misc changes + added profile

2026-01-31 07:43:27 +08:00 · 2024-10-24 13:54:16 +07:00
parent de895311c6
commit 9ea5b414b8
7 changed files with 21 additions and 8 deletions
--- a/code/windows/audit/anonymous-sid-enumeration-enabled.yaml
+++ b/code/windows/audit/anonymous-sid-enumeration-enabled.yaml
@@ -22,7 +22,6 @@ code:
    args:
      - -ExecutionPolicy
      - Bypass
-      - -Command
    pattern: "*.ps1"
    source: |
      Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'EveryoneIncludesAnonymous'
--- a/code/windows/audit/audit-logging-disabled.yaml
+++ b/code/windows/audit/audit-logging-disabled.yaml
@@ -22,7 +22,6 @@ code:
    args:
      - -ExecutionPolicy
      - Bypass
-      - -Command
    pattern: "*.ps1"
    source: |
      AuditPol /get /category:"Account Logon"
--- a/code/windows/audit/automatic-windows-updates-disabled.yaml
+++ b/code/windows/audit/automatic-windows-updates-disabled.yaml
@@ -9,7 +9,7 @@ info:
    Without regular updates, systems may miss important security patches.
  remediation: |
    Enable automatic Windows Updates to ensure timely updates for system security.
-  tags: windows,updates,disabled
+  tags: windows,updates,disabled,windows-audit

 self-contained: true

--- a/code/windows/audit/windows-defender-realtime-protection-disabled.yaml
+++ b/code/windows/audit/windows-defender-realtime-protection-disabled.yaml
@@ -9,7 +9,7 @@ info:
    Disabling real-time protection increases the risk of malware infections.
  remediation: |
    Enable Windows Defender real-time protection to secure the system.
-  tags: windows,defender,antivirus,disabled
+  tags: windows,defender,windows-audit

 self-contained: true

--- a/code/windows/audit/winrm-remote-shell-access-allowed.yaml
+++ b/code/windows/audit/winrm-remote-shell-access-allowed.yaml
@@ -22,6 +22,7 @@ code:
    args:
      - -ExecutionPolicy
      - Bypass
+    pattern: "*.ps1"
    source: |
      (Get-Item WSMan:\localhost\Shell).AllowRemoteShellAccess

--- a/profiles/azure-cloud-config.yml
+++ b/profiles/azure-cloud-config.yml
@@ -14,7 +14,4 @@
 code: true # enable code templates

 tags:
-  - azure-cloud-config # filter templates with "azure-cloud-config" tags
-
-var:
-  - region=us-east-1 # template input for "region" variable
+  - azure-cloud-config # filter templates with "azure-cloud-config" tags
--- a/profiles/windows-audit.yml
+++ b/profiles/windows-audit.yml
@@ -0,0 +1,17 @@
+# Nuclei Configuration Profile for Windows Audit
+#
+# This configuration file is specifically tailored for auditing Windows environments using Nuclei.
+#
+# Purpose:
+# This profile is focused on identifying misconfigurations and vulnerabilities in Windows systems. Ensuring proper configuration and security controls is crucial for protecting Windows environments and ensuring that only authorized entities have access.
+#
+# Included Templates:
+# This configuration references specific templates tagged with 'windows-audit' to cover comprehensive scanning of Windows systems.
+#
+# Running this profile:
+# You can run this profile using the following command:
+# nuclei -profile windows-audit
+code: true # enable code templates
+
+tags:
+  - windows-audit # filter templates with "windows-audit" tags