Skip to content

A windows hardening script that makes it difficult to compromise a Windows device. Only for use during Blue-Team Competitions.

Notifications You must be signed in to change notification settings

WGU-CCDC/Windows-Hardening-CTF

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Windows-Hardening-CTF

A windows hardening script that makes it difficult and more annoying to compromise a Windows device.

What does this script do?

  • Disables Command Prompt
  • Disables LLMNR
  • Disables PowerShell v2
  • Disables SMB Compression
  • Disables SMB v1
  • Disables SMB v2
  • Disables TCP Timestamps
  • Disables WSMAN and PSRemoting
  • Enables AppLocker with NSA Recommended Policies
  • Enables Best practice Windows Logging and Security Controls
  • Enables DEP
  • Enables EMET Configurations (Only applies to systems with EMET installed)
  • Enables PowerShell Constrined Language Mode
  • Enables PowerShell Logging
  • Enables SMB Encryption
  • Enables Spectre and Meltdown Mitigations
  • Enables Windows Defender Application Control
  • Enables Windows Defender Attack Surface Reduction Procections
  • Enables Windows Defender Cloud-based Protections
  • Enables Windows Defender Exploit Protections
  • Enables Windows Firewall and Logging
  • Installs PSWindowsUpdate and Installs all Available Windows Updates

Download the required files:

Download the required files from the GitHub Repository

How to run the script:

The script may be lauched from the extracted GitHub download like this:

.\sos-windows-hardening-ctf.ps1

About

A windows hardening script that makes it difficult to compromise a Windows device. Only for use during Blue-Team Competitions.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 100.0%