Links

Workstation

Prerequisites

  • Local administrator and basic user account
  • PowerShell we need to be enabled on windows builds
  • Port 445 will need to be enabled for authentication scan
Ensure that you make the followihng registry edit in order to be able to perform the remote authenticated nussus scan:
regedit (run as admin) > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Policies > System. Right click > New > DWORD (32-bit) Value. LocalAccountTokenFilterPolicy > Right click > Modify > Value data: 1
Also enable/start the 'remote registry' service in services.msc

Checklist

Catagory
Checks
Result

Useful commands

Unquoted service paths

cmd /c wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Search the running processes

Tasklist | findstr <query>

Check if LAPS is installed (PowerShell)

Get-ChildItem 'C:\Program Files\LAPS\CSE\Admpwd.dll'
Get-ChildItem 'C:\Program Files (x86)\LAPS\CSE\Admpwd.dll'

Vulnerability and patching checks

Using Microsoft Baseline Security Analyzer (MBA)

Benching

Download for the file tests

Build-review.zip
76KB
Binary