REM "https://www.bleepingcomputer.com/news/microsoft/microsoft-enforces-number-matching-to-fight-mfa-fatigue-attacks/ "
REM "https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match "
REM "자격 증명 관련 보안 강화 해보기 Microsoft는 MFA 피로 공격을 방지하기"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa" /v OVERRIDE_NUMBER_MATCHING_WITH_OTP /t REG_SZ /d TRUE /f
REM "수상한 계정이나 모두 삭제 다시 부팅"
REM rundll32.exe keymgr.dll, KRShowKeyMgr
REM "셰션 다시 시작 후 마지막 대화형 사용자 자동 로그인 및 잠금"
REM " https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsLogon2::AutomaticRestartSignOn&Language=ko-kr"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableAutomaticRestartSignOn" /t REG_DWORD /d 1 /f
REM "https://cafe.daum.net/candan/GGFN/499 로그인 ID 숨기기 보안"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "dontdisplaylastusername" /t REG_DWORD /d 3 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DontDisplayLockedUserId" /t REG_DWORD /d 3 /f
REM " 숨기기 전에 자신의 도메인 ID를 적어야 하는대 아래와 같이 미래 저장 해보세요. 사용자 전환을 누르고 로그인 하면 되네요. 또는"
REM net user > d:\user.txt
REM whoami > d:\user_host.txt
echo %USERDOMAIN%\%USERNAME%
echo %USERDOMAIN%\%USERNAME% > d:\user_PC.txt
REM "사용자 전환 차단 하기 이렇게 까지 추천 하진 않지만 정말 심각 하면 직접 다이렉트 할 경우 이렇게 하면?"
REM REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "HideFastUserSwitching" /t REG_DWORD /d 1 /f
REM "https://cafe.daum.net/candan/GGFN/500 브라우져 보안 하기 dns 찾을수 없다는 에러 날때"
REM "공공 와이파이 종속 포털 비활성https://support.mozilla.org/ko/kb/captive-portal "
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox" /v "DisableCaptivePortalDetection" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WcmSvc\Local" /v fMinimizeConnections /t REG_DWORD /d 1 /f
REM "엣지 온드라이브 비활성 하기"
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Edge" /v "DisableOneDriveFileSync" /t REG_DWORD /d 1 /f
REM "엣지 서치 비활성 하기"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "SearchBoxEnabled" /t REG_DWORD /d 0 /f
REM "게스트 해킹 관련"
icacls "%windir%\System32\net.exe"
takeown /F "%windir%\System32\net.exe" /A
icacls "%windir%\System32\net.exe" /save d:\net.exe.txt
icacls "%windir%\System32\net.exe" /grant Administrators:F
icacls "%windir%\System32\net.exe" /setintegritylevel H
icacls "%windir%\System32\net.exe" /deny "NETWORK SERVICE":(F) "GUEST":(F) "IIS_IUSRS":(F) "REMOTE INTERACTIVE LOGON":(F) "*S-1-5-32-546:F" "*S-1-5-13:F"
icacls "%windir%\System32\net.exe" /setowner "NT SERVICE\TrustedInstaller"
icacls "%windir%\System32\net.exe" /grant:r Administrators:RX
icacls "%windir%\System32\net.exe"
REM "복구 할때"
REM icacls /reset "%windir%\System32\net.exe"
REM icacls %windir%\System32\wbem\ d:\net.exe.txt
REM "https://cafe.daum.net/candan/BLQD/110 dllhost.exe 생성후 해킹 시도"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v NoSvchostProcessCreation /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v NoExecute /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v NoConhostProcessCreation /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\conhost.exe" /v NoExecute /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v NoIcaclsProcessCreation /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icacls.exe" /v NoExecute /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f
첫댓글 https://cafe.daum.net/candan/BLQD/110 dllhost.exe 해킹 시도 차단 해보기
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v NoSvchostProcessCreation /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v NoExecute /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f