z# Defense

In Progress

Table of Contents


https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction https://blogs.technet.microsoft.com/srd/2015/02/10/ms15-011-ms15-014-hardening-group-policy/

End Sort

Access Control

  • Capirca
    • Capirca is a tool designed to utilize common definitions of networks, services and high-level policy files to facilitate the development and manipulation of network access control lists (ACLs) for various platforms. It was developed by Google for internal use, and is now open source.

Amazon S3

Anti-Redteam Tactics

Application Whitelisting

Attack Surface Analysis/Reduction

  • General
    • Intrigue-core
      • Intrigue-core is a framework for automated attack surface discovery.

(General)Auditing Account Passwords/Privileges

(General)Auditing Processes

(General) Baselining


  • Assimilator
    • The first restful API to control all firewall brands. Configure any firewall with restful API calls, no more manual rule configuration. Centralize all your firewalls into one API.

(General) Hardening



  • General
    • AIL framework - Analysis Information Leak framework
      • AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine sensitive information.
    • git-secrets
      • Prevents you from committing passwords and other sensitive information to a git repository.
    • keynuker
      • KeyNuker scans public activity across all Github users in your Github organization(s) and proactively deletes any AWS keys that are accidentally leaked. It gets the list of AWS keys to scan by directly connecting to the AWS API.
    • You're Leaking Trade Secrets - Defcon22 Michael Schrenk
      • Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.


Malicious USBs



  • General
  • Tools
    • netman
      • A userland network manager with monitoring and limiting capabilities for macOS.
    • netfil
      • A kernel network manager with monitoring and limiting capabilities for macOS.
    • OverSight
      • OverSight monitors a mac's mic and webcam, alerting the user when the internal mic is activated, or whenever a process accesses the webcam.
    • LuLu
      • LuLu is the free open-source macOS firewall that aims to block unauthorized (outgoing) network traffic


  • Decryptonite
    • Decryptonite is a tool that uses heuristics and behavioural analysis to monitor for and stop ransomware.