execute>C:\CyberPatriot\Notify.exe WARNING: Invalid Unique Identifier</Execute>
</OnInvalidTeam>
<AutoDisplayPoints>true</AutoDisplayPoints>
<InstallPath>C:\CyberPatriot</InstallPath>
<TeamConfig>ScoringConfig</TeamConfig>
<HtmlReport>ScoringReport</HtmlReport>
<HtmlReportTemplate>ScoringReportTemplate</HtmlReportTemplate>
<XmlReport>ScoringData/ScoringReport</XmlReport>
<RedShirt>tempfile</RedShirt>
<ValidClient>
<ResourcePath>C:\CyberPatriot\ScoringResource.dat</ResourcePath>
<ClientPath>C:\CyberPatriot\CCSClient.exe</ClientPath>
<ClientHash>5AA01BD7F0B02F599176A71A01FE7E1F9E8DE834C2C8EB13D9527AC10B7ACFA3</ClientHash>
<ProductID>Windows Server 2008 Standard 32-bit</ProductID>
<DiskID>55FFF60C</DiskID>
<InstallDate>2013-Jul-11 00:02:40</InstallDate>
</ValidClient>
<Check>
<CheckID>FOR_Q1</CheckID>
<Description>5A57F55AA92B0CA6A7115F23F687072732F6E6F2131042A0B1D47736A2755AD91076B065D2D06C5F86B621A88EFD0E3E202C07A2AD35075D84B6432584322431</Description>
<Points>9</Points>
<Test>
<Type>file</Type>
<Name>T1</Name>
<FilePath>C:\Users\leonardo\Desktop\Forensics Question 1.txt</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Contains</Condition>
<Equals>(?i)ANSWER:\s*(C:\\|\\)?Windows\\System32\\config</Equals>
</T1>
<T1>
<Condition>Contains</Condition>
<NotEquals>(?i)ANSWER:\s*(C:\\|\\)?Users</NotEquals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>FOR_Q2</CheckID>
<Description>E602039EA713888582F5B1418570BD277B5C088BB2F89235A32148DF6067D9AFD607BCE97EFDC384EC3F947D6BD81F3FE97B33E4B5415CFC1105BCE2878F6224</Description>
<Points>9</Points>
<Test>
<Type>file</Type>
<Name>T1</Name>
<FilePath>C:\Users\leonardo\Desktop\Forensics Question 2.txt</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Contains</Condition>
<Equals>(?i)ANSWER:\s*dimension\s+x</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_SCREWLO_LOCKOUT</CheckID>
<Description>CC50F80C8737938D99CC00C94A758F8AED73210E161AFC1BBC36089E42F9C3C805242CD953E48FF9814B3EA668C42F862F9E57C99733385137E22A5A34E7075F2CE5DCA2A1</Description>
<Points>3</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>screwloose</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>LockedOut</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_GUEST</CheckID>
<Description>446A8E2949ADC218A47A43F1BE6313FFD1BF978B20A43D8F47C8AEDE6E1557D71C2EFFB766214A32893BE38CE1A7909719AF7DE0181A9200B43A53B97203BB1A</Description>
<Points>2</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>Guest</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Enabled</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Password</Condition>
<NotEquals/>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Password</Condition>
<Equals/>
</T1>
<T1>
<Condition>LogonInteractiveEnabled</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_ROCK</CheckID>
<Description>4AC3C246F9DE77909D60EE524FDFB8678F5E31A46D95CB60A43A02E7D8BE0BC4E461D71363C1F2ADBCBCB35E0AD4FB396A305F193018A6ED6C06B4BFFA51EAF7ED3E339883</Description>
<Points>2</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>rocksteady</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Enabled</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_SHREDDER</CheckID>
<Description>DF9D1910EE37600FA766F6A74000589C34C0CD7ADF3B04311EB26358763AC66D4DDA94E2C45AEDADDD3E13E13C24AA8EEE929D9670B40F11349219EBF2FA92444E1F8A</Description>
<Points>2</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>shredder</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Enabled</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_SEYMOUR</CheckID>
<Description>79F3A3AA65268F830EFC4E4AC5E87F068BCFCBC222C02638CFE0E50C80A53AD8628AB78410D1BB5A48AB70CE912AA0EC4C3B5F02DCB58678B18CAB67E1CADB</Description>
<Points>2</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>seymour</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Password</Condition>
<NotEquals/>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_JAGWAR</CheckID>
<Description>9DAED0CF9AD4BDDFC400B15BD6993D77F3159E7C340FAFFA218FD2B546B362429C2441AC7B028846F7D6BC801B3D1B82D9B630934D1AE33BBDB484E56080</Description>
<Points>2</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>jagwar</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Password</Condition>
<NotEquals/>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_SLASH_LOCKOUT</CheckID>
