Hardening AD / Windows / Linux for Hivestorm 2023
This was my first competition. I was quite unprepared in many ways, but it was a great experience and a great reason for me to start diving into more IR/SOC tools and procedures.
My university provided some Windows / Linux cheat-sheets, along with other PDFs for common checklists/benchmarks.
Resources used: (2020 / 2022 Write-up) https://sourque.com/ctf/hivestorm/
Blue Team Notes https://github.com/Purp1eW0lf/Blue-Team-Notes
SANS PowersShell Cheat Sheet https://github.com/sans-blue-team/sec555-wiki/blob/master/Tools/PowerShell.md
Powershell PDF / Blue-Team https://github.com/sans-blue-team/sec555-wiki/blob/master/Tools/pdfs/PowerShell.pdf
Awesome Incident Response https://github.com/meirwah/awesome-incident-response
Sysinternals https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Microsoft Baseline Security Analyzer https://www.microsoft.com/en-us/download/details.aspx?id=55319
Sysmon https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
What I wish I had done better: Prepared the VMs (extracting and loading the image) for the machines before the competition started. Had tools / scripts ready and on-hand when the competition began. Had more experience with SOC / blue-team tools, techniques, etc.