KEMBAR78
VMPDF | PDF
Scribd
Upload
21 views59 pages

VMPDF

The document outlines various security measures and configurations implemented within a system, including the removal of prohibited software and files, enabling security features like SMB over QUIC and RDP with Network Level Authentication, and auditing settings for account management. Additionally, it highlights user account management changes, such as disabling guest accounts and modifying administrative privileges. Overall, the document reflects a comprehensive effort to enhance system security and compliance with best practices.

Uploaded by

Pei Cheng Wu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views59 pages

VMPDF

The document outlines various security measures and configurations implemented within a system, including the removal of prohibited software and files, enabling security features like SMB over QUIC and RDP with Network Level Authentication, and auditing settings for account management. Additionally, it highlights user account management changes, such as disabling guest accounts and modifying administrative privileges. Overall, the document reflects a comprehensive effort to enhance system security and compliance with best practices.

Uploaded by

Pei Cheng Wu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 59

Forensic 1

Forensic 2
Forensic 3
Forensic 4
Forensic 5
Forensic 5
Forensic 6
1.CAPolicy.inf insecure permissions fixed
1.CAPolicy.inf insecure permissions fixed
1.CAPolicy.inf insecure permissions fixed
2.AD CS disallowed certs auto update is
enabled
3.VBS is in Mandatory Mode
4.Machine Identity Isolation is set to audit
mode or enforcement mode
5.SMB over QUIC is enabled on Server and Client
6.SMB Blocks NTLM is enabled
7.A Minimum SMB Version(3.0.0+) is configured
8.Authenticator Rate Limiter is enabled
9.An Invalid Authentication Delay exists on the system
10.RDP Requires Network level Authentication
11.Require use of specific security layer for RDP set to TLS
12.File Share Western Influence Stopped sharing
13.Netcat Backdoor Removed En conflicto porque ya borre antes
el file
14.Prohibited Software Wireshark is removed
15.Prohibited Software Pong is removed
16.PowerShell 2.0 is disabled
17.Removed Prohibited MP4 files
18.Plaintext file with passwords removed
19.Remote Registry Service Disabled
20.[Windows Automatically Checks for Updates] NOT MARKED
21.[Application is updated]
22.Firewall is Enabled
23.Windows Smart Screen Enabled
24.Microsoft Defender Antivirus - Block Webshell creation for
Servers ASR rule configured
25.A minimum password length is set
26. Audit Computer Account Management [Success/Failure]
27.Audit SAM [Success/Failure
28.Advanced Audit for Certification Services is enabled
29.Do not allow anonymous enumeration of sam accounts enable
30.Restrict cd-rom access to locally logged on user only
31.Password must meet complexity requirements[enable
32.Removed Unauthorized User 에이든
33.Kim Chang-bong is not an Administrator
34.Guest Account is disabled
35. Kim Kwang-hyop is no longer an Enterprise Admin
36.Domain Controllers group is no longer managed by Domain
Guests
37.Enterprise Admins no longer managed by Users
38.Everyone does not have FullControl rights on the domain
39. Created AD group Generals
40. Added Users to group Generals
41.Chrome sends a Do Not Track request
42.msDS-KeyCredential object '05jf' is deleted from
LostAndFound

You might also like