cheatsheets/checklists/windows/win10-client-audit.md

---

title: Windows 10 Client Audit date: 2021-01-13 categories: [checklists]

tags: [ windows, hardening]

Checkliste Windows 10 Client Audit

Windows 10 Boot

• BIOS Password
• Secure Boot
• Boot Order
• Intel AMT Default Password

Windows GPOS best Practices

• TBD

Windows Privilege Escalation

• %WINDIR%\Panther\Unattended.xml
• Unquoted Service Paths
• Wrong service permissions
• Wrong service executable permissions
• Group Policy Preferences
• AlwaysIntallElevated
• AutoLogon Password in registry
• DLL Load Order Highjacking
• Missing Hotfixes
• Hardcoded credentials in config files/scripts.
• Sticky Keys

Third Part Tools

• Old Versions/Vulnerable Versions
• Hardcoded Credentials in config files/Scripts.
• Reversing the Software

Windows 0day hunting

• Advanced LPC Calls
• scheduled tasks 0day

Common Tools

• Powersploit
• Empire
• IDA
• MeshCommander (Intel AMT)
• PowerUp.ps1
• Mimikatz
• Sysinternals
  • accesschk.exe
  • procmon.exe
  • taskmon.exe
  • ...