<Description>BE87D30F8EA03799EEC72C6C399B8651705BCDCAD61645EABC2E239429DA17F5808A25481AC853A984CB3A9913C45F53A45498540047BAC1677109B6DBEE3733</Description>
<Points>3</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>slash</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>LockedOut</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_APRIL</CheckID>
<Description>9DC0BCC61B019B2FD82BFAD97F4602DCDCEA8CED3050E60F39EC61F5295405CDCB0FF807FE22B66A39D061755CC10E7A2988E219EE883FA234CB4212F7F1B86D980A858134A9</Description>
<Points>2</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>april</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Admin</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_MONDO</CheckID>
<Description>C494080D1A96315B5D0C443488645DC0805A0F3DFE31029CBECFFF453A383F7BF96C4F2B0A85257A52AA835362CF19E6FB4860CCE1CCAA5EA20AAC7D1A37F1F3811199BE5ACC3CBE5F8424</Description>
<Points>2</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>mondogecko</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Admin</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>ACT_MINAGE</CheckID>
<Description>C9DEF00E1F8E515DAFF90933884F976B541C4EBBBE94DDAD22DF33C91C7F589BD157970E2B4FF48802712A599696A6B02F244FD3EAE2332EEA2DA0B881E3C88BF8C6A3111BE23843</Description>
<Points>4</Points>
<Test>
<Name>T1</Name>
<Type>password_policy</Type>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>MinPasswordAge</Condition>
<GreaterThan>86399</GreaterThan>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>ACT_WIN</CheckID>
<Description>BB349C06D5CA14EA2022C6B607320C62EFF6019AF728E8FE59E841EA0F9A73E0DC0ED6613E186ACD1084F4345DA5A078D8B194299F8B2F61FA7CB90C18AF1EE86B0E5C9E85E878015F51BC8A4C78AE2F4052FEE7AD9D</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>account_lockout_policy</Type>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>LockoutThreshold</Condition>
<GreaterThan>0</GreaterThan>
</T1>
<T1>
<Condition>LockoutObservationWindow</Condition>
<GreaterThan>240</GreaterThan>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>POL_IL_CAD</CheckID>
<Description>F16F7F3039C2512BC02B0AC58B6993E5B6B53C531FC283C8056793CF84EBEA5A75B37D3C68698E01867A3028922AAAC4CE4CB8FD7CBF521134D66A7ECF193524CE8ECB278599C26C820C</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<KeyName>DisableCAD</KeyName>
</Test>
<Test>
<Name>T2</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<KeyName>DisableCAD</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Value</Condition>
<Equals>0</Equals>
</T1>
</PassIf>
<PassIf>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
<T2>
<Condition>Value</Condition>
<Equals>0</Equals>
</T2>
</PassIf>
</Check>
<Check>
<CheckID>POL_MNS_ESIG</CheckID>
<Description>F116AA8C7E4CACAC17B8415426A64884E4F7A76AFE9ED6AD5C64E8A8C3752340563D35C62A998282C4FF748089B2B21E4E423A8F7C58077E4BDDE87648C5D5F6A92DFB9452DB87788518E29F3974986B0D4AF1983D25E975CC7D70120ECBA3DE05E5E46FB2</Description>
<Points>7</Points>
<Test>
<Name>T1</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<KeyName>EnableSecuritySignature</KeyName>
</Test>
<Test>
<Name>T2</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<KeyName>RequireSecuritySignature</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Value</Condition>
<Equals>1</Equals>
</T1>
</PassIf>
<PassIf>
<T2>
<Condition>Value</Condition>
<Equals>1</Equals>
</T2>
</PassIf>
</Check>
<Check>
<CheckID>SYS_SHC</CheckID>
<Description>9D527EBAC9662F0BF98AB17A9B90F9DF3F063AD8D59C50D2346046C2F40D0C3B21B7C6DE58CB518F15AB8DB0F4A340807B4F8A8B4AB08E1E7F2549A62DADDD8A11B9B6F48C</Description>
<Points>6</Points>
<Test>
<Name>T1</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SYSTEM\CurrentControlSet\services\LanmanServer\Shares</KeyPath>
<KeyName>C</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>SRV_TLNT</CheckID>
<Description>46F0543DA67F293994E1D30DFF8734CFB1A6485C4FF7A0204C3E341EBE6B98B1E31587E1353E29133874EEB733A9A91EC1D69CA4C8ABC0AF69ED71294A7B9C358DD56D7DAC7CD0A782BDC6AE985852CC</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>service</Type>
<ServiceName>TlntSvr</ServiceName>
</Test>
<Test>
<Name>T2</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SYSTEM\CurrentControlSet\Services\TlntSvr</KeyPath>
<KeyName>Start</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>State</Condition>
<NotEquals>Running</NotEquals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
<T2>
<Condition>Value</Condition>
<GreaterThan>2</GreaterThan>
</T2>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T2>
</PassIf>
</Check>
<Check>
<CheckID>OUP_AUTO</CheckID>
<Description>12C30F78C9C36CF275302F466AAAEF34774B3A9A89D7F28FEC7D7CF14BD0422A32A1AF03003B4CA18E9AD3901C380B15E14FB93CC8F1156C1284F03AB4497155F40E837138A6EB5CC56E3B5D</Description>
<Points>3</Points>
<Test>
<Name>T1</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update</KeyPath>
<KeyName>AUOptions</KeyName>
</Test>
<Test>
<Name>T2</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU</KeyPath>
<KeyName>AUOptions</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Value</Condition>
<GreaterThan>1</GreaterThan>
</T1>
</PassIf>
<PassIf>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
<T2>
<Condition>Value</Condition>
<GreaterThan>1</GreaterThan>
</T2>
</PassIf>
</Check>
<Check>
<CheckID>OUP_SP2</CheckID>
<Description>B8635E9D9D142DEA4DCF260FC6FDEE3698DBAA82B64987B7385A006880FBFB96982F971361088F40682FC09C4D2925CD078337504F7C91A092E7F145C42C168993143DEDB437A0</Description>
<Points>3</Points>
<Test>
<Name>T1</Name>
<Type>win_version</Type>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>ServicePack</Condition>
<Equals>Service Pack 2</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>AUP_NOTEP</CheckID>
<Description>DE728A9A2F14048E5A8A3106FB311AF4039D6F6958D50DC2A5A52BE3D0012538D8F38D0870AC23A0156EC03754991F7FAF9B20C1FA4C40E2B3CA726E3DFE</Description>
<Points>3</Points>
<Test>
<Type>file</Type>
<Name>T1</Name>
<FilePath>C:\Program Files\Notepad++\notepad++.exe</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>FileVersionMajor</Condition>
<GreaterThan>6</GreaterThan>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>FileVersionMajor</Condition>
<Equals>6</Equals>
</T1>
<T1>
<Condition>FileVersionMinor</Condition>
<GreaterThan>5</GreaterThan>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>FIL_SMBPASSWD</CheckID>
<Description>B0A6C9CC30CAF854EFDA21EE31742B8752CBA37558B6CE7523E2944EBDFA859EB41E5BB6FE3F2D943FF005744EE6A6E08BF9BBD89C9CB596653517B3B9E081C0A73163DFA1DC4E3388AB4223AF1F204C8F51206CEBC5D9</Description>
<Points>6</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Share\secret.txt</FilePath>
</Test>
<Test>
<Name>T2</Name>
<Type>file</Type>
<FilePath>C:\Share</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
</PassIf>
</Check>
<Check>
<CheckID>SFT_HLIUM</CheckID>
<Description>C72FA3FD03B618BD61F14DCB30B8BF58D6CDD44397E17DD65ED33CE1BC3EC9778D2F2CCB610910227D6E73183C39FCFE46FFB355</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Program Files\Intermedia Software\Helium 9\helium9.exe</FilePath>
</Test>
<Test>
<Name>T2</Name>
<Type>file</Type>
<FilePath>C:\Program Files</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
</PassIf>
</Check>
<Check>
<CheckID>SFT_NEXUS</CheckID>
<Description>7D6FAC3CFAC32C1ADDE6FA0A363149CC8998F39664E5D0B2BA651171E5FE5B9597C705A810D9F0E6AC13FC0E56A17998FB161834E44C91</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Program Files\Nexus Radio\Nexus Radio.exe</FilePath>
</Test>
<Test>
<Name>T2</Name>
<Type>file</Type>
<FilePath>C:\Program Files</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
</PassIf>
</Check>
<Check>
<CheckID>SFT_TVEXE</CheckID>
<Description>5A34D87049C559C9DA4704ABBB1F9B013BC7791C236800951BD7802F643F8F173C840C1CFA55D3D036C1D5D266AF1D6982</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Program Files\TVexe\TVexe TV HD.exe</FilePath>
</Test>
<Test>
<Name>T2</Name>
<Type>file</Type>
<FilePath>C:\Program Files</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
</PassIf>
</Check>
<Penalty>
<CheckID>PEN_USRA</CheckID>
<Description>E1EAB38A478CD7B41616D1BDC34BBE8C039441BF57142370C0CE25348A6CECE45345AFABBC3DE0A6A96A284D968F6F50A4C4F003869A9F1C86672B92BD87B93AB58D7FDBC29C7C73CED1BFDAF17C</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>leonardo</UserName>
</Test>
<Test>
<Name>T2</Name>
<Type>user</Type>
<UserName>michelangelo</UserName>
</Test>
<Test>
<Name>T3</Name>
<Type>user</Type>
<UserName>donatello</UserName>
</Test>
<Test>
<Name>T4</Name>
<Type>user</Type>
<UserName>raphael</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Admin</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
<T2>
<Condition>Admin</Condition>
<Equals>false</Equals>
</T2>
</PassIf>
<PassIf>
<T2>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T2>
</PassIf>
<PassIf>
<T3>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T3>
