ioc[.]one - OSINT Cyber Threat Intelligence Database

Securing Windows Workstations: Developing a Secure Baseline

Tags

cmtmf-attack-pattern:

attack-pattern:

Data Direct Model Authentication Package - T1547.002 Clear Windows Event Logs - T1070.001 Code Injection - T1540 Control Panel - T1218.002 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Firmware - T1592.003 Group Policy Preferences - T1552.006 Inter-Process Communication - T1559 Local Account - T1087.001 Local Account - T1136.001 Local Groups - T1069.001 Lsass Memory - T1003.001 Network Devices - T1584.008 Powershell - T1059.001 Scheduled Task - T1053.005 Security Support Provider - T1547.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 System Services - T1569 Visual Basic - T1059.005 Vulnerabilities - T1588.006 Authentication Package - T1131 Connection Proxy - T1090 New Service - T1050 Powershell - T1086 Scheduled Task - T1053 Scripting - T1064 Security Support Provider - T1101 Scripting

Show in Graph

Common Information

Type	Value
UUID	98c48e1e-c32b-4464-9a3e-1930df507936
Fingerprint	1418eb1d6da26c87
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 21, 2016, 10:14 a.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Securing Windows Workstations: Developing a Secure Baseline
Title	Securing Windows Workstations: Developing a Secure Baseline
Detected Hints/Tags/Attributes	130/2/72

Source URLs

	Redirection	Url
Details	Source	https://adsecurity.org/?p=3299

URL Provider

Details	Provider	Source level domain
Details	adsecurity.org	adsecurity.org

Attributes

Details	Type	#Events	Value
Details	Domain	3	iase.disa.mil
Details	Domain	4128	github.com
Details	Domain	5	www.asd.gov.au
Details	Domain	2	benchmarks.cisecurity.org
Details	Domain	1	benchmarks.os.windows
Details	Domain	397	www.microsoft.com
Details	Domain	212	technet.microsoft.com
Details	Domain	1	theft.group
Details	Domain	1	scenarios.windows
Details	Domain	6	images.apple.com
Details	Domain	8	www.emc.com
Details	Domain	14	www.samba.org
Details	Domain	2	harmj0y.net
Details	File	5	disa.mil
Details	File	109	index.htm
Details	File	38	details.aspx
Details	File	478	lsass.exe
Details	File	79	regedit.exe
Details	File	4	netbt.sys
Details	File	3	netbios.sys
Details	File	380	notepad.exe
Details	File	1	smb2-a-complete-redesign-of-the-main-remote-file-protocol-for-windows.aspx
Details	File	1	updated-links-on-windows-server-2012-file-server-and-smb-3-0.aspx
Details	File	1	hh831474.aspx
Details	File	1	osx_mavericks_core_technology_overview.pdf
Details	File	1	h11427-vnx-introduction-smb-30-support-wp.pdf
Details	File	1	stevenfrench_smb3_meets_linux_ver3_revision.pdf
Details	File	8	0.html
Details	File	323	winword.exe
Details	File	212	winlogon.exe
Details	File	263	iexplore.exe
Details	File	1	jj863580.aspx
Details	File	2	packager.dll
Details	File	173	outlook.exe
Details	Github username	1	iadgov
Details	IPv4	1	10.10.10.221
Details	Microsoft Patch Numbers	18	KB2871997
Details	Microsoft Patch Numbers	1	KB3165191
Details	Microsoft Patch Numbers	1	KB3177451
Details	Url	2	http://iase.disa.mil/stigs/os/windows
Details	Url	1	https://github.com/iadgov/secure-host-baseline
Details	Url	2	http://www.asd.gov.au/infosec/ism/index.htm
Details	Url	1	https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.os.windows
Details	Url	1	https://www.microsoft.com/en-us/download/details.aspx?id=6243
Details	Url	1	https://www.microsoft.com/en-us/download/details.aspx?id=43413
Details	Url	1	https://www.microsoft.com/en-us/download/details.aspx?id=53430
Details	Url	1	https://www.microsoft.com/en-us/download/details.aspx?id=18968
Details	Url	1	https://www.microsoft.com/en-us/download/details.aspx?id=35554
Details	Url	1	https://www.microsoft.com/en-us/download/details.aspx?id=49030
Details	Url	1	https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016
Details	Url	1	https://technet.microsoft.com/en-us/library/dn408187(v=ws.11).aspx
Details	Url	1	https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-4798
Details	Url	1	http://blogs.technet.com/b/josebda/archive/2008/12/09/smb2-a-complete-redesign-of-the-main-remote-file-protocol-for-windows.aspx
Details	Url	1	http://blogs.technet.com/b/josebda/archive/2012/05/03/updated-links-on-windows-server-2012-file-server-and-smb-3-0.aspx
Details	Url	1	http://technet.microsoft.com/en-us/library/hh831474.aspx
Details	Url	1	http://images.apple.com/osx/preview/docs/osx_mavericks_core_technology_overview.pdf
Details	Url	1	http://www.emc.com/collateral/white-papers/h11427-vnx-introduction-smb-30-support-wp.pdf
Details	Url	1	http://www.snia.org/sites/default/files2/sdc2013/presentations/revisions/stevenfrench_smb3_meets_linux_ver3_revision.pdf
Details	Url	1	https://communities.netapp.com/community/netapp-blogs/cloud/blog/2013/06/11/clustered-ontap-82-with-windows-server-2012-r2-and-system-center-2012-r2-innovation-in-storage-and-the-cloud
Details	Url	1	http://www.samba.org/samba/history/samba-4.1.0.html
Details	Url	1	https://technet.microsoft.com/en-us/library/jj863580.aspx
Details	Url	1	https://technet.microsoft.com/en-us/itpro/windows/keep-secure/override-mitigation-options-for-app-related-security-policies
Details	Windows Registry Key	7	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Details	Windows Registry Key	104	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity
Details	Windows Registry Key	14	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Details	Windows Registry Key	8	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Wdigest\UseLogonCredential
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Wdigest
Details	Windows Registry Key	19	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Security\ShowOLEPackageObj
Details	Windows Registry Key	4	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office