<p>REM "<a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-enforces-number-matching-to-fight-mfa-fatigue-attacks/" target="_blank" class="ke-link">https://www.bleepingcomputer.com/news/microsoft/microsoft-enforces-number-matching-to-fight-mfa-fatigue-attacks/</a> <span style="color: #333333; background-color: #ffffff;" data-ke-size="size16"> "</span>  </p><p>REM "<a href="https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match" target="_blank" class="ke-link">https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match</a> "</p><p>REM "자격 증명 관련 보안 강화 해보기 Microsoft는 MFA 피로 공격을 방지하기"</p><p>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa" /v OVERRIDE_NUMBER_MATCHING_WITH_OTP /t REG_SZ /d TRUE /f</p><p> </p><p>REM "수상한 계정이나 모두 삭제 다시 부팅" <br>REM rundll32.exe keymgr.dll, KRShowKeyMgr</p><p> </p><p>REM "셰션 다시 시작 후 마지막 대화형 사용자 자동 로그인 및 잠금" <br>REM " <a href="https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsLogon2::AutomaticRestartSignOn&Language=ko-kr" target="_top" class="ke-link">https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsLogon2::AutomaticRestartSignOn&Language=ko-kr</a>"<br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableAutomaticRestartSignOn" /t REG_DWORD /d 1 /f</p><p> </p><p> </p><p>REM "<a href="https://cafe.daum.net/candan/GGFN/499" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/499</a>  로그인 ID 숨기기 보안"<br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "dontdisplaylastusername" /t REG_DWORD /d 3 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DontDisplayLockedUserId" /t REG_DWORD /d 3 /f</p><p> </p><p>REM " 숨기기 전에 자신의 도메인 ID를 적어야 하는대 아래와 같이 미래 저장 해보세요. 사용자 전환을 누르고 로그인 하면 되네요. 또는"</p><p>REM net user > d:\user.txt</p><p><span style="color: #333333; background-color: #ffffff;" data-ke-size="size16">REM </span>whoami > d:\user_host.txt</p><p> </p><p>echo %USERDOMAIN%\%USERNAME%</p><p>echo %USERDOMAIN%\%USERNAME% > d:\user_PC.txt</p><p> </p><p>REM "사용자 전환 차단 하기 이렇게 까지 추천 하진 않지만 정말 심각 하면 직접 다이렉트 할 경우 이렇게 하면?"</p><p><span style="color: #333333; background-color: #ffffff;" data-ke-size="size16">REM </span>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "HideFastUserSwitching" /t REG_DWORD /d 1 /f</p><p> </p><p>REM "<a href="https://cafe.daum.net/candan/GGFN/500" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/500</a> 브라우져 보안 하기 dns 찾을수 없다는 에러 날때"</p><p> </p><hr data-ke-style="style3"><p>REM "공공 와이파이 종속 포털 비활성<a href="https://support.mozilla.org/ko/kb/captive-portal" target="_blank" class="ke-link">https://support.mozilla.org/ko/kb/captive-portal</a> " <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox" /v "DisableCaptivePortalDetection" /t REG_DWORD /d 1 /f <br>reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WcmSvc\Local" /v fMinimizeConnections /t REG_DWORD /d 1 /f</p><p> </p><p>REM "엣지 온드라이브 비활성 하기"</p><p>reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Edge" /v "DisableOneDriveFileSync" /t REG_DWORD /d 1 /f</p><p> </p><p>REM "엣지 서치 비활성 하기"</p><p>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "SearchBoxEnabled" /t REG_DWORD /d 0 /f</p><p> </p><hr data-ke-style="style3"><p>REM "게스트 해킹 관련" <br><br>icacls "%windir%\System32\net.exe"  <br>takeown /F "%windir%\System32\net.exe" /A <br>icacls "%windir%\System32\net.exe" /save d:\net.exe.txt <br>icacls "%windir%\System32\net.exe" /grant Administrators:F <br>icacls "%windir%\System32\net.exe" /setintegritylevel H <br>icacls "%windir%\System32\net.exe" /deny "NETWORK SERVICE":(F) "GUEST":(F) "IIS_IUSRS":(F) "REMOTE INTERACTIVE LOGON":(F) "*S-1-5-32-546:F" "*S-1-5-13:F" <br>icacls "%windir%\System32\net.exe" /setowner "NT SERVICE\TrustedInstaller"  <br>icacls "%windir%\System32\net.exe" /grant:r Administrators:RX <br>icacls "%windir%\System32\net.exe"  <br><br>REM "복구 할때" <br>REM icacls /reset "%windir%\System32\net.exe"  <br>REM icacls %windir%\System32\wbem\ d:\net.exe.txt</p><p> </p><p> </p><hr data-ke-style="style3"><p>REM "<a href="https://cafe.daum.net/candan/BLQD/110" target="_blank" class="ke-link">https://cafe.daum.net/candan/BLQD/110</a> dllhost.exe 생성후 해킹 시도" <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v NoSvchostProcessCreation /t REG_DWORD /d 1 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v NoExecute /t REG_DWORD /d 1 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f</p><p> </p><p>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v NoConhostProcessCreation /t REG_DWORD /d 1 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\conhost.exe" /v NoExecute /t REG_DWORD /d 1 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f</p><p> </p><p>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v NoIcaclsProcessCreation /t REG_DWORD /d 1 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icacls.exe" /v NoExecute /t REG_DWORD /d 1 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f</p><p> </p><p> </p><p> </p><p> </p>
<!-- -->
첫댓글 https://cafe.daum.net/candan/BLQD/110 dllhost.exe 해킹 시도 차단 해보기
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v NoSvchostProcessCreation /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v NoExecute /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f