This awesome tool is highly recommend
- Standards for a highly secure Windows 10 device
- System up2date with latest Windows 10 stable version
- (default activated) and Up2date internal Microsoft Defender protection instead of external "Security" solutions
- Latest Driver and Program updates
- No "Tuning" tools (not even stuff like Ccleaner!)
- Only necessary programs / apps / games which you realy need
- Hardware Requirements for System Guard / Hardware-based Isolation
- Hardware Requirements for Memory integrity
- Hardware Requirements for Microsoft Defender Application Guard (WDAG)
- Hardware Requirements for Microsoft Defender Credential Guard
- set User Account Control (UAC) to maximum
- use Software Restriction Policies (SRP) with a default-deny mode
- use Defender Firewall with Advanced Security
- Always display file type extension
- Manage Microsoft Defender Credential Guard
- Install Microsoft Defender Application Guard (WDAG)
- Enable Memory integrity (HVCI)
- Enable Network Protection (NP)
- Enable SmartScreen and enable SmartScreen Log
- Enable Controlled Folder Access (CFA)
- Enable Attack Surface Reduction rules (ASR)
- Harden Address Space Layout Randomization (ASLR)
- Enable System Guard Secure Launch
- Enable cloud-delivered protection
- Activate Potentially unwanted applications (PUA) protection
- Enable Bitlocker Encryption with Startup PIN & read about Countermeasures and reduce DMA threats
- Use Windows Sandbox for unknown/ untrusted binarys - you can use it with right click menu!
- Enable sandboxing for Microsoft Defender Antivirus
- Only elevate executables which are signed and validated
- Specify the cloud-delivered protection level
- Configure Exploit Protection, like Edge 90+ with enforced CET
- Microsoft recommended block rules
- Control USB devices and other removable media
- UEFI Hardening (NSA Defensive Practices Guidance) PDF & Hardware-and-Firmware-Security-Guidance
- Hardware and Firmware Security Guidance for Windows & AMD CPUs - you will find more in the overview
- Deploy Windows Security Baselines and keep it up2date
- Application Control (WDAC)
- Enterprise Certificate Pinning
- Block untrusted fonts in an enterprise
- Web protection
- Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
- Manage Windows Hello for Business
- Protect against DLL Search Order Hijacking
- Validate connections between your network and the Microsoft Defender Antivirus cloud service
- Verify client connectivity to Microsoft Defender ATP service URLs
- Validate Microsoft Defender Tamper protection
- Confirm and validate that Defender "Block at First Sight" (BAFS) is enabled
- Microsoft Defender Testground
- Microsoft Defender SmartScreen Demo Pages
- Validate your Kernel DMA Protection
- Test your Antimalware Scan Interface (AMSI)
- Test your Network protection
- Changelogs for Defender security intelligence updates
- https://github.com/frizb/Windows-Privilege-Escalation
- https://github.com/LOLBAS-Project/LOLBAS
- https://github.com/api0cradle/UltimateAppLockerByPassList
- https://trustedwindows.wordpress.com/
- https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware
- https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
- https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10
- https://docs.microsoft.com/en-us/windows/security/
- a picture about Microsoft Defender local and cloud script protection
- a picture about Attack Surface Reduction (ASR) Rules
- Security Unlocked - The Microsoft Security Podcast
- How the hell WD works on Windows Home & Pro documentation from AndyFul
- Windows AppContainer Isolation - what it does? from AndyFul
- Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
- Windows Defender Application Control (WDAC) Resources
- Why UAC is important at maximum (not default) level: 1, 2, 3, 4, ..
- Testing DLL Search Order Hijacking against security features from AndyFul
- Some info about training AMSI machine learning models from AndyFul
- Cheap sandboxing with AppContainers Blog
- Meet the Microsoft Pluton processor โ The security chip designed for the future of Windows PCs Blog
- Complete W^X implementation in Windows with ACG
- Understanding Hardware-enforced Stack Protection (CET)
- Analysis of Windows 10 - OS Architecture
- Analysis of TPM Integration and UEFI "Secure Boot" in Windows 10
- Analysis of Virtual Secure Mode
- Analysis of Device Guard
- Analysis of Powershell and Windows Script Host