├── .gitattributes ├── .gitignore ├── LICENSE ├── README.md ├── Readinizer.Backend.Business.Tests ├── AnalysisServiceTest.cs ├── App.config ├── BaseReadinizerTestData.cs ├── BaseReadinizerTestSettingData.cs ├── Properties │ └── AssemblyInfo.cs ├── RSoPPotServiceTests.cs ├── Readinizer.Backend.Business.Tests.csproj ├── TestRsopXml │ ├── bad_rsop.xml │ ├── emptyInvalid.xml │ ├── emptyValid.xml │ └── recommended_rsop.xml └── packages.config ├── Readinizer.Backend.Business ├── DependentAssemblies │ └── Microsoft.GroupPolicy.Management.dll ├── Factory │ └── TreeNodesFactory.cs ├── Interfaces │ ├── IADDomainService.cs │ ├── IAnalysisService.cs │ ├── IComputerService.cs │ ├── IExportService.cs │ ├── IOrganizationalUnitService.cs │ ├── IPingService.cs │ ├── IRSoPPotService.cs │ ├── IRSoPService.cs │ ├── ISecuritySettingParserService.cs │ ├── ISiteService.cs │ ├── ISysmonService.cs │ └── ITreeNodesFactory.cs ├── Properties │ └── AssemblyInfo.cs ├── Readinizer.Backend.Business.csproj ├── ReceivedRSoP │ ├── Ou_246-Site_37.xml │ ├── Ou_249-Site_37.xml │ ├── Ou_251-Site_37.xml │ └── Ou_253-Site_37.xml ├── RecommendedSettings │ ├── RecommendedAuditSettings.json │ ├── RecommendedPolicies.json │ ├── RecommendedRegistrySettings.json │ └── RecommendedSecurityOptions.json ├── Services │ ├── ADDomainService.cs │ ├── AnalysisService.cs │ ├── ComputerService.cs │ ├── ExportService.cs │ ├── OrganizationalUnitService.cs │ ├── PingService.cs │ ├── RSoPPotService.cs │ ├── RSoPService.cs │ ├── SecuritySettingParserService.cs │ ├── SiteService.cs │ └── SysmonService.cs └── packages.config ├── Readinizer.Backend.DataAccess ├── App.config ├── Context │ ├── ReadinizerDbContext.cs │ └── packages.config ├── Interfaces │ ├── IGenericRepository.cs │ ├── IReadinizerDbContext.cs │ └── IUnitOfWork.cs ├── Properties │ └── AssemblyInfo.cs ├── Readinizer.Backend.DataAccess.csproj ├── Repositories │ ├── GenericRepository.cs │ ├── OrganizationalUnitRepository.cs │ └── SiteRepository.cs ├── UnitOfWork │ └── UnitOfWork.cs └── packages.config ├── Readinizer.Backend.Domain ├── ClassDiagram1.cd ├── Exceptions │ ├── InvalidAuthenticationException.cs │ └── InvalidXmlException.cs ├── Models │ ├── ADDomain.cs │ ├── AuditSetting.cs │ ├── Computer.cs │ ├── Gpo.cs │ ├── GpoSetting.cs │ ├── OrganizationalUnit.cs │ ├── Policy.cs │ ├── RegistrySetting.cs │ ├── Rsop.cs │ ├── RsopPot.cs │ ├── SecurityOption.cs │ ├── SecuritySettingsParsed.cs │ ├── Site.cs │ └── TreeNode.cs ├── ModelsJson │ ├── AuditSettingJson.cs │ ├── Converter │ │ └── SingleValueArrayConverter.cs │ ├── HelperClasses │ │ ├── Display.cs │ │ ├── Element.cs │ │ ├── Identifier.cs │ │ ├── Link.cs │ │ ├── ListBox.cs │ │ ├── ModuleNames.cs │ │ ├── Path.cs │ │ └── Value.cs │ ├── PolicyJson.cs │ ├── RegistrySettingJson.cs │ └── SecurityOptionJson.cs ├── Properties │ └── AssemblyInfo.cs ├── Readinizer.Backend.Domain.csproj └── packages.config ├── Readinizer.Frontend ├── App.config ├── App.xaml ├── App.xaml.cs ├── Converters │ ├── NullToInvisibleConverter.cs │ └── ProgressForegroundConverter.cs ├── Favicon │ └── favicon.ico ├── Interfaces │ ├── IApplicationViewModel.cs │ ├── IBaseViewModel.cs │ ├── IDomainResultViewModel.cs │ ├── IOUResultViewModel.cs │ ├── IRSoPResultViewModel.cs │ ├── ISpinnerViewModel.cs │ ├── IStartUpViewModel.cs │ ├── ISysmonResultViewModel.cs │ └── ITreeStructureResultViewModel.cs ├── MainWindow.xaml ├── MainWindow.xaml.cs ├── Messages │ ├── ChangeProgressText.cs │ ├── ChangeView.cs │ ├── EnableExport.cs │ └── SnackbarMessage.cs ├── Properties │ ├── AssemblyInfo.cs │ ├── Resources.Designer.cs │ ├── Resources.resx │ ├── Settings.Designer.cs │ └── Settings.settings ├── Readinizer.Frontend.csproj ├── RecommendedSettings │ ├── RecommendedAuditSettings.json │ ├── RecommendedPolicies.json │ ├── RecommendedRegistrySettings.json │ └── RecommendedSecurityOptions.json ├── ViewModels │ ├── ApplicationViewModel.cs │ ├── BaseViewModel.cs │ ├── DomainResultViewModel.cs │ ├── OUResultViewModel.cs │ ├── RSoPResultViewModel.cs │ ├── SpinnerViewModel.cs │ ├── StartUpViewModel.cs │ ├── SysmonResultViewModel.cs │ └── TreeStructureResultViewModel.cs ├── Views │ ├── ApplicationView.xaml │ ├── ApplicationView.xaml.cs │ ├── DomainResultView.xaml │ ├── DomainResultView.xaml.cs │ ├── OUResultView.xaml │ ├── OUResultView.xaml.cs │ ├── RSoPResultView.xaml │ ├── RSoPResultView.xaml.cs │ ├── SpinnerView.xaml │ ├── SpinnerView.xaml.cs │ ├── StartUpView.xaml │ ├── StartUpView.xaml.cs │ ├── SysmonResultView.xaml │ ├── SysmonResultView.xaml.cs │ ├── TreeStructureResultView.xaml │ └── TreeStructureResultView.xaml.cs ├── app.manifest ├── nlog.config └── packages.config ├── Readinizer.Standalone ├── CommonServiceLocator.dll ├── EntityFramework.SqlServer.dll ├── EntityFramework.SqlServer.xml ├── EntityFramework.dll ├── EntityFramework.xml ├── GalaSoft.MvvmLight.Extras.dll ├── GalaSoft.MvvmLight.Extras.xml ├── GalaSoft.MvvmLight.Platform.dll ├── GalaSoft.MvvmLight.Platform.xml ├── GalaSoft.MvvmLight.dll ├── GalaSoft.MvvmLight.xml ├── IPAddressRange.dll ├── IPAddressRange.xml ├── MaterialDesignColors.dll ├── MaterialDesignThemes.Wpf.dll ├── MaterialDesignThemes.Wpf.xml ├── Microsoft.GroupPolicy.Management.dll ├── Microsoft.GroupPolicy.ServerAdminTools.GpmgmtLib.dll ├── MvvmDialogs.dll ├── MvvmDialogs.xml ├── NLog.dll ├── NLog.xml ├── Newtonsoft.Json.dll ├── Newtonsoft.Json.xml ├── Readinizer.Backend.Business.dll ├── Readinizer.Backend.DataAccess.dll ├── Readinizer.Backend.DataAccess.dll.config ├── Readinizer.Backend.Domain.dll ├── Readinizer.exe ├── Readinizer.exe.config ├── RecommendedSettings │ ├── RecommendedAuditSettings.json │ ├── RecommendedPolicies.json │ ├── RecommendedRegistrySettings.json │ └── RecommendedSecurityOptions.json ├── System.Runtime.CompilerServices.Unsafe.dll ├── System.Runtime.CompilerServices.Unsafe.xml ├── System.Windows.Controls.DataVisualization.Toolkit.dll ├── System.Windows.Controls.Input.Toolkit.dll ├── System.Windows.Controls.Layout.Toolkit.dll ├── System.Windows.Interactivity.dll ├── Unity.Abstractions.dll ├── Unity.Container.dll ├── WPFToolkit.dll ├── Xceed.Wpf.AvalonDock.Themes.Aero.dll ├── Xceed.Wpf.AvalonDock.Themes.Metro.dll ├── Xceed.Wpf.AvalonDock.Themes.VS2010.dll ├── Xceed.Wpf.AvalonDock.dll ├── Xceed.Wpf.Toolkit.dll ├── de │ └── Xceed.Wpf.AvalonDock.resources.dll ├── es │ └── Xceed.Wpf.AvalonDock.resources.dll ├── fr │ └── Xceed.Wpf.AvalonDock.resources.dll ├── hu │ └── Xceed.Wpf.AvalonDock.resources.dll ├── it │ └── Xceed.Wpf.AvalonDock.resources.dll ├── nlog.config ├── pt-BR │ └── Xceed.Wpf.AvalonDock.resources.dll ├── ro │ └── Xceed.Wpf.AvalonDock.resources.dll ├── ru │ └── Xceed.Wpf.AvalonDock.resources.dll ├── sv │ └── Xceed.Wpf.AvalonDock.resources.dll └── zh-Hans │ └── Xceed.Wpf.AvalonDock.resources.dll ├── Readinizer.sln ├── Readinizer.sln.DotSettings ├── ReadinizerPortable.zip ├── Wiki ├── Images │ ├── SysmonManual │ │ ├── DefinitelyNotSysmon.PNG │ │ ├── action.PNG │ │ ├── action_original.PNG │ │ ├── domain_folder - Copy.PNG │ │ ├── domain_folder.PNG │ │ ├── new_task.PNG │ │ ├── ondemand.PNG │ │ ├── scheduled_task_create.png │ │ ├── scheduled_task_create_original.PNG │ │ └── trigger.PNG │ ├── UserManual │ │ ├── domainscreen.png │ │ ├── gissscreen.png │ │ ├── homescreen - Copy.PNG │ │ ├── homescreen.PNG │ │ ├── navexport.png │ │ ├── navfile.png │ │ ├── navhelp.png │ │ ├── ouscreen.png │ │ ├── resultscreen.png │ │ ├── sqlserver-express.PNG │ │ ├── sqlserver-localdb.PNG │ │ └── sysmonscreen.png │ └── WEFManual │ │ ├── enable-winrm.png │ │ ├── eventvwr.png │ │ ├── gpoService.png │ │ ├── gpoSettings.png │ │ ├── kerberos-encryption.png │ │ ├── logAccess.png │ │ ├── securityEventLog.png │ │ ├── subscriptionProp1.png │ │ ├── subscriptionProp2.png │ │ ├── subscriptionProp3.png │ │ ├── subscriptionProp4.png │ │ └── wecServer.png └── Markdown │ ├── Appendix-A │ ├── Appendix-B │ ├── Getting-Started.md │ ├── Home.md │ ├── How-to-use-Readinizer.md │ ├── Implementation │ ├── Install-Sysmon-through-GPO.md │ ├── Readinizer-Requirements-&-Limitaions.md │ ├── Recommended-Group-Policy.md │ ├── Sysmon-Requirements-&-Limitations.md │ ├── Sysmon.md │ ├── User-Manual.md │ ├── WEF---Deployment.md │ ├── WEF---Requirements-&-Limitations.md │ ├── WEF-Encryption.md │ ├── WEF-Introduction.md │ ├── Windows-Event-Forwarding-deploying-fleet-wide.md │ └── _Sidebar.md └── azure-pipelines.yml /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Lukas Kellenberger, Claudio Mattes 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Readinizer 2 | ## Introduction 3 | The number of cyber-attacks where malicious code is used has massively increased recently. These attacks not only settles on the infected system, but can also infect other systems through lateral movements in the network. The outcome is often the complete infiltration of the organization due to the use of advanced persistent threats (APT). Although the configuration of these targeted networks varies depending on the organization, common patterns in the attack methods can be detected. In the analysis of such patterns and events, information and time are key factors to success. Hence, readiness and a fast access through an entire environment for such an event is a decisive factor. 4 | ## Readinizer 5 | The application "Readinizer" analyses an entire AD forest and gathers information about all domains, sites, organizational units (OU) and member computers/servers. As soon as this information is gathered and all relationships between these objects are resolved, the "Readinizer" calls one computer/server of each OU to receive a Resultant Set of Policies (RSoP). A RSoP is a summary of the applied computer settings that were made locally or distributed via group policy objects (GPO). 6 | 7 | Since an OU have the highest precedence when applying GPOs, it is sufficient to query only one computer of each OU. Then an analysis is performed for each received RSoP, comparing the current settings in the AD forest with the recommended settings - based on the benchmark. The result of the analysis is then presented to the user in form of a percentage figure whereby a tree structure of the forest depicts the analysed RSoPs and gives a first view of the readiness. 8 | 9 | In addition, the user has the possibility to simultaneously perform a Sysmon check. Sysmon is a tool by Mark Russinovich which logs the same as default event logger but where the executables are hashed, hence compromisation of such executables can be detected. The user can then drill down the RSoPs to a detailed view over all applied / recommended settings and which GPO applied those settings. 10 | 11 | With the optimization part of the "Readinizer", the distribution of Sysmon to an entire fleet is simplified for the user, as well as the setup of central logging by Windows Event Forwarding - with appropriate templates - is made available in the form of manuals. The "Readinizer" also includes a GPO of recommended settings which can be imported. 12 | ## Manuals and more information 13 | [Wiki](https://github.com/clma91/Readinizer/wiki) 14 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business.Tests/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business.Tests/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.InteropServices; 3 | 4 | [assembly: AssemblyTitle("Readinizer.Backend.Business.Tests")] 5 | [assembly: AssemblyDescription("")] 6 | [assembly: AssemblyConfiguration("")] 7 | [assembly: AssemblyCompany("")] 8 | [assembly: AssemblyProduct("Readinizer.Backend.Business.Tests")] 9 | [assembly: AssemblyCopyright("Copyright © 2019")] 10 | [assembly: AssemblyTrademark("")] 11 | [assembly: AssemblyCulture("")] 12 | 13 | [assembly: ComVisible(false)] 14 | 15 | [assembly: Guid("fac461e3-8f65-4e2f-80d3-69bb1b9abe24")] 16 | 17 | // [assembly: AssemblyVersion("1.0.*")] 18 | [assembly: AssemblyVersion("1.0.0.0")] 19 | [assembly: AssemblyFileVersion("1.0.0.0")] 20 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business.Tests/TestRsopXml/bad_rsop.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business.Tests/TestRsopXml/bad_rsop.xml -------------------------------------------------------------------------------- /Readinizer.Backend.Business.Tests/TestRsopXml/emptyInvalid.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business.Tests/TestRsopXml/emptyInvalid.xml -------------------------------------------------------------------------------- /Readinizer.Backend.Business.Tests/TestRsopXml/emptyValid.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business.Tests/TestRsopXml/emptyValid.xml -------------------------------------------------------------------------------- /Readinizer.Backend.Business.Tests/TestRsopXml/recommended_rsop.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business.Tests/TestRsopXml/recommended_rsop.xml -------------------------------------------------------------------------------- /Readinizer.Backend.Business.Tests/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/DependentAssemblies/Microsoft.GroupPolicy.Management.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business/DependentAssemblies/Microsoft.GroupPolicy.Management.dll -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Factory/TreeNodesFactory.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using System.Collections.ObjectModel; 3 | using System.Linq; 4 | using System.Threading.Tasks; 5 | using Readinizer.Backend.Business.Interfaces; 6 | using Readinizer.Backend.DataAccess.Interfaces; 7 | using Readinizer.Backend.Domain.Models; 8 | 9 | namespace Readinizer.Backend.Business.Factory 10 | { 11 | public class TreeNodesFactory : ITreeNodesFactory 12 | { 13 | private readonly IUnitOfWork unitOfWork; 14 | 15 | public TreeNodesFactory(IUnitOfWork unitOfWork) 16 | { 17 | this.unitOfWork = unitOfWork; 18 | } 19 | 20 | public async Task> CreateTree() 21 | { 22 | var domains = await unitOfWork.ADDomainRepository.GetAllEntities(); 23 | var tree = new ObservableCollection(); 24 | var root = new TreeNode(); 25 | 26 | var rootDomain = domains.FirstOrDefault(); 27 | var rsopPots = GetRsopPotsOfDomain(rootDomain); 28 | if (rootDomain != null) 29 | { 30 | rootDomain.DomainPercentage = rsopPots.Min(x => x.Rsops.Min(y => y.RsopPercentage)); 31 | unitOfWork.ADDomainRepository.Update(rootDomain); 32 | 33 | root = NewDomainNode(rootDomain); 34 | foreach (var rsopPot in rsopPots) 35 | { 36 | var rsopPotOfDomain = NewRsopPotNode(rsopPot); 37 | root.ChildNodes.Add(rsopPotOfDomain); 38 | } 39 | 40 | BuildTree(root, rootDomain.SubADDomains); 41 | } 42 | 43 | await unitOfWork.SaveChangesAsync(); 44 | tree.Add(root); 45 | return tree; 46 | } 47 | 48 | private void BuildTree(TreeNode root, List domains) 49 | { 50 | if (domains != null) 51 | { 52 | foreach (var domain in domains) 53 | { 54 | if (domain.IsAvailable) 55 | { 56 | var rsopPots = GetRsopPotsOfDomain(domain); 57 | domain.DomainPercentage = rsopPots.Min(x => x.Rsops.Min(y => y.RsopPercentage)); 58 | unitOfWork.ADDomainRepository.Update(domain); 59 | 60 | var child = NewDomainNode(domain); 61 | foreach (var rsopPot in rsopPots) 62 | { 63 | var rsopPotOfDomain = NewRsopPotNode(rsopPot); 64 | child.ChildNodes.Add(rsopPotOfDomain); 65 | } 66 | 67 | root.ChildNodes.Add(child); 68 | BuildTree(child, domain.SubADDomains); 69 | } 70 | } 71 | } 72 | } 73 | 74 | private List GetRsopPotsOfDomain(ADDomain domain) 75 | { 76 | var rsopsOfDomain = domain.Rsops; 77 | var rsopPots = new HashSet(); 78 | 79 | if (rsopsOfDomain != null) 80 | { 81 | foreach (var rsop in rsopsOfDomain) 82 | { 83 | rsopPots.Add(unitOfWork.RsopPotRepository.GetByID(rsop.RsopPotRefId)); 84 | } 85 | rsopPots.Remove(null); 86 | } 87 | 88 | return rsopPots.ToList(); 89 | } 90 | 91 | private static TreeNode NewDomainNode(ADDomain domain) 92 | { 93 | return new TreeNode 94 | { 95 | Description = "Domain: ", 96 | IsRSoP = false, 97 | TypeRefIdDictionary = new Dictionary { { "Domain", domain.ADDomainId } }, 98 | Identifier = domain.Name, 99 | AnalysisPercentage = domain.DomainPercentage ?? 0.0 100 | }; 101 | } 102 | 103 | private static TreeNode NewRsopPotNode(RsopPot rsopPot) 104 | { 105 | return new TreeNode 106 | { 107 | Description = rsopPot.Name, 108 | IsRSoP = true, 109 | TypeRefIdDictionary = new Dictionary { { "RSoPPot", rsopPot.RsopPotId } }, 110 | Identifier = rsopPot.DateTime, 111 | AnalysisPercentage = rsopPot.Rsops.First().RsopPercentage, 112 | OrganizationalUnits = rsopPot.Rsops.Select(rsop => rsop.OrganizationalUnit).ToList(), 113 | Rsop = rsopPot.Rsops.FirstOrDefault() 114 | }; 115 | } 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/IADDomainService.cs: -------------------------------------------------------------------------------- 1 | using System.Threading.Tasks; 2 | 3 | namespace Readinizer.Backend.Business.Interfaces 4 | { 5 | public interface IADDomainService 6 | { 7 | Task SearchDomains(string domainName, bool subdomainsChecked); 8 | 9 | bool IsDomainInForest(string fullyQualifiedDomainName); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/IAnalysisService.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using System.Threading.Tasks; 3 | using Readinizer.Backend.Domain.Models; 4 | 5 | namespace Readinizer.Backend.Business.Interfaces 6 | { 7 | public interface IAnalysisService 8 | { 9 | Task> Analyse(string importPath); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/IComputerService.cs: -------------------------------------------------------------------------------- 1 | using System.Threading.Tasks; 2 | 3 | namespace Readinizer.Backend.Business.Interfaces 4 | { 5 | public interface IComputerService 6 | { 7 | Task GetComputers(); 8 | 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/IExportService.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Threading.Tasks; 3 | 4 | namespace Readinizer.Backend.Business.Interfaces 5 | { 6 | public interface IExportService 7 | { 8 | Task Export(Type type, string path); 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/IOrganizationalUnitService.cs: -------------------------------------------------------------------------------- 1 | using System.Threading.Tasks; 2 | 3 | namespace Readinizer.Backend.Business.Interfaces 4 | { 5 | public interface IOrganizationalUnitService 6 | { 7 | Task GetAllOrganizationalUnits(); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/IPingService.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Backend.Business.Interfaces 2 | { 3 | public interface IPingService 4 | { 5 | bool IsPingable(string ipAddress); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/IRSoPPotService.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using System.Threading.Tasks; 3 | using Readinizer.Backend.Domain.Models; 4 | 5 | namespace Readinizer.Backend.Business.Interfaces 6 | { 7 | public interface IRsopPotService 8 | { 9 | Task GenerateRsopPots(); 10 | 11 | Task UpdateRsopPots(List rsops); 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/IRSoPService.cs: -------------------------------------------------------------------------------- 1 | using System.Threading.Tasks; 2 | 3 | namespace Readinizer.Backend.Business.Interfaces 4 | { 5 | public interface IRsopService 6 | { 7 | 8 | Task GetRsopOfReachableComputers(); 9 | 10 | Task GetRsopOfReachableComputersAndCheckSysmon(string serviceName); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/ISecuritySettingParserService.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using System.Threading.Tasks; 3 | using Readinizer.Backend.Domain.Models; 4 | 5 | namespace Readinizer.Backend.Business.Interfaces 6 | { 7 | public interface ISecuritySettingParserService 8 | { 9 | Task> ParseSecuritySettings(int refId, string type); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/ISiteService.cs: -------------------------------------------------------------------------------- 1 | using System.Threading.Tasks; 2 | 3 | namespace Readinizer.Backend.Business.Interfaces 4 | { 5 | public interface ISiteService 6 | { 7 | Task SearchAllSites(); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/ISysmonService.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Backend.Business.Interfaces 2 | { 3 | public interface ISysmonService 4 | { 5 | bool IsSysmonRunning(string serviceName, string user, string computername, string domain); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Interfaces/ITreeNodesFactory.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.ObjectModel; 2 | using System.Threading.Tasks; 3 | using Readinizer.Backend.Domain.Models; 4 | 5 | namespace Readinizer.Backend.Business.Interfaces 6 | { 7 | public interface ITreeNodesFactory 8 | { 9 | Task> CreateTree(); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.InteropServices; 3 | 4 | // General Information about an assembly is controlled through the following 5 | // set of attributes. Change these attribute values to modify the information 6 | // associated with an assembly. 7 | [assembly: AssemblyTitle("Readinizer.Backend.Business")] 8 | [assembly: AssemblyDescription("")] 9 | [assembly: AssemblyConfiguration("")] 10 | [assembly: AssemblyCompany("")] 11 | [assembly: AssemblyProduct("Readinizer.Backend.Business")] 12 | [assembly: AssemblyCopyright("Copyright © 2019")] 13 | [assembly: AssemblyTrademark("")] 14 | [assembly: AssemblyCulture("")] 15 | 16 | // Setting ComVisible to false makes the types in this assembly not visible 17 | // to COM components. If you need to access a type in this assembly from 18 | // COM, set the ComVisible attribute to true on that type. 19 | [assembly: ComVisible(false)] 20 | 21 | // The following GUID is for the ID of the typelib if this project is exposed to COM 22 | [assembly: Guid("ef106843-f162-460a-b2da-8e8d6366cb49")] 23 | 24 | // Version information for an assembly consists of the following four values: 25 | // 26 | // Major Version 27 | // Minor Version 28 | // Build Number 29 | // Revision 30 | // 31 | // You can specify all the values or you can default the Build and Revision Numbers 32 | // by using the '*' as shown below: 33 | // [assembly: AssemblyVersion("1.0.