Windows Security Baseline Verification Hardening Assistant

Originally I wanted to take a look at MBSA (Microsoft
Baseline Security
Analyzer), but found that Microsoft has stopped updating it for a long time. I remember that when I wrote "Network Offensive and Defense Practical Research on Vulnerability Exploitation and Privilege Elevation", I did it alone I have introduced that MBSA is used to check the patching of system vulnerabilities. After searching for the official Microsoft website for a long time, I could not find the software. There are some websites in China that provide downloads of the software. For security reasons, I did not download it locally for testing. I accidentally found a small tool. The Windows security baseline can be checked and reinforced. The original implementation mainly detects the Windows registry values ​​and then reinforces them. Software name WindowsBaselineAssistant, download address https://github.com/DeEpinGh0st/WindowsBaselineAssistant. The software is open source software and can be compiled directly or the compiled program can be downloaded

https://github.com/DeEpinGh0st/WindowsBaselineAssistant/releases/download/v1.2.1

/WindowsBaselineAssistant-v1.2.1.zip.

1. Run WindowsBaselineAssistant

Although it is open source software, three files are extracted after downloading. Please refer to Figure 1. Scanned by Tinder antivirus software, no virus threats were found.

Figure 1 Program File Situation

The software can be run directly under Windows 10, Net
Framework 4.0 and above. Compilation requires some dependencies: SunnyUI 3.6.3, SunnyUI.Common
3.6.3, System.ValueTuple 4.5.0, NPOI 2.5.1, Costura.Fody 4.1.0.

1.Detection rules

If you want to detect the TCP connection threshold for retransmission now

The detection type is to retrieve the registry. The retrieved registry path is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters

The detection item is TcpMaxHalfOpenRetried

The standard value is 400

The data type is DWord

When the detection value is less than this value, it is judged to be consistent

is implemented as:

Check the threshold for TCP connections that are in SYN_RCVD state and have been retransmitted at least once
xxxxxx
registry
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesTcpipParameters
TcpMaxHalfOpenRetried
400
lessnumber
dword

Run WindowsBaselineAssistant.exe directly, and the running effect is shown in Figure 2.

Figure 2 Main interface of software operation

2. Detection and reinforcement

1. Detect system vulnerabilities

This tool software does not detect system patch repairs, but only detects some settings that may cause attacks, as shown in Figure 3. It is found that there are indeed many problems inside. It mainly depends on the test results. If there are non-conforming items, it will be displayed in red.

Figure 3 Security Test Results

2. Reinforcement

Click Reinforcement and the software will automatically correct the values ​​in the registry. The reinforcement is completed. The author actually tested it and found it convenient.

3.Export results

Click "Export Results", as shown in Figure 4, you will be prompted to export the hardening results to the current directory of the program.

Figure 4 Export reinforcement results

4. View the reinforcement results

Open the "Windows Security Baseline Detection Hardening Results Summary Table-192.168.1.37.xlsx" file, as shown in Figure 5, to view detailed results.

Figure 5 Check the reinforcement results

5. Customized reinforcement rules

The software also provides custom rules, as shown in Figure 6, which detects based on registry values.

Figure 6 Customized reinforcement rules

3. Summary and evaluation

The software only detects some default settings. Through reinforcement, the security of the system can be enhanced to a certain extent. The only drawback is that it cannot view the patches for high-risk system vulnerabilities. Microsoft's MBSA2.3 version can detect patches for Windows systems. Compare and provide repair suggestions.

The above is the detailed content of Windows Security Baseline Verification Hardening Assistant. For more information, please follow other related articles on the PHP Chinese website!