Michael Ritter michiiii
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AV Products or Companies: | |
| Avast | |
| BitDefender | |
| Carbon Black | |
| Check Point | |
| Cisco | |
| ClamAV | |
| CrowdStrike | |
| Cylance | |
| Elastic Endpoint Security |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Library('ci-jenkins-common') _ | |
| // Jenkins build pipeline (declarative) | |
| // Project: Seatbelt | |
| // URL: https://github.com/GhostPack/Seatbelt | |
| // Author: @tifkin_/@harmj0y | |
| // Pipeline Author: harmj0y | |
| def gitURL = "https://github.com/GhostPack/Seatbelt" |
hanfil
/ Harden.ps1
Last active
March 13, 2023 23:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enable Windows Firewall | |
| Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True | |
| # SMB # require elevated privileges # | |
| ## Turn on SMB signing and encryption | |
| Set-SmbServerConfiguration -RequireSecuritySignature $True -EnableSecuritySignature $True -EncryptData $True -Confirm:$false -Verbose | |
| ## Turn off the default workstations shares | |
| Set-SmbServerConfiguration -AutoShareWorkstation $False -Confirm:$false -Verbose |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef PATCHLESS_AMSI_H | |
| #define PATCHLESS_AMSI_H | |
| #include <windows.h> | |
| static const int AMSI_RESULT_CLEAN = 0; | |
| PVOID g_amsiScanBufferPtr = nullptr; | |
| unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) { |
mgeeky
/ Configure-ASR.ps1
Created
December 28, 2022 12:13
A little script that configures all Microsoft Defender Attack Surface Reduction (ASR) rules at once to a specific state. Example: PS> .\Configure-ASR.ps1 -State Enabled
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| <# | |
| .SYNOPSIS | |
| Script used to manage state of Microsoft Defender's Attack Surface Redution rules. | |
| Configures all ASR rules into mode defined in -State parameter. | |
| .PARAMETER State | |
| Tells how to configure all ASR rules available. Valid options: | |
| - Disable (Disable the ASR rule) |
OlderNewer