*")] 34 | [assembly: AssemblyVersion("1.0.0.0")] 35 | [assembly: AssemblyFileVersion("1.0.0.0")] 36 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/ReceivedRSoP/Ou_246-Site_37.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business/ReceivedRSoP/Ou_246-Site_37.xml -------------------------------------------------------------------------------- /Readinizer.Backend.Business/ReceivedRSoP/Ou_249-Site_37.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business/ReceivedRSoP/Ou_249-Site_37.xml -------------------------------------------------------------------------------- /Readinizer.Backend.Business/ReceivedRSoP/Ou_251-Site_37.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business/ReceivedRSoP/Ou_251-Site_37.xml -------------------------------------------------------------------------------- /Readinizer.Backend.Business/ReceivedRSoP/Ou_253-Site_37.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Backend.Business/ReceivedRSoP/Ou_253-Site_37.xml -------------------------------------------------------------------------------- /Readinizer.Backend.Business/RecommendedSettings/RecommendedAuditSettings.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "SubCategoryName": "Audit Kerberos Authentication Service", 4 | "PolicyTarget": "Account Logon", 5 | "TargetSettingValue": "SuccessAndFailure" 6 | }, 7 | { 8 | "SubCategoryName": "Audit Kerberos Service Ticket Operations", 9 | "PolicyTarget": "Account Logon", 10 | "TargetSettingValue": "SuccessAndFailure" 11 | }, 12 | { 13 | "SubCategoryName": "Audit Computer Account Management", 14 | "PolicyTarget": "Account Management", 15 | "TargetSettingValue": "Success" 16 | }, 17 | { 18 | "SubCategoryName": "Audit Other Account Management Events", 19 | "PolicyTarget": "Account Management", 20 | "TargetSettingValue": "Success" 21 | }, 22 | { 23 | "SubCategoryName": "Audit Security Group Management", 24 | "PolicyTarget": "Account Management", 25 | "TargetSettingValue": "Success" 26 | }, 27 | { 28 | "SubCategoryName": "Audit User Account Management", 29 | "PolicyTarget": "Account Management", 30 | "TargetSettingValue": "SuccessAndFailure" 31 | }, 32 | { 33 | "SubCategoryName": "Audit Process Creation", 34 | "PolicyTarget": "Detailed Tracking", 35 | "TargetSettingValue": "Success" 36 | }, 37 | { 38 | "SubCategoryName": "Audit Process Termination", 39 | "PolicyTarget": "Detailed Tracking", 40 | "TargetSettingValue": "Success" 41 | }, 42 | { 43 | "SubCategoryName": "Audit Account Lockout", 44 | "PolicyTarget": "Logon/Logoff", 45 | "TargetSettingValue": "Failure" 46 | }, 47 | { 48 | "SubCategoryName": "Audit Group Membership", 49 | "PolicyTarget": "Logon/Logoff", 50 | "TargetSettingValue": "Success" 51 | }, 52 | { 53 | "SubCategoryName": "Audit Logoff", 54 | "PolicyTarget": "Logon/Logoff", 55 | "TargetSettingValue": "Success" 56 | }, 57 | { 58 | "SubCategoryName": "Audit Logon", 59 | "PolicyTarget": "Logon/Logoff", 60 | "TargetSettingValue": "SuccessAndFailure" 61 | }, 62 | { 63 | "SubCategoryName": "Audit Other Logon/Logoff Events", 64 | "PolicyTarget": "Logon/Logoff", 65 | "TargetSettingValue": "SuccessAndFailure" 66 | }, 67 | { 68 | "SubCategoryName": "Audit Special Logon", 69 | "PolicyTarget": "Logon/Logoff", 70 | "TargetSettingValue": "Success" 71 | }, 72 | { 73 | "SubCategoryName": "Audit File Share", 74 | "PolicyTarget": "Object Access", 75 | "TargetSettingValue": "SuccessAndFailure" 76 | }, 77 | { 78 | "SubCategoryName": "Audit File System", 79 | "PolicyTarget": "Object Access", 80 | "TargetSettingValue": "SuccessAndFailure" 81 | }, 82 | { 83 | "SubCategoryName": "Audit Handle Manipulation", 84 | "PolicyTarget": "Object Access", 85 | "TargetSettingValue": "Success" 86 | }, 87 | { 88 | "SubCategoryName": "Audit Kernel Object", 89 | "PolicyTarget": "Object Access", 90 | "TargetSettingValue": "SuccessAndFailure" 91 | }, 92 | { 93 | "SubCategoryName": "Audit Other Object Access Events", 94 | "PolicyTarget": "Object Access", 95 | "TargetSettingValue": "SuccessAndFailure" 96 | }, 97 | { 98 | "SubCategoryName": "Audit Registry", 99 | "PolicyTarget": "Object Access", 100 | "TargetSettingValue": "SuccessAndFailure" 101 | }, 102 | { 103 | "SubCategoryName": "Audit SAM", 104 | "PolicyTarget": "Object Access", 105 | "TargetSettingValue": "SuccessAndFailure" 106 | }, 107 | { 108 | "SubCategoryName": "Audit Audit Policy Change", 109 | "PolicyTarget": "Policy Change", 110 | "TargetSettingValue": "Success" 111 | }, 112 | { 113 | "SubCategoryName": "Audit MPSSVC Rule-Level Policy Change", 114 | "PolicyTarget": "Policy Change", 115 | "TargetSettingValue": "Success" 116 | }, 117 | { 118 | "SubCategoryName": "Audit Non Sensitive Privilege Use", 119 | "PolicyTarget": "Privilege Use", 120 | "TargetSettingValue": "SuccessAndFailure" 121 | }, 122 | { 123 | "SubCategoryName": "Audit Sensitive Privilege Use", 124 | "PolicyTarget": "Privilege Use", 125 | "TargetSettingValue": "SuccessAndFailure" 126 | }, 127 | { 128 | "SubCategoryName": "Audit Security System Extension", 129 | "PolicyTarget": "System", 130 | "TargetSettingValue": "Success" 131 | }, 132 | { 133 | "SubCategoryName": "Audit System Integrity", 134 | "PolicyTarget": "System", 135 | "TargetSettingValue": "SuccessAndFailure" 136 | }, 137 | { 138 | "SubCategoryName": "Audit Directory Service Changes", 139 | "PolicyTarget": "DS Access", 140 | "TargetSettingValue": "Success" 141 | } 142 | ] -------------------------------------------------------------------------------- /Readinizer.Backend.Business/RecommendedSettings/RecommendedPolicies.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Name": "Include command line in process creation events", 4 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\System\\Audit Process Creation", 5 | "TargetState": "Enabled", 6 | "Category": "System/Audit Process Creation" 7 | }, 8 | { 9 | "Name": "Turn on Module Logging", 10 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows PowerShell", 11 | "TargetState": "Enabled", 12 | "Category": "Windows Components/Windows PowerShell", 13 | "ModuleNames": { 14 | "State": "Enabled", 15 | "ValueElementData": "*" 16 | } 17 | }, 18 | { 19 | "Name": "Turn on PowerShell Script Block Logging", 20 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows PowerShell", 21 | "TargetState": "Enabled", 22 | "Category": "Windows Components/Windows PowerShell" 23 | } 24 | ] -------------------------------------------------------------------------------- /Readinizer.Backend.Business/RecommendedSettings/RecommendedRegistrySettings.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Name": "Lsass.exe audit mode", 4 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\SCM: Pass the Hash Mitigations", 5 | "KeyPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\LSASS.exe", 6 | "TargetValue": { 7 | "Name": "AuditLevel", 8 | "Number": "8" 9 | } 10 | }, 11 | { 12 | "Name": "LSA Protection", 13 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\SCM: Pass the Hash Mitigations", 14 | "KeyPath": "SYSTEM\\CurrentControlSet\\Control\\Lsa", 15 | "TargetValue": { 16 | "Name": "RunAsPPL", 17 | "Number": "1" 18 | } 19 | } 20 | ] -------------------------------------------------------------------------------- /Readinizer.Backend.Business/RecommendedSettings/RecommendedSecurityOptions.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Description": "Force Audit Policy", 4 | "Path": "Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options", 5 | "KeyName": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\SCENoApplyLegacyAuditPolicy", 6 | "TargetDisplay": { 7 | "Name": "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings", 8 | "DisplayBoolean": "true" 9 | } 10 | } 11 | ] -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Services/ExportService.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IO; 4 | using System.Linq; 5 | using System.Threading.Tasks; 6 | using Newtonsoft.Json; 7 | using Readinizer.Backend.Business.Interfaces; 8 | using Readinizer.Backend.DataAccess.Interfaces; 9 | using Readinizer.Backend.Domain.Models; 10 | 11 | namespace Readinizer.Backend.Business.Services 12 | { 13 | public class ExportService : IExportService 14 | { 15 | private readonly IUnitOfWork unitOfWork; 16 | private readonly ITreeNodesFactory treeNodesFactory; 17 | 18 | public ExportService(IUnitOfWork unitOfWork, ITreeNodesFactory treeNodesFactory) 19 | { 20 | this.unitOfWork = unitOfWork; 21 | this.treeNodesFactory = treeNodesFactory; 22 | } 23 | 24 | public async Task Export(Type type, string path) 25 | { 26 | var successfullyExported = false; 27 | if (type == typeof(RsopPot)) 28 | { 29 | var treeStructure = await treeNodesFactory.CreateTree(); 30 | successfullyExported = ExportToJson(path, treeStructure.ToList()); 31 | } 32 | if (type == typeof(Rsop)) 33 | { 34 | var allRSoPs = await unitOfWork.RsopRepository.GetAllEntities(); 35 | successfullyExported = ExportToJson(path, allRSoPs); 36 | } 37 | 38 | return successfullyExported; 39 | } 40 | 41 | private bool ExportToJson(string savePath, List collectionToExport) 42 | { 43 | if (collectionToExport.Count > 0) 44 | { 45 | string json = JsonConvert.SerializeObject(collectionToExport, Formatting.Indented, new JsonSerializerSettings 46 | { 47 | ReferenceLoopHandling = ReferenceLoopHandling.Ignore, 48 | NullValueHandling = NullValueHandling.Ignore 49 | }); 50 | File.WriteAllText(savePath, json); 51 | 52 | return true; 53 | } 54 | 55 | return false; 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Services/OrganizationalUnitService.cs: -------------------------------------------------------------------------------- 1 | using Readinizer.Backend.Domain.Models; 2 | using System.Collections.Generic; 3 | using System.Threading.Tasks; 4 | using System.DirectoryServices; 5 | using Readinizer.Backend.Business.Interfaces; 6 | using Readinizer.Backend.DataAccess.Interfaces; 7 | 8 | namespace Readinizer.Backend.Business.Services 9 | { 10 | public class OrganizationalUnitService : IOrganizationalUnitService 11 | { 12 | private readonly IUnitOfWork unitOfWork; 13 | 14 | public OrganizationalUnitService(IUnitOfWork unitOfWork) 15 | { 16 | this.unitOfWork = unitOfWork; 17 | } 18 | 19 | public async Task GetAllOrganizationalUnits() 20 | { 21 | var allDomains = await unitOfWork.ADDomainRepository.GetAllEntities(); 22 | 23 | foreach (var domain in allDomains) 24 | { 25 | if (domain.IsAvailable) 26 | { 27 | var entry = new DirectoryEntry("LDAP://" + domain.Name); 28 | var searcher = new DirectorySearcher(entry) 29 | { 30 | Filter = ("(objectCategory=organizationalUnit)"), SearchScope = SearchScope.OneLevel 31 | }; 32 | var foundOUs = new List(); 33 | 34 | foreach (SearchResult searchResult in searcher.FindAll()) 35 | { 36 | var foundOU = new OrganizationalUnit 37 | { 38 | Name = searchResult.Properties["ou"][0].ToString(), 39 | LdapPath = searchResult.Path, 40 | ADDomainRefId = domain.ADDomainId, 41 | }; 42 | foundOU.SubOrganizationalUnits = GetChildOUs(foundOU.LdapPath, foundOU); 43 | 44 | foundOUs.Add(foundOU); 45 | } 46 | 47 | var defaultContainerSearcher = new DirectorySearcher(entry) 48 | { 49 | Filter = ("(objectCategory=Container)") 50 | }; 51 | defaultContainerSearcher.Filter = ("(CN=Computers)"); 52 | foreach (SearchResult defaultContainers in defaultContainerSearcher.FindAll()) 53 | { 54 | var foundContainer = new OrganizationalUnit 55 | { 56 | Name = defaultContainers.Properties["cn"][0].ToString(), 57 | LdapPath = defaultContainers.Path, 58 | ADDomainRefId = domain.ADDomainId 59 | }; 60 | 61 | foundOUs.Add(foundContainer); 62 | } 63 | 64 | unitOfWork.OrganizationalUnitRepository.AddRange(foundOUs); 65 | } 66 | } 67 | await unitOfWork.SaveChangesAsync(); 68 | } 69 | 70 | public List GetChildOUs(string ldapPath, OrganizationalUnit parentOU) 71 | { 72 | var childOUs = new List(); 73 | 74 | var childEntry = new DirectoryEntry(ldapPath); 75 | var childSearcher = new DirectorySearcher(childEntry) 76 | { 77 | Filter = ("(objectCategory=organizationalUnit)"), SearchScope = SearchScope.OneLevel 78 | }; 79 | 80 | foreach (SearchResult childResult in childSearcher.FindAll()) 81 | { 82 | var childOU = new OrganizationalUnit 83 | { 84 | Name = childResult.Properties["ou"][0].ToString(), 85 | LdapPath = childResult.Path, 86 | ADDomainRefId = parentOU.ADDomainRefId 87 | }; 88 | childOU.SubOrganizationalUnits = GetChildOUs(childOU.LdapPath, childOU); 89 | 90 | childOUs.Add(childOU); 91 | 92 | unitOfWork.OrganizationalUnitRepository.Add(childOU); 93 | } 94 | 95 | return childOUs; 96 | } 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Services/PingService.cs: -------------------------------------------------------------------------------- 1 | using System.Net.NetworkInformation; 2 | using Readinizer.Backend.Business.Interfaces; 3 | 4 | 5 | namespace Readinizer.Backend.Business.Services 6 | { 7 | public class PingService : IPingService 8 | { 9 | public bool IsPingable(string ipAddress) 10 | { 11 | if (ipAddress == null) 12 | { 13 | return false; 14 | } 15 | 16 | var isPingable = false; 17 | Ping pinger = null; 18 | 19 | try 20 | { 21 | pinger = new Ping(); 22 | var reply = pinger.Send(ipAddress, 500); 23 | if (reply != null) isPingable = reply.Status == IPStatus.Success; 24 | } 25 | catch (PingException) 26 | { 27 | return false; 28 | } 29 | finally 30 | { 31 | pinger?.Dispose(); 32 | } 33 | 34 | return isPingable; 35 | } 36 | 37 | } 38 | } -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Services/SecuritySettingParserService.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using System.Linq; 3 | using System.Threading.Tasks; 4 | using Readinizer.Backend.Business.Interfaces; 5 | using Readinizer.Backend.DataAccess.Interfaces; 6 | using Readinizer.Backend.Domain.Models; 7 | 8 | namespace Readinizer.Backend.Business.Services 9 | { 10 | public class SecuritySettingParserService : ISecuritySettingParserService 11 | { 12 | private readonly IUnitOfWork unitOfWork; 13 | 14 | public SecuritySettingParserService(IUnitOfWork unitOfWork) 15 | { 16 | this.unitOfWork = unitOfWork; 17 | } 18 | 19 | public async Task> ParseSecuritySettings(int refId, string type) 20 | { 21 | var rsop = new Rsop(); 22 | if (type.Equals("RSoPPot")) 23 | { 24 | 25 | var rsopPot = unitOfWork.RsopPotRepository.GetByID(refId); 26 | rsop = rsopPot.Rsops.FirstOrDefault(); 27 | } 28 | else 29 | { 30 | rsop = unitOfWork.RsopRepository.GetByID(refId); 31 | } 32 | 33 | var GPOs = await unitOfWork.GpoRepository.GetAllEntities(); 34 | var settings = new List(); 35 | if (rsop != null) 36 | { 37 | foreach (var setting in rsop.AuditSettings) 38 | { 39 | var parsedSetting = SecuritySettingFactory(setting.SubcategoryName, 40 | setting.CurrentSettingValue.ToString(), setting.TargetSettingValue.ToString()); 41 | var gopId = setting.GpoIdentifier; 42 | 43 | ParseSecuritySetting(gopId, parsedSetting, GPOs); 44 | 45 | settings.Add(parsedSetting); 46 | } 47 | 48 | foreach (var setting in rsop.Policies) 49 | { 50 | var parsedSetting = SecuritySettingFactory(setting.Name, setting.CurrentState, setting.TargetState); 51 | var gopId = setting.GpoIdentifier; 52 | 53 | ParseSecuritySetting(gopId, parsedSetting, GPOs); 54 | 55 | settings.Add(parsedSetting); 56 | } 57 | 58 | 59 | foreach (var setting in rsop.RegistrySettings) 60 | { 61 | var parsedSetting = SecuritySettingFactory(setting.Name, setting.CurrentValue.Name, 62 | setting.TargetValue.Name); 63 | var gopId = setting.GpoIdentifier; 64 | 65 | ParseSecuritySetting(gopId, parsedSetting, GPOs); 66 | 67 | settings.Add(parsedSetting); 68 | } 69 | 70 | foreach (var setting in rsop.SecurityOptions) 71 | { 72 | var parsedSetting = SecuritySettingFactory(setting.Description, 73 | setting.CurrentDisplay.DisplayBoolean, setting.TargetDisplay.DisplayBoolean); 74 | var gopId = setting.GpoIdentifier; 75 | 76 | ParseSecuritySetting(gopId, parsedSetting, GPOs); 77 | 78 | settings.Add(parsedSetting); 79 | } 80 | } 81 | 82 | 83 | return settings; 84 | } 85 | 86 | private static SecuritySettingsParsed SecuritySettingFactory(string setting, string value, string target) 87 | { 88 | return new SecuritySettingsParsed 89 | { 90 | Setting = setting, 91 | Value = value, 92 | Target = target 93 | }; 94 | } 95 | 96 | private static void ParseSecuritySetting(string gopId, SecuritySettingsParsed parsedSetting, List GPOs) 97 | { 98 | parsedSetting.GPO = gopId.Equals("NoGpoId") ? "-" : GPOs.Find(x => x.GpoPath.GpoIdentifier.Id.Equals(gopId)).Name; 99 | 100 | if (parsedSetting.Value.Equals(parsedSetting.Target)) 101 | { 102 | parsedSetting.Icon = "Check"; 103 | parsedSetting.Color = "Green"; 104 | } 105 | else if (parsedSetting.Value.Equals("NotDefined") || parsedSetting.Value.Equals("Undefined")) 106 | { 107 | parsedSetting.Icon = "Exclamation"; 108 | parsedSetting.Color = "Orange"; 109 | } 110 | else 111 | { 112 | parsedSetting.Icon = "Close"; 113 | parsedSetting.Color = "Red"; 114 | } 115 | } 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Services/SiteService.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Threading.Tasks; 4 | using Readinizer.Backend.Business.Interfaces; 5 | using Readinizer.Backend.DataAccess.Interfaces; 6 | using Readinizer.Backend.Domain.Models; 7 | using AD = System.DirectoryServices.ActiveDirectory; 8 | 9 | namespace Readinizer.Backend.Business.Services 10 | { 11 | public class SiteService : ISiteService 12 | { 13 | private readonly IUnitOfWork unitOfWork; 14 | 15 | public SiteService(IUnitOfWork unitOfWork) 16 | { 17 | this.unitOfWork = unitOfWork; 18 | } 19 | 20 | public async Task SearchAllSites() 21 | { 22 | var sites = new List(); 23 | var allDomains = await unitOfWork.ADDomainRepository.GetAllEntities(); 24 | 25 | try 26 | { 27 | var forestSites = AD.Forest.GetCurrentForest().Sites; 28 | 29 | foreach (AD.ActiveDirectorySite site in forestSites) 30 | { 31 | sites.Add(site); 32 | } 33 | } 34 | catch (Exception e) 35 | { 36 | Console.WriteLine(e); 37 | throw; 38 | } 39 | 40 | var models = MapToDomainModel(sites, allDomains); 41 | unitOfWork.SiteRepository.AddRange(models); 42 | 43 | await unitOfWork.SaveChangesAsync(); 44 | } 45 | 46 | private static List MapToDomainModel(List sites, List allDomains) 47 | { 48 | var adSites = new List(); 49 | 50 | foreach (var site in sites) 51 | { 52 | var siteADDomains = new List(); 53 | 54 | var siteDomains = site.Domains; 55 | foreach (AD.Domain siteDomain in siteDomains) 56 | { 57 | siteADDomains.Add(allDomains.Find(x => x.Name.Equals(siteDomain.Name))); 58 | } 59 | 60 | var subnets = new List(); 61 | foreach (AD.ActiveDirectorySubnet activeDirectorySubnet in site.Subnets) 62 | { 63 | subnets.Add(activeDirectorySubnet.Name); 64 | } 65 | 66 | var adSite = new Site { Name = site.Name, Subnets = subnets, Domains = siteADDomains}; 67 | adSites.Add(adSite); 68 | } 69 | 70 | return adSites; 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/Services/SysmonService.cs: -------------------------------------------------------------------------------- 1 | using System.Management; 2 | using Readinizer.Backend.Business.Interfaces; 3 | using Readinizer.Backend.DataAccess.Interfaces; 4 | 5 | namespace Readinizer.Backend.Business.Services 6 | { 7 | public class SysmonService : ISysmonService 8 | { 9 | private readonly IUnitOfWork unitOfWork; 10 | private readonly IPingService pingService; 11 | 12 | public SysmonService(IUnitOfWork unitOfWork, IPingService pingService) 13 | { 14 | this.unitOfWork = unitOfWork; 15 | this.pingService = pingService; 16 | } 17 | 18 | public bool IsSysmonRunning(string serviceName, string user, string computerName, string domain) 19 | { 20 | var op = new ConnectionOptions(); 21 | var scope = new ManagementScope(@"\\" + computerName +"."+ domain + "\\root\\cimv2", op); 22 | scope.Connect(); 23 | var path = new ManagementPath("Win32_Service"); 24 | var services = new ManagementClass(scope, path, null); 25 | 26 | foreach (var service in services.GetInstances()) 27 | { 28 | if (service.GetPropertyValue("Name").ToString().Equals(serviceName) && service.GetPropertyValue("State").ToString().ToLower().Equals("running")) 29 | { 30 | return true; 31 | } 32 | } 33 | return false; 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /Readinizer.Backend.Business/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/Context/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/Interfaces/IGenericRepository.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using System.Threading.Tasks; 3 | 4 | namespace Readinizer.Backend.DataAccess.Interfaces 5 | { 6 | public interface IGenericRepository where TEntity : class 7 | { 8 | Task> GetAllEntities(); 9 | void Add(TEntity entity); 10 | void AddRange(List entities); 11 | void Update(TEntity entityToUpdate); 12 | void DeleteById(object id); 13 | void Delete(TEntity entityToDelete); 14 | TEntity GetByID(object id); 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/Interfaces/IReadinizerDbContext.cs: -------------------------------------------------------------------------------- 1 | using System.Data.Entity; 2 | using Readinizer.Backend.Domain.Models; 3 | 4 | namespace Readinizer.Backend.DataAccess.Interfaces 5 | { 6 | public interface IReadinizerDbContext 7 | { 8 | DbSet ADDomains { get; set; } 9 | DbSet OrganizationalUnits { get; set; } 10 | DbSet Computers { get; set; } 11 | DbSet Sites { get; set; } 12 | DbSet RSoPs { get; set; } 13 | DbSet RSoPPots { get; set; } 14 | DbSet AuditSettings { get; set; } 15 | DbSet Policies { get; set; } 16 | DbSet RegistrySettings { get; set; } 17 | DbSet SecurityOptions { get; set; } 18 | DbSet Gpos { get; set; } 19 | } 20 | } -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/Interfaces/IUnitOfWork.cs: -------------------------------------------------------------------------------- 1 | using System.Threading.Tasks; 2 | using Readinizer.Backend.DataAccess.Repositories; 3 | using Readinizer.Backend.Domain.Models; 4 | 5 | namespace Readinizer.Backend.DataAccess.Interfaces 6 | { 7 | public interface IUnitOfWork 8 | { 9 | GenericRepository ADDomainRepository { get; } 10 | GenericRepository OrganizationalUnitRepository { get; } 11 | OrganizationalUnitRepository SpecificOrganizationalUnitRepository { get; } 12 | GenericRepository ComputerRepository { get; } 13 | GenericRepository SiteRepository { get; } 14 | SiteRepository SpecificSiteRepository { get; } 15 | GenericRepository RsopRepository { get; } 16 | GenericRepository RsopPotRepository { get; } 17 | GenericRepository GpoRepository { get; } 18 | Task SaveChangesAsync(); 19 | void Dispose(bool disposing); 20 | void Dispose(); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.InteropServices; 3 | 4 | // General Information about an assembly is controlled through the following 5 | // set of attributes. Change these attribute values to modify the information 6 | // associated with an assembly. 7 | [assembly: AssemblyTitle("Readinizer.Backend.DataAccess")] 8 | [assembly: AssemblyDescription("")] 9 | [assembly: AssemblyConfiguration("")] 10 | [assembly: AssemblyCompany("")] 11 | [assembly: AssemblyProduct("Readinizer.Backend.DataAccess")] 12 | [assembly: AssemblyCopyright("Copyright © 2019")] 13 | [assembly: AssemblyTrademark("")] 14 | [assembly: AssemblyCulture("")] 15 | 16 | // Setting ComVisible to false makes the types in this assembly not visible 17 | // to COM components. If you need to access a type in this assembly from 18 | // COM, set the ComVisible attribute to true on that type. 19 | [assembly: ComVisible(false)] 20 | 21 | // The following GUID is for the ID of the typelib if this project is exposed to COM 22 | [assembly: Guid("51ece65b-5658-4422-8514-e8be27d0bd95")] 23 | 24 | // Version information for an assembly consists of the following four values: 25 | // 26 | // Major Version 27 | // Minor Version 28 | // Build Number 29 | // Revision 30 | // 31 | // You can specify all the values or you can default the Build and Revision Numbers 32 | // by using the '*' as shown below: 33 | // [assembly: AssemblyVersion("1.0.*")] 34 | [assembly: AssemblyVersion("1.0.0.0")] 35 | [assembly: AssemblyFileVersion("1.0.0.0")] 36 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/Repositories/GenericRepository.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Data.Entity; 4 | using System.Threading.Tasks; 5 | using Readinizer.Backend.DataAccess.Context; 6 | using Readinizer.Backend.DataAccess.Interfaces; 7 | 8 | namespace Readinizer.Backend.DataAccess.Repositories 9 | { 10 | public class GenericRepository : IGenericRepository where TEntity: class 11 | { 12 | internal ReadinizerDbContext context; 13 | internal DbSet dbSet; 14 | 15 | public GenericRepository(ReadinizerDbContext context) 16 | { 17 | this.context = context; 18 | dbSet = context.Set(); 19 | } 20 | 21 | public virtual TEntity GetByID(object id) 22 | { 23 | return dbSet.Find(id); 24 | } 25 | 26 | public virtual Task> GetAllEntities() 27 | { 28 | return dbSet.ToListAsync(); 29 | } 30 | 31 | public virtual void Add(TEntity entity) 32 | { 33 | if (entity == null) 34 | { 35 | throw new ArgumentNullException(nameof(entity)); 36 | } 37 | 38 | dbSet.Add(entity); 39 | } 40 | 41 | public virtual void AddRange(List entities) 42 | { 43 | dbSet.AddRange(entities); 44 | } 45 | 46 | public virtual void Update(TEntity entityToUpdate) 47 | { 48 | dbSet.Attach(entityToUpdate); 49 | context.Entry(entityToUpdate).State = EntityState.Modified; 50 | } 51 | 52 | public virtual void DeleteById(object id) 53 | { 54 | TEntity entityToDelete = dbSet.Find(id); 55 | Delete(entityToDelete); 56 | } 57 | 58 | public virtual void Delete(TEntity entityToDelete) 59 | { 60 | if (context.Entry(entityToDelete).State == EntityState.Detached) 61 | { 62 | dbSet.Attach(entityToDelete); 63 | } 64 | 65 | dbSet.Remove(entityToDelete); 66 | } 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/Repositories/OrganizationalUnitRepository.cs: -------------------------------------------------------------------------------- 1 | using System.Linq; 2 | using Readinizer.Backend.DataAccess.Context; 3 | using Readinizer.Backend.Domain.Models; 4 | 5 | namespace Readinizer.Backend.DataAccess.Repositories 6 | { 7 | public class OrganizationalUnitRepository : GenericRepository 8 | { 9 | public OrganizationalUnitRepository(ReadinizerDbContext context) : base(context) 10 | { 11 | } 12 | 13 | public virtual OrganizationalUnit GetOrganisationalUnitByNames(string ouName, string domainName) 14 | { 15 | return context.Set().FirstOrDefault(x => x.Name == ouName && x.ADDomain.Name == domainName); 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/Repositories/SiteRepository.cs: -------------------------------------------------------------------------------- 1 | using System.Linq; 2 | using Readinizer.Backend.DataAccess.Context; 3 | using Readinizer.Backend.Domain.Models; 4 | 5 | namespace Readinizer.Backend.DataAccess.Repositories 6 | { 7 | public class SiteRepository : GenericRepository 8 | { 9 | public SiteRepository(ReadinizerDbContext context) : base(context) 10 | { 11 | } 12 | 13 | public virtual Site GetOrganisationalUnitByName(string name) 14 | { 15 | return context.Set().FirstOrDefault(x => x.Name == name); 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /Readinizer.Backend.DataAccess/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ClassDiagram1.cd: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | AQAAAgAAAAAQAAQAUAAAAAQQAQAAAAAAAgAAEIAAAAA= 7 | Models\ADDomain.cs 8 | 9 | 10 | 11 | 12 | 13 | QAEAAgAAAAAAgAAAAACAIAAAAAAAQAAAAAABAAABAAA= 14 | Models\Computer.cs 15 | 16 | 17 | 18 | 19 | 20 | AQCAAAIAAAAgEAAAAAAAAAQAAAAAABAAAgIAAAAEAAA= 21 | Models\OrganisationalUnit.cs 22 | 23 | 24 | 25 | 26 | 27 | KQACAAAAAAAggABEAAAAAIAAAgBAAAAACAAAAQABAAA= 28 | Models\Rsop.cs 29 | 30 | 31 | 32 | 33 | 34 | IQAAAAAAAAAAAAAABAAAAAQAAgAAAAQAAAAAAAAAAAA= 35 | Models\RsopPot.cs 36 | 37 | 38 | 39 | 40 | 41 | AAAAAAAAAAAAAAAAAAAAACAIAAAAAAAAAAAggAFAAAA= 42 | Models\SecuritySettingsParsed.cs 43 | 44 | 45 | 46 | 47 | 48 | AQAAAAAAEAAAAAAAAAAAAAQAAAAAABAAAAAAQAAQAAA= 49 | Models\Site.cs 50 | 51 | 52 | 53 | 54 | 55 | AAAAAgQAAAAgIAAAAAAAABAAAAAAAAAAAACAQAAIAAA= 56 | Models\TreeNode.cs 57 | 58 | 59 | 60 | 61 | 62 | BAAEAAEgAAAEAIAAAAAACAQAAAAAAAgAAAAAQAAIAAA= 63 | Models\Gpo.cs 64 | 65 | 66 | 67 | 68 | 69 | BAIAAAEAEAAAAAAAgAAAACQAAAAAAMAAAAAABEIICAA= 70 | Models\Policy.cs 71 | 72 | 73 | 74 | 75 | 76 | RAAAAAEAEAAAAAAAgAAAAAQgAAAgAIQAAAAAAEAIAAA= 77 | Models\RegistrySetting.cs 78 | 79 | 80 | 81 | 82 | 83 | BAAAAAEAEAAggAIAgAAAAAAAAAAAAMAAAAAAAEIIQAA= 84 | Models\SecurityOption.cs 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | Models\AuditSetting.cs 93 | 94 | 95 | 96 | 97 | BCAAAAEAEAAgAAAAgAAAAAAAAAAAAMAAAQAAAEAIAQA= 98 | Models\AuditSetting.cs 99 | 100 | 101 | 102 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Exceptions/InvalidAuthenticationException.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace Readinizer.Backend.Domain.Exceptions 4 | { 5 | public class InvalidAuthenticationException : Exception 6 | { 7 | public string Details { get; set; } 8 | 9 | public InvalidAuthenticationException(string message, string details = null) : base(message) 10 | { 11 | Details = details; 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Exceptions/InvalidXmlException.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace Readinizer.Backend.Domain.Exceptions 4 | { 5 | public class InvalidXmlException : Exception 6 | { 7 | public string Details { get; set; } 8 | 9 | public InvalidXmlException(string message, string details = null) : base(message) 10 | { 11 | Details = details; 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/ADDomain.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using Newtonsoft.Json; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class ADDomain 7 | { 8 | [JsonIgnore] 9 | public int ADDomainId { get; set; } 10 | 11 | [JsonIgnore] 12 | public int? ParentId { get; set; } 13 | 14 | public string Name { get; set; } 15 | 16 | public bool IsTreeRoot { get; set; } 17 | 18 | public bool IsForestRoot { get; set; } 19 | 20 | public bool IsAvailable { get; set; } 21 | 22 | [JsonIgnore] 23 | public virtual List SubADDomains { get; set; } 24 | 25 | [JsonIgnore] 26 | public virtual List OrganizationalUnits { get; set; } 27 | 28 | [JsonIgnore] 29 | public virtual ICollection Sites { get; set; } 30 | 31 | [JsonIgnore] 32 | public virtual List Rsops { get; set; } 33 | 34 | [JsonIgnore] 35 | public virtual List RsopPots { get; set; } 36 | 37 | [JsonIgnore] 38 | public double? DomainPercentage { get; set; } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/AuditSetting.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.Models 4 | { 5 | public class AuditSetting : GpoSetting 6 | { 7 | [JsonIgnore] 8 | public int AuditSettingId { get; set; } 9 | 10 | [JsonIgnore] 11 | public int RsopRefId { get; set; } 12 | 13 | [JsonIgnore] 14 | public Rsop Rsop { get; set; } 15 | 16 | [JsonProperty("SubCategoryName")] 17 | public string SubcategoryName { get; set; } 18 | 19 | [JsonProperty("PolicyTarget")] 20 | public string PolicyTarget { get; set; } 21 | 22 | [JsonProperty("TargetSettingValue")] 23 | public AuditSettingValue TargetSettingValue { get; set; } 24 | 25 | [JsonProperty("SettingValue")] 26 | public AuditSettingValue CurrentSettingValue { get; set; } 27 | 28 | public override bool IsStatusOk => CurrentSettingValue.Equals(TargetSettingValue); 29 | 30 | public override bool Equals(object obj) 31 | { 32 | if (GpoIdentifier != null && SubcategoryName != null) 33 | { 34 | if (!(obj is AuditSetting auditSetting)) 35 | { 36 | return false; 37 | } 38 | 39 | return SubcategoryName.Equals(auditSetting.SubcategoryName) && CurrentSettingValue.Equals(auditSetting.CurrentSettingValue); 40 | } 41 | 42 | return base.Equals(obj); 43 | } 44 | 45 | public override int GetHashCode() 46 | { 47 | return base.GetHashCode(); 48 | } 49 | 50 | public enum AuditSettingValue 51 | { 52 | NoAuditing, 53 | Success, 54 | Failure, 55 | SuccessAndFailure 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/Computer.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using Newtonsoft.Json; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class Computer 7 | { 8 | [JsonIgnore] 9 | public int ComputerId { get; set; } 10 | 11 | public string ComputerName { get; set; } 12 | 13 | public bool IsDomainController { get; set; } 14 | 15 | public virtual ICollection OrganizationalUnits { get; set; } 16 | 17 | public string IpAddress { get; set; } 18 | 19 | [JsonIgnore] 20 | public bool PingSuccessful { get; set; } 21 | 22 | [JsonIgnore] 23 | public int? SiteRefId { get; set; } 24 | 25 | public Site Site { get; set; } 26 | 27 | public bool? isSysmonRunning { get; set; } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/Gpo.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using Newtonsoft.Json; 3 | using Readinizer.Backend.Domain.ModelsJson.Converter; 4 | using Readinizer.Backend.Domain.ModelsJson.HelperClasses; 5 | 6 | namespace Readinizer.Backend.Domain.Models 7 | { 8 | public class Gpo 9 | { 10 | [JsonIgnore] 11 | public int GpoId { get; set; } 12 | 13 | [JsonIgnore] 14 | public int RsopRefId { get; set; } 15 | 16 | [JsonIgnore] 17 | public Rsop Rsop { get; set; } 18 | 19 | [JsonProperty("Name")] 20 | public string Name { get; set; } 21 | 22 | [JsonProperty("Identifier")] 23 | public Identifier GpoIdentifier { get; set; } = new Identifier(); 24 | 25 | [JsonProperty("Path")] 26 | public Path GpoPath { get; set; } 27 | 28 | [JsonProperty("Enabled")] 29 | public string Enabled { get; set; } 30 | 31 | [JsonProperty("Link")] 32 | [JsonConverter(typeof(SingleValueArrayConverter))] 33 | public List Link { get; set; } 34 | 35 | public Gpo NotIdentified() 36 | { 37 | return new Gpo 38 | { 39 | Name = "Undefined", 40 | GpoIdentifier = new Identifier 41 | { 42 | Id = "No Identifier" 43 | }, 44 | GpoPath = new Path 45 | { 46 | GpoIdentifier = new Identifier 47 | { 48 | Id = "No Identifier" 49 | } 50 | }, 51 | Enabled = "Undefined", 52 | Link = new List 53 | { 54 | new Link 55 | { 56 | AppliedOrder = "Undefined", 57 | SOMPath = "Undefined" 58 | } 59 | } 60 | }; 61 | } 62 | 63 | public bool ShouldSerializeGpoIdentifier() => false; 64 | 65 | public bool ShouldSerializeLink() => false; 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/GpoSetting.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Backend.Domain.Models 2 | { 3 | public class GpoSetting 4 | { 5 | public string GpoIdentifier { get; set; } 6 | 7 | public bool IsPresent { get; set; } 8 | 9 | public virtual bool IsStatusOk { get; set; } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/OrganizationalUnit.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using Newtonsoft.Json; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class OrganizationalUnit 7 | { 8 | [JsonIgnore] 9 | public int OrganizationalUnitsId { get; set; } 10 | 11 | public string Name { get; set; } 12 | 13 | [JsonIgnore] 14 | public string LdapPath { get; set; } 15 | 16 | [JsonIgnore] 17 | public int? ParentId { get; set; } 18 | 19 | [JsonIgnore] 20 | public int ADDomainRefId { get; set; } 21 | 22 | public virtual ADDomain ADDomain { get; set; } 23 | 24 | [JsonIgnore] 25 | public virtual List Rsops { get; set; } 26 | 27 | [JsonIgnore] 28 | public virtual ICollection SubOrganizationalUnits { get; set; } 29 | 30 | [JsonIgnore] 31 | public virtual ICollection Computers { get; set; } 32 | 33 | [JsonIgnore] 34 | public bool? HasReachableComputer { get; set; } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/Policy.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Readinizer.Backend.Domain.ModelsJson.HelperClasses; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class Policy : GpoSetting 7 | { 8 | [JsonIgnore] 9 | public int PolicyId { get; set; } 10 | 11 | [JsonIgnore] 12 | public int RsopRefId { get; set; } 13 | 14 | [JsonIgnore] 15 | public Rsop Rsop { get; set; } 16 | 17 | [JsonProperty("Name")] 18 | public string Name { get; set; } 19 | 20 | [JsonProperty("TargetