I hereby claim:
- I am c3rberus on github.
- I am c3rberus (https://keybase.io/c3rberus) on keybase.
- I have a public key ASDGQHTuKzJP-3ynJ2wRGKQpcp0sFH1R8CgsmlkSbb0f4Ao
To claim this, I am signing this object:
BEGIN TRY | |
DROP TABLE [Dim].[Date] | |
END TRY | |
BEGIN CATCH | |
/*No Action*/ | |
END CATCH | |
CREATE TABLE [Dim].[Date] | |
( |
# A retired winlogbeats config maintained by the Recon InfoSec SOC | |
# contains most the higher value events needed for detection and response | |
# should be tuned for your specific environment and log volume tolerance | |
winlogbeat.event_logs: # Global Event Logs Config | |
- name: Security | |
ignore_older: 24h | |
processors: | |
- script: | |
when.equals.winlog.channel: Security |
:: Windows 10 Hardening Script | |
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. | |
:: Obligatory 'views are my own'. :) | |
:: Thank you @jaredhaight for the Win Firewall config recommendations! | |
:: Thank you @ricardojba for the DLL Safe Order Search reg key! | |
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings! | |
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater | |
: |
$ASRGuidMatrix = @{'56a863a9-875e-4185-98a7-b882c64b5ce5' ='Block abuse of exploited vulnerable signed drivers'; | |
'7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' = 'Block Adobe Reader from creating child processes'; | |
'd4f940ab-401b-4efc-aadc-ad5f3c50688a' = 'Block all Office applications from creating child processes'; | |
'9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' = 'Block credential stealing from the Windows local security authority subsystem (lsass.exe)'; | |
'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' = 'Block executable content from email client and webmail'; | |
'01443614-cd74-433a-b99e-2ecdc07bfc25' = 'Block executable files from running unless they meet a prevalence, age, or trusted list criterion'; | |
'5beb7efe-fd9a-4556-801d-275e5ffc04cc'='Block execution of potentially obfuscated scripts'; | |
'd3e037e1-3eb8-44c8-a917-57927947596d'='Block JavaScript or VBScript from launching downloaded executable content'; | |
'3b576869-a4ec-4529-8536-b80a7769e899'='Block Office applications from creating executable content'; | |
'75668c1f-73b5-4cf0-bb93-3ecf5 |
runas /user:acme\administrator "cmd.exe /C powershell.exe"' |
#To do a mirror operation and properly copy the file and folder permissions, use the /sec and /secfix commands. The /sec command will copy the file security over for changed files, while the /secfix command will update the security for unchanged files. | |
#By combining these commands with /mir you will effectively mirror all of the files, folders, and permissions from a source directory to a destination. | |
robocopy D:\Source\ D:\Destination /mir /sec /secfix /v /log:copy.log |
auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable |
I hereby claim:
To claim this, I am signing this object:
BEGIN TRY | |
DROP TABLE [Dim].[Date] | |
END TRY | |
BEGIN CATCH | |
/*No Action*/ | |
END CATCH | |
CREATE TABLE [Dim].[Date] | |
( |