search

0x6d69636b / windows_hardening

HardeningKitty and Windows Hardening Settings
MIT License
2.36k stars 315 forks source link

How to implement your firewall recommendations #139

Closed rugabunda closed 1 year ago

rugabunda commented 1 year ago

Of your following list of recommendations, most of them do not exist in the default windows firewall list, furthermore some of these applications, such as wscript, can be located in obscure directories, placed by malware, as I have found.

That said, how do we successfully implement your firewall rules? It would be great if you would publicize a powershell command that allows one to automatically import them.

[-] ID 2300, HardeningKitty-Block-TCP-NetBIOS, Result=, Recommended=True, Severity=Low [-] ID 2301, HardeningKitty-Block-TCP-RDP, Result=, Recommended=True, Severity=Low [-] ID 2302, HardeningKitty-Block-TCP-RPC, Result=, Recommended=True, Severity=Low [-] ID 2303, HardeningKitty-Block-TCP-SMB, Result=, Recommended=True, Severity=Low [-] ID 2304, HardeningKitty-Block-TCP-WinRM, Result=, Recommended=True, Severity=Low [-] ID 2305, HardeningKitty-Block-UDP-NetBIOS, Result=, Recommended=True, Severity=Low [-] ID 2306, HardeningKitty-Block-UDP-RPC, Result=, Recommended=True, Severity=Low [-] ID 2307, HardeningKitty-Block-calc-x64, Result=, Recommended=True, Severity=Low [-] ID 2308, HardeningKitty-Block-calc-x86, Result=, Recommended=True, Severity=Low [-] ID 2309, HardeningKitty-Block-certutil-x64, Result=, Recommended=True, Severity=Low [-] ID 2310, HardeningKitty-Block-certutil-x86, Result=, Recommended=True, Severity=Low [-] ID 2311, HardeningKitty-Block-conhost-x64, Result=, Recommended=True, Severity=Low [-] ID 2312, HardeningKitty-Block-conhost-x86, Result=, Recommended=True, Severity=Low [-] ID 2313, HardeningKitty-Block-cscript-x64, Result=, Recommended=True, Severity=Low [-] ID 2314, HardeningKitty-Block-cscript-x86, Result=, Recommended=True, Severity=Low [-] ID 2315, HardeningKitty-Block-mshta-x64, Result=, Recommended=True, Severity=Low [-] ID 2316, HardeningKitty-Block-mshta-x86, Result=, Recommended=True, Severity=Low [-] ID 2317, HardeningKitty-Block-notepad-x64, Result=, Recommended=True, Severity=Low [-] ID 2318, HardeningKitty-Block-notepad-x86, Result=, Recommended=True, Severity=Low [-] ID 2319, HardeningKitty-Block-RunScriptHelper-x64, Result=, Recommended=True, Severity=Low [-] ID 2320, HardeningKitty-Block-RunScriptHelper-x86, Result=, Recommended=True, Severity=Low [-] ID 2321, HardeningKitty-Block-wscript-x64, Result=, Recommended=True, Severity=Low [-] ID 2322, HardeningKitty-Block-wscript-x86, Result=, Recommended=True, Severity=Low

0x6d69636b commented 1 year ago

I recommend creating a new finding list that only includes the firewall checks from the 0x6d69636b list and use HailMary mode

PS C:\> Invoke-HardeningKitty -Mode HailMary -FileFindingList .\name_of_your_firewall_list.csv

Or you can use the PowerShell cmdlet New-NetFirewallRule to create all rules you need.