Readit Newsjmau111 commented on · Posted by u/jmau111
cheat sheet attack/defense https://github.com/jmau111-org/powershell_commands
XSS without alert
Practical security guide that contains useful links to learn Linux internals and security (attack/defense).
I tried to summarize what I've learned so far, but, of course, it's neither exhaustive nor suited for targeted attacks.
I think your guide and HardeningKitty type solutions are good for non-targeted attacks and for your average user.
Main problem is that targeted attacks are rife in the software industry. Even small startups get frequently targeted by competitors.
In order to defend against the targeted attacks you need to plug hundreds of holes in the Windows, some of these can be plugged by HardeningKitty but to truly secure it:
- You need to figure out which services you can disable without crashing the OS and keep them at a minimum. This entirely depends on how you use OS and which type of software is installed at the endpoints.
- Use stuff like Windows Application Guard, disable lolbas as much as possible (https://lolbas-project.github.io/).
- Secure the WSL itself.
- Windows opens ports according to it's own mind. Only way to unplug these open ports is to add another hardware firewall separate from the endpoint itself. So you can't even trust the inbuilt firewall of Windows.
- Windows is a very dynamic OS and each update can result in more open holes or might just automatically discard previously applied settings. Thus, you need to keep monitoring this 24/7.
- Windows registry has a very large amount of paths for malware persistence. This amount is far beyond malware persistence paths on Linux. Unfortunately, Windows Defender doesn't care much about this, so you need to monitor this yourself.
And this is just the beginning, even if you plug all this stuff, you might get attacked by zero days. Monitoring all that will also require SIEM solutions on top of it. Most of the SIEM solutions are just focused on compliance. Building a SIEM solution for real security instead of compliance is also a very hard task.
You clearly made your point but comparing this tool with my introduction seems a bit unfair ^^.
Indeed, I was not thinking about that level of attacks. However, if individuals and organizations do not understand the minimum required to secure their instances, they can't stand a chance against advanced threat actors and skilled adversaries.
Thanks for your detailed explanations.
Would you say kernel and privesc are worse or better on Linux? All else being "correct" I always had the feeling that this was handled well on mainline distros (Fedora, Ubuntu, Debian, OpenSuse) and some BSD distros (OpenBSD), maybe even better than Windows depending on what you're looking at.
To me, the comparison does not make sense and was definitely not my intention when I mentioned Linux in the guide.
It's just that privesc and kernel exploits is possible under some conditions on Linux.