ID 1100, Account lockout duration, Result=15, Severity=Passed 9:23:52 AM - Starting Category Account Policies ID 1000, SMBv1 Support, Result=Disabled, Severity=Passed 9:23:49 AM - Getting machine information \lists\finding_list_0圆d69636b_machine.csv PS C:\> Invoke-HardeningKitty -FileFindingList. HardeningKitty_ is loaded and executed using the following commands: PS C:\> Import-Module -Force Invoke-HardeningKitty.ps1 If an evaluation of specific user settings is to be performed, such as when checking Microsoft Office or Microsoft Edge, the script should be started with the respective user whose settings are to be evaluated. In the Finding List, the module used is defined for each test point. For other modules, however, extended privileges are necessary. If only registry values are read out, this can be done without administrator rights. The execution is possible with user or administrator rights. ![]() In the update from HardeningKitty to version 0.4.2 we have implemented an additional check which does not evaluate a test point if local administrator rights are missing to avoid false positive results. If a value cannot be read out because the required values are missing, we have first maintained a default value in the Finding list. Local administrator rights are required to read all system settings. Using the tool AccessChk there is also an external dependency, all other modules use standard system components. However, HardeningKitty has additional modules that use tools such as auditpol.exe, bcdedit.exe, and secedit.exe, as well as PowerShell cmdlets such as Get-ComputerInfo, Get-BitLockerVolume, Get-MpPreference, and Get-Processmitigation to access system information outside of the registry. Use of modulesīy querying the Registry most of the test points can be processed. The PowerShell script HardeningKitty is available in our GitHub repository for free use and reuse. Therefore we decided to write our own script. For example, we were not able to read the BitLocker status or the presence of Windows features such as SMBv1 or PowerShellv2 as intended. On the one hand, we could not implement all checks and on the other hand we need more freedom in processing the results. After several attempts, we found that the Policy Analyzer is not the right tool for our requirements. After that we tried to analyze the configuration of a system with the Microsoft tool Policy Analyzer from the Microsoft Security Compliance Toolkit 1.0 using checklists and checking for hardening settings, which we recommend to our customers in Configuration Reviews. The automated reading of the Windows configuration is the result of a further development that started with a collection of hardening recommendations from the article Windows 10 Client Hardening in December 2016 and continued with the creation of a Hardening Checklist in autumn 2017. The evaluation is done based on stored severity levels in the finding list. For information retrieval, HardeningKitty uses various modules, such as registry keys, defined guidelines for user group rights and audit/logging settings. Finding lists are used to read and evaluate Windows settings. HardeningKitty, the twin sister of KleptoKitty, is a script based on PowerShell for checking the hardening of a Windows system or individual applications such as Microsoft Office and Microsoft Edge. With our PowerShell script HardeningKitty, the configuration of a Windows system (client and server) can be automatically checked and evaluated. In addition, the probability of detecting attacks at an early stage increases. With a well-hardened operating system, the chance of success for attackers can be reduced. For such attacks to be successful, attackers must have local administrator rights to read out the LSA process and be able to communicate with other systems. The contribution to KleptoKitty introduced a framework for Lateral-Movement attacks, which should facilitate attacks on systems in a Windows network. Finding lists can be edited or supplemented with simple means.Finding lists are based on own experiences and Microsoft Security Baselines.Different modules are used to read out information.Finding lists can be used to read out and evaluate Hardening settings.HardeningKitty is a PowerShell script for Windows Hardening.CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.Automated Auditing and Hardening of Windows The CIS Benchmarks are distributed free of charge in PDF format for non-commercial use to propagate their worldwide use and adoption as user-originated, de facto standards.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |