The following are different techniques for mitigating steps in the kill chain for an attack similar to one in the Defending Against Common Attacks project:
Step 1: Delivery
Securing Microsoft Office – Information on enabling configurations to help prevent malicious documents from executing their code, including group policies that use Office 2016 Administrative Templates.
Step 2 and 3: Installation and Deployment
Least Privileges – Implement a solution of least privileges that helps ensure users, systems, and processes only have access to resources that are necessary for their task, e.g., work, school, etc. Users should not have local administrator accounts nor domain accounts with administrative privileges that are intended for IT staff.
Step 4: Persistence
Detecting Compromises – Using Kansa for incident response, breach hunts, and environmental baselines on a domain. Enabling a PowerShell script block logging GPO to capture full contents of code executed in PowerShell.
Additional information about hardening and security configurations that will come into play later on in the Vestige project:
Securing Active Directory -Implemented hardening and maintenance of the Security Test Domain Controller.
Windows Event Forwarding – Configuring centralized logging for important security events.