https://me.harvester.fr/tags/windows-hardening/Windows HardeningHugoBlox Kit (https://hugoblox.com)en-usWed, 22 May 2024 00:00:00 +0000https://me.harvester.fr/media/icon_hu_59c72f5082cfcb9b.pnghttps://me.harvester.fr/tags/windows-hardening/https://me.harvester.fr/project/exploit-protection-policy/Wed, 22 May 2024 00:00:00 +0000https://me.harvester.fr/project/exploit-protection-policy/<p><strong>Exploit-Protection-policy</strong> provides a production-hardened Exploit Protection (EP) policy tailored for Windows 10 and Windows 11 systems. It combines multiple industry-standard security baselines with advanced restrictions to maximize security without breaking compatibility with everyday applications.</p> <p>This policy has been tested in air-gapped systems to protect endpoints from advanced threat vectors while maintaining productivity.</p> <h3 id="merged-security-baselines">Merged Security Baselines</h3> <ul> <li><strong>DISA STIG</strong> Exploit Protection v3.</li> <li><strong>Microsoft Security Baseline</strong> Exploit Protection policy (specifically aligned for enterprise systems).</li> <li><strong>milgradesec&rsquo;s</strong> custom Exploit Protection rule configurations.</li> </ul> <h3 id="key-protections-enforced">Key Protections Enforced</h3> <ul> <li><strong>System-Wide Mitigations:</strong> Enforces fundamental protections such as Control Flow Guard (CFG), Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Heap Protection by default.</li> <li><strong>Advanced Payload Controls:</strong> Restricts execution vectors using Export Address Filtering (EAF/EAF+), Import Address Filtering (IAF), and Return-Oriented Programming (ROP) mitigations.</li> <li><strong>Image &amp; Code Integrity Restrictions:</strong> Blocks loading of low-integrity or remote images, preventing malicious library injection.</li> <li><strong>Application-Specific Tuning:</strong> Includes pre-configured exceptions and application rules to balance high-security containment with software compatibility.</li> </ul>https://me.harvester.fr/project/security-admx/Sun, 19 May 2024 00:00:00 +0000https://me.harvester.fr/project/security-admx/<p><strong>Security-ADMX</strong> is a collection of custom Administrative Templates (<code>.admx</code> and <code>.adml</code>) specifically designed for hardening Windows 10 and Windows 11 workstations. It allows system administrators and security engineers to configure advanced security settings via local or domain Group Policy (GPO) that are otherwise difficult or tedious to manage.</p> <p>Developed out of the need to streamline security compliance across embedded and workstation deployments, this project packages several security controls into easily manageable policies.</p>