This website works better with JavaScript
首頁
探索
說明
登入
msc
/
cheatsheets
關註
1
讚好
0
複刻
0
Files
問題管理
0
合併請求
0
Wiki
目錄樹:
33ae262fb9
分支列表
標籤列表
master
wip
cheatsheets
/
checklists
/
hardening
/
win10-AD-hardening.md
win10-AD-hardening.md
634 B
文件歷史
原始文件
title: Windows Active Directory Hardening date: 2021-01-13 categories: [checklists]
tags: [windows, hardening, AD]
Windows Active Directory Hardening
NTLM Hardening
Enforce SMB Signing to prevents simple NTLM relaying attacks
Block NTLMv1 (can be set via GPO)
Enforce LDAP/S Signing to prevent NTLM relay in LDAP
Enforce EPA (to prevent NTLM relay on Web Servers)
Credential hardening
Disable LM hashes via GPO noLMHash
Domain Controler Hardening
Disable the printer spooler service (
spoolsv.exe
)
Used for several exploits
CVE-2021-1675
CVE-2020-1048