nsacyber/AppLocker-Guidance

This repository has been archived on 14/Apr/2023
Stars
204
Rank 192,063 (Top 4 %)
Language
PowerShell
License
Other
Created over 9 years ago
Updated almost 5 years ago

nsacyber/AppLocker-Guidance

nsacyber

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber

AppLocker Guidance

Microsoft AppLocker is an application whitelisting feature built into Windows. Application whitelisting is one of Information Assurance top 10 mitigation strategies.

This project contains scripts and configuration files for aiding administrators in implementing Microsoft AppLocker as outlined in the Application Whitelisting using Microsoft AppLocker paper.

The starter policy provided in this repository is for Windows 7 and Windows 10. A Group Policy Object (GPO) for Windows 10 can be found in the AppLocker folder in the Windows Secure Host Baseline repository.

Guidance

NSA Information Assurance has a security guide for AppLocker called Application Whitelisting Using Microsoft AppLocker.

Links

License

Disclaimer

See DISCLAIMER.

Windows-Secure-Host-Baseline

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

WALKOFF

A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber

goSecure

An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. #nsacyber

Mitigating-Web-Shells

Guidance for mitigation web shells. #nsacyber

GRASSMARLIN

Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber

Event-Forwarding-Guidance

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

Hardware-and-Firmware-Security-Guidance

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

ELITEWOLF

OT security monitoring #nsacyber

Windows-Event-Log-Messages

Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber

Mitigating-Obsolete-TLS

Guidance for mitigating obsolete Transport Layer Security configurations. #nsacyber

nsacyber.github.io

NSA Cybersecurity. Formerly known as NSA Information Assurance and the Information Assurance Directorate

Pass-the-Hash-Guidance

Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber

HIRS

Trusted Computing based services supporting TPM provisioning and supply chain validation concepts. #nsacyber

simon-speck

The SIMON and SPECK families of lightweight block ciphers. #nsacyber

unfetter

Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework. #nsacyber

Control-Flow-Integrity

A proposed hardware-based method for stopping known memory corruption exploitation techniques. #nsacyber

BAM

The Binary Analysis Metadata tool gathers information about Windows binaries to aid in their analysis. #nsacyber

WALKOFF-Apps

WALKOFF-enabled applications. #nsacyber

Maplesyrup

Assesses CPU security of embedded devices. #nsacyber

RandPassGenerator

A command-line utility for generating random passwords, passphrases, and raw keys. #nsacyber

BitLocker-Guidance

Configuration guidance for implementing BitLocker. #nsacyber

Certificate-Authority-Situational-Awareness

Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber

netfil

A kernel network manager with monitoring and limiting capabilities for macOS. #nsacyber

LOCKLEVEL

A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

HTTP-Connectivity-Tester

Aids in discovering HTTP and HTTPS connectivity issues. #nsacyber

Splunk-Assessment-of-Mitigation-Implementations

Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

netman

A userland network manager with monitoring and limiting capabilities for macOS. #nsacyber

serial2pcap

Converts serial IP data, typically collected from Industrial Control System devices, to the more commonly used Packet Capture (PCAP) format. #nsacyber

PRUNE

Logs key Windows process performance metrics. #nsacyber

paccor

The Platform Attribute Certificate Creator can gather component details, create, sign, and validate the TCG-defined Platform Credential. #nsacyber

Blocking-Outdated-Web-Technologies

Guidance for blocking outdated web technologies. #nsacyber

Detect-CVE-2017-15361-TPM

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Driver-Collider

Blocks drivers from loading by using a name collision technique. #nsacyber

simon-speck-supercop

Fast implementations of the SIMON and SPECK lightweight block ciphers for the SUPERCOP benchmark toolkit. #nsacyber

Cyber-Challenge

Supporting files for cyber challenge exercises. #nsacyber

Jupyter Notebook

Chinese-State-Sponsored-Cyber-Operations-Observed-TTPs

Supporting files for the Chinese State-Sponsored Cyber Operations: Observed TTPs Cybersecurity Advisory. #nsacyber

AtomicWatch

Intel Atom C2000 series discovery tool that parses log files and returns results if a positive match is found. #nsacyber

CodeGov

Creates a code.gov code inventory JSON file based on GitHub repository information. #nsacyber