<T3>
<Condition>Admin</Condition>
<Equals>false</Equals>
</T3>
</PassIf>
<PassIf>
<T3>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T3>
</PassIf>
<PassIf>
<T4>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T4>
<T4>
<Condition>Admin</Condition>
<Equals>false</Equals>
</T4>
</PassIf>
<PassIf>
<T4>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T4>
</PassIf>
</Penalty>
<Penalty>
<CheckID>PEN_LOCK</CheckID>
<Description>BB8F1D55B7DF97274F1F3A04C9CCAA7F87B25C6F831CAB6A9E102F99A07223A145667529E10386EE4CE2BA6EE0F76608E49997EE6B5C7286318FD268E3B9381599D6FA675994EDD9C494B1C7F2C772799A228111</Description>
<Points>2</Points>
<Test>
<Name>T1</Name>
<Type>account_lockout_policy</Type>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>LockoutThreshold</Condition>
<GreaterThan>0</GreaterThan>
</T1>
<T1>
<Condition>LockoutThreshold</Condition>
<LessThan>3</LessThan>
</T1>
</PassIf>
</Penalty>
<Penalty>
<CheckID>PEN_SMB</CheckID>
<Description>93FAAA795CC51392F6925A9628AC84B5FB90CA54DD26AF9E83AA423A675D4B34BB640942E3A63DF60D73037F1F92F43A74C5BC4BA1E8078BB998A58D606B1C9A928E2668B1</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SYSTEM\CurrentControlSet\services\LanmanServer\Shares</KeyPath>
<KeyName>Share</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Penalty>
<Penalty>
<CheckID>PEN_SHARE</CheckID>
<Description>37664B334EB68496393B5F9BA14E579DCFD02E51C9D4CCB57F514059AB0B63CCF994F7293291A55975D8175927A74EB7A4C2925DE3BB670693764D5B28472BF1CF999084248638B6E01447C4F342485D43FD70D37117</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Share\npp.7.2.Installer.exe</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Penalty>
<Penalty>
<CheckID>PEN_FFOX</CheckID>
<Description>34AB328E5B5EF25F913125FDF79276322DEAC0935BCF5C32BF6793D21AAB493AA5EE714C8D30EEE870749B153F57BB42EFD92C8FB93987B48A06A870907E1323A97D7731E47215529EB8BB898063E4872C1F0D4A</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Program Files\Mozilla Firefox\firefox.exe</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Penalty>
<Penalty>
<CheckID>PEN_NOTE</CheckID>
<Description>3CDAF63524B4456CBFC0780FEE0B9084DD286D009654A2B940951510AD94B2BEDB67137ED3321D5AD4C5A3566FB7333AD82E1EE066A468F1A9A8A6A95AF17A7E87940285A1B8B0D544F8D4C7E7EB4C8F39F095712CFF</Description>
<Points>5</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Program Files\Notepad++\notepad++.exe</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Penalty>
<AllFiles>
<FilePath>C:\</FilePath>
<FilePath>C:\mytrojan.exe</FilePath>
<FilePath>C:\rootkit.exe</FilePath>
<FilePath>C:\Windows\</FilePath>
<FilePath>C:\Windows\mytrojan.exe</FilePath>
<FilePath>C:\Windows\en-US\</FilePath>
<FilePath>C:\Windows\Media\</FilePath>
<FilePath>C:\Windows\Microsoft.NET\Framework</FilePath>
<FilePath>C:\Windows\PolicyDefinitions\</FilePath>
<FilePath>C:\Windows\Prefetch\</FilePath>
<FilePath>C:\Windows\servicing\</FilePath>
<FilePath>C:\Windows\System32\rootkit.exe</FilePath>
<FilePath>C:\Windows\System32\GroupPolicy\Machine\</FilePath>
</AllFiles>
<AllQueries>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbasedirectories</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbaseobjects</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxPacketSize</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableEncryption</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\HibernateEnabled</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SNMP\Parameters\ExtensionAgents</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TermSrv\</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TermSrv\ServiceName</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NETFramework\Performance\Library</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser\Parameters\ServiceDll</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso\Security\Security</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Lsa\Performance\Library</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMPTRAP\Start</Key>
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\</Key>
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tcpip\CurrentVersion\</Key>
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Build</Key>
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\CleanupTime</Key>
</AllQueries>
</CyberPatriotResource>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.