Network & AD Hardening
21 chapters on securing networks and Active Directory — from preventing initial access to zero trust architecture.
Reducing Risk
- Preventing Initial Access — Patch management, credential hygiene, and reducing the attack surface
- Stopping Detection & Evasion — AMSI, logging, and attack detection
- Preventing Privilege Escalation — Blocking local and domain privilege escalation
- Active Directory Hardening — GPOs, tiering, and AD object security
- Kerberos Hardening — Preventing Kerberoasting, delegation, and ticket attacks
- Stopping Lateral Movement — Restricting PsExec, WMI, WinRM, and RDP
- Credential Protection — LSASS protection, Credential Guard, and password policy
- ADCS Hardening — Securing Active Directory Certificate Services
- Detecting Persistence — Tracking down backdoors, scheduled tasks, and golden tickets
- Preventing Tunneling — Blocking DNS tunneling, SSH tunnels, and covert channels
Infrastructure Hardening
- Linux Hardening — SSH, sudo, file permissions, and auditd
- Windows Hardening — AppLocker, Windows Defender, and group policy
- Email & DNS Hardening — SPF, DKIM, DMARC, and DNS security
- MSSQL Hardening — Securing SQL Server against abuse
- Network Segmentation & Firewall — VLANs, firewall rules, and microsegmentation
- Logging, Monitoring & SIEM — Centralized logging, alerting, and incident detection
- Backup & Disaster Recovery — 3-2-1 backups, testing restores, and ransomware resilience
- Vulnerability Management — Scanning, prioritizing, and patching
- Zero Trust Architecture — Never trust, always verify in practice
- Wireless & Physical Security — Wi-Fi, physical access, and social engineering
- Security Awareness — Employees as the first line of defense
