awesome-windows-domain-hardening
github.com/paulsec/awesome-windows-domain-hardening ↗A curated list of awesome Security Hardening techniques for Windows.
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me slides resources from awesome-windows-domain-hardening"
Installation instructions →What's inside
Slides
- 111 Attacking EvilCorp Anatomy of a Corporate Hack
- Exploiting AD Administrator Insecurities
- From Workstation To Domain Admin - Why Secure Administration Isn't Secure
Why Secure Administration Isn't Secure
- How to go from Responding to Hunting with Sysinternals Sysmon
- Real Solutions From Real Incidents: Save Money and Your Job!
Videos
- 111 Attacking EvilCorp Anatomy of a Corporate Hack
- Advanced Incident Detection and Threat Hunting using Sysmon and Splunk
- AppLocker Bypass Techniques
- Beyond the Mcse: Active Directory for the Security Professional
- BSides DC 2016 - PowerShell Security: Defending the Enterprise from the Latest Attack Platform
PowerShell Security: Defending the Enterprise from the Latest Attack Platform
- Offensive Active Directory with Powershell
Tools
- AD Control Path
Active Directory Control Paths auditing and graphing tools
- BloodHound
Six Degrees of Domain Admin
- CrackMapExec
A swiss army knife for pentesting Windows/Active Directory environments
- Empire
PowerShell and Python post-exploitation agent
- Hardentools
Collection of simple utilities designed to disable a number of "features" exposed by Windows
- Koadic
Koadic, or COM Command & Control, is a Windows post-exploitation rootkit
Additional resources
Initial foothold
- AppLocker
- Block Office macros
- EMET
Consider keeping EMET for Windows 7 but prioritize upgrades to Windows 10 and Edge).
- Excel file extensions
- Here you go
- PowerShell logging
Privilege Escalation
Reconnaissance
Lateral Movement
Showing a sample of 69 resources. View the full list on GitHub →