awesome-security-hardening VS windows_hardening

If you want to go extreme, I remember from many years ago, there used to be a publicly released document by Australia's cyber security agency, made largely for Windows, which used to list attack vectors on a complex scale. I used to follow their listed possible vectors to formulate threat models as a kid for my Windows computer. Back in the day they used to provide PDF, now its webpages (https://www.cyber.gov.au/acsc/view-all-content/advice/guidelines-system-hardening). This also exists (https://github.com/decalage2/awesome-security-hardening), a bit more wide coverage of OSes and practices.

Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening

here is a collection of hardening guides This will get you started in the right direction.

This is called system hardening. Try looking for CIS Benchmarks, awesome hardening (github), STIG's ,mitre baseline, hardening kitty, hardening checklist

You can try this tool, or some other similar tool. It hardens Windows 10 using the latest guidelines from several organisations. Of course you need to be careful doing this, it can very easily ruin your Windows installation.

Endpoint-based prevention: Harden endpoints, including browser settings (https://www.cisa.gov/uscert/publications/securing-your-web-browser; https://stigviewer.com/stig/google_chrome_browser/) and software firewall including ingress and egress rules (https://www.stigviewer.com/stig/microsoft_windows_firewall_with_advanced_security/2021-10-15/). If you're primarily worried about Windows endpoints, take a look at Hardening Kitty and the solid STIG-based Windows Firewall list (https://github.com/0x6d69636b/windows_hardening/blob/master/lists/finding_list_dod_windows_firewall_stig_v1r7.csv) for some relatively easy wins.

#1: "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list." | 20 comments #2: For those that work in IT Admin, what are the key Powershell Commands that every admin should know? #3: I wrote the mother-of-all onboarding scripts and now everyone blames me for everything...

The above documents mandate a lot of testing and analysis, together with potential design decisions you are not in a position to make; still - you should dedicate the time to do it "properly" from the beginning. Anyhow, in case you are a renegade daredevil - HardeningKitty to the rescue https://github.com/0x6d69636b/windows_hardening =]

#1: /u/betterthangoku has passed away #2: "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list." | 20 comments #3: For those that work in IT Admin, what are the key Powershell Commands that every admin should know?