Home

Awesome

Awesome Windows Domain Hardening Awesome

A curated list of awesome Security Hardening techniques for Windows.

Created by gepeto42 and PaulWebSec but highly inspired from PyroTek3 research!

Summary

This document summarizes the information related to Pyrotek and Harmj0y's DerbyCon talk called "111 Attacking EvilCorp Anatomy of a Corporate Hack". Video and slides are available below.

It also incorporates hardening techniques necessary to prevent other attacks, including techniques discussed by gepeto42 and joeynoname during their THOTCON 0x7 talk.

Something's missing? Create a Pull Request and add it.

Initial foothold

Reconnaissance

BloodHound "prevention":

Lateral Movement

  1. Set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TokenLeakDetectDelaySecs = 30. This will clear credentials of logged off users after 30 seconds (mimicking the behavior of Windows 8.1+)
  2. Set HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential = 0. This will prevent Wdigest credentials being stored in memory, again as is the default for Windows 8.1+.

Privilege Escalation

Protect Administration Credentials

Strengthen/Remove Legacy

Tools

Videos

Slides

Additional resources