This website works better with JavaScript
Etusivu
Tutki
Apua
Kirjaudu sisään
msc
/
cheatsheets
Tarkkaile
1
Äänestä
0
Fork
0
Tiedostot
Ongelmat
0
Pull-pyynnöt
0
Wiki
Puu:
33ae262fb9
Haarat
Tagit
master
wip
cheatsheets
/
checklists
/
hardening
/
win10-AD-hardening.md
win10-AD-hardening.md
634 B
Historia
Raaka
title: Windows Active Directory Hardening date: 2021-01-13 categories: [checklists]
tags: [windows, hardening, AD]
Windows Active Directory Hardening
NTLM Hardening
Enforce SMB Signing to prevents simple NTLM relaying attacks
Block NTLMv1 (can be set via GPO)
Enforce LDAP/S Signing to prevent NTLM relay in LDAP
Enforce EPA (to prevent NTLM relay on Web Servers)
Credential hardening
Disable LM hashes via GPO noLMHash
Domain Controler Hardening
Disable the printer spooler service (
spoolsv.exe
)
Used for several exploits
CVE-2021-1675
CVE-2020-1048