This section has all of the individual documentation for each hardening technique. The techniques we focused in on were the ones that I have either exploited as part of Red Team engagements, been on the receiving end of from an Incident Response effort. These are very common attack tactics that I see many Offensive Security Teams, and threat actors alike take advantage of for various exploitation efforts.
- Disable LLMNR, Disable mDNS, Disable NetBios Name Solution (NBNS) combined into single document
- Enable SMB Signing
- Disable WPAD
- Force NTLMv2 or higher
- Restrict Null Sessions
- Disable WDigest
- Restrict AT.exe
- Prefer IPv4 over IPv6
- Enable Windows Firewall Logging (Detective, not preventative)
- Disable PowerShell V2
- Enable PowerShell Script Block Logging (Detective, not preventative)
- Remove SeDebug Privilege from Users in the Linked OU
- Enable Restricted Admin Mode
- Enable LSA Protection
- Disable Credential Caching (Set to 0 Cached Credentials)
- Disable Internet Explorer
- Enable SEHOP (Structured Exception Handler Overwrite Protection)
- Disable Reversible Password Encryption
- Enable LDAP Signing
- Disable Insecure Logons to an SMB Server
- Restrict Anonymous Access to Named Pipes and Shares
- ASR (Attack Surface Reduction) Rules