Skip to content

Commit

Permalink
Build Review update
Browse files Browse the repository at this point in the history 
Build Review update
  • Loading branch information
@1nPr0c
1nPr0c committed Apr 9, 2015
1 parent dd88aca commit 8ec15b5
Showing 1 changed file with 25 additions and 17 deletions.
42 changes: 25 additions & 17 deletions Cheatsheet_BuildReviews.txt
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,23 @@
Windows Hosts:
Build Review Cheatsheet
-----------------------

[+] Main tasks:

Any third party installed software and all associated versions.
Password policy applied locally via net accounts commands.
Domain policy applied, including domain password policy.
Logging settings.
Running services and unquoted service paths.
Permissions set on services.
List of patches and hotfixes installed.
Efficacy of AV solutions. May require import of a benign Eicar test file.
USB policy and removable media access (including firewire, CD etc).
Disk encryption (if relevant)
BIOS passwords set.
Proxy settings (if relevant).
Nessus Scan (With Credentials).

[+] Windows Hosts:

[+] Server Roles
[+] Server Manager
Expand Down Expand Up @@ -81,34 +100,23 @@ copy over files
# mounting on desktop review
# mount <target> <mydir>
# sda1 = client hdd, sdb2 = my usb part 2
mkdir /mnt/client-hdd
mount /dev/sda1 /mnt/client-hdd
mkdir /mnt/win-usb
mount /dev/sdb2 /mnt/win-usb
# mkdir /mnt/client-hdd
# mount /dev/sda1 /mnt/client-hdd
# mkdir /mnt/win-usb
# mount /dev/sdb2 /mnt/win-usb

hosts file C:\Windows\System32\drivers\etc\hosts.txt

http://pcsupport.about.com/od/tipstricks/tp/control-panel-applets-list.04.htm
control netconnections
control netsetup.cpi
control /name Microsoft.NetworkAndSharingCenter

remote scan (nessus, nmap)

SYSVOL GPO preference item, check for obscured passwords in xml
http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx

The history file is readable by any authenticated user, as shown below:

C:\Users\All Users\Microsoft\Group Policy\History\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml

The same Group Policy Preference XML configuration file is also accessible via the following UNC path on the Domain Controller, again by any authenticated user:

\\Domain_Controller\sysvol\Domain_Name\Policies\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml



Unix Based Hosts:
[+] Unix Based Hosts:

hostname
whoami
Expand Down

0 comments on commit 8ec15b5

Please sign in to comment.