Workstation

Prerequisites

  • Local administrator and basic user account

  • PowerShell we need to be enabled on windows builds

  • Port 445 will need to be enabled for authentication scan

Ensure that you make the followihng registry edit in order to be able to perform the remote authenticated nussus scan:

regedit (run as admin) > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Policies > System. Right click > New > DWORD (32-bit) Value. LocalAccountTokenFilterPolicy > Right click > Modify > Value data: 1

Also enable/start the 'remote registry' service in services.msc

Checklist

Useful commands

Unquoted service paths

cmd /c wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Search the running processes

Tasklist | findstr <query>

Check if LAPS is installed (PowerShell)

Get-ChildItem 'C:\Program Files\LAPS\CSE\Admpwd.dll'
Get-ChildItem 'C:\Program Files (x86)\LAPS\CSE\Admpwd.dll'

Vulnerability and patching checks

Using Microsoft Baseline Security Analyzer (MBA)

https://docs.microsoft.com/en-us/previous-versions/cc184924(v=msdn.10)?redirectedfrom=MSDN

Benching

Download for the file tests

Last updated