Upload files to "3 DC/GPOs"
This commit is contained in:
BIN
3 DC/GPOs/(3) Mapping Drives Using GPO's S.O.P..pdf
Normal file
BIN
3 DC/GPOs/(3) Mapping Drives Using GPO's S.O.P..pdf
Normal file
Binary file not shown.
10
3 DC/GPOs/3) increase_log_size.md
Normal file
10
3 DC/GPOs/3) increase_log_size.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Powershell
|
||||||
|
```
|
||||||
|
Limit-Eventlog -logname security -maximumsize 200MB -overflowaction overwriteolder
|
||||||
|
```
|
||||||
|
|
||||||
|
# GPO to increase log size
|
||||||
|
|
||||||
|
Computer Configuration > policies > administrative templates > windows components > event log service
|
||||||
|
|
||||||
|
enable "Specify the maximum log file size (KB)" to 200000 = 200MB
|
||||||
23
3 DC/GPOs/4) DCO_GPO_INTERNAL.md
Normal file
23
3 DC/GPOs/4) DCO_GPO_INTERNAL.md
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Tools
|
||||||
|
|
||||||
|
[DFIR Tools](https://ericzimmerman.github.io/#!index.md)
|
||||||
|
[Flare](https://github.com/HASecuritySolutions/flare)
|
||||||
|
[Ghidra](https://github.com/NationalSecurityAgency/ghidra)
|
||||||
|
[Greenborne](https://github.com/greenbone/openvas-scanner)
|
||||||
|
[Kali ISO](https://cdimage.kali.org/kali-2024.2/kali-linux-2024.2-installer-amd64.iso)
|
||||||
|
[memdump](https://www.softpedia.com/get/System/System-Miscellaneous/MemDump.shtml)
|
||||||
|
[memprocfs](https://github.com/ufrisk/MemProcFS)
|
||||||
|
[Network Miner](https://www.netresec.com/?page=NetworkMiner)
|
||||||
|
[Persistent Sniper](https://github.com/last-byte/PersistenceSniper)
|
||||||
|
[reg shot](https://sourceforge.net/projects/regshot/)
|
||||||
|
[Rita](https://github.com/activecm/rita)
|
||||||
|
[Snort](https://www.snort.org/)
|
||||||
|
[sysinternals](https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite)
|
||||||
|
[volatility](https://github.com/volatilityfoundation/volatility3)
|
||||||
|
[wireshark](https://www.wireshark.org/download.html)
|
||||||
|
|
||||||
|
## OVAs
|
||||||
|
|
||||||
|
[Remnux](https://docs.remnux.org/install-distro/get-virtual-appliance)
|
||||||
|
[Sift](https://www.sans.org/tools/sift-workstation/)
|
||||||
|
[Kali](https://www.kali.org/get-kali/#kali-installer-images)
|
||||||
14
3 DC/GPOs/Remote_Cred_Guard.md
Normal file
14
3 DC/GPOs/Remote_Cred_Guard.md
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# Remote Credential Guard
|
||||||
|
|
||||||
|
Remote Credential Guard helps protecting credentials over a Remote Desktop (RDP) connection by redirecting Kerberos requests back to the device that's requesting the connection.
|
||||||
|
|
||||||
|
## GPO [^1]
|
||||||
|
|
||||||
|
|Group policy path|Group policy setting|Value|
|
||||||
|
|---|---|---|
|
||||||
|
|Computer Configuration\Administrative Templates\System\Credentials Delegation|Remote host allows delegation of nonexportable credentials|Enabled|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#### Resources
|
||||||
|
[^1]: [Remote Credential Guard](https://learn.microsoft.com/en-us/windows/security/identity-protection/remote-credential-guard?tabs=gpo)
|
||||||
Reference in New Issue
Block a user