Itamar MrAnde7son
MrAnde7son
/ Invoke-WMIRestrictions
Last active
March 20, 2024 18:25
Modifies WMI root namespace to deny all access of specific user, in order to mitigate WMI lateral movement of specific privileged users (not supposed to use WMI).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Invoke-WMIRestriction | |
| { | |
| <# | |
| .SYNOPSIS | |
| Modifies WMI root namespace ACL to deny all access of specific user, in order to mitigate WMI lateral movement of specific privileged users (not supposed to use WMI). | |
| Author: Itamar Mizrahi (@Zecured) | |
| License: GNU v3 | |
| Required Dependencies: None | |
| Optional Dependencies: None |
MrAnde7son
/ Remove-ReadPermissions.ps1
Created
May 29, 2017 06:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Remove-ObjectPermissions | |
| { | |
| <# | |
| .SYNOPSIS | |
| Denies all access (including read and list) from a given AD object on privileged domain accounts (Domain Admins, Administrators, Enterprise Admins). | |
| This aims to make it harder for an adversary to map privileged users after he established the inital foothold over the network and got a non-privileged domain user. | |
| Author: Itamar Mizrahi (@MrAnde7son) | |
| License: GNU v3 | |
| Required Dependencies: None | |
| Optional Dependencies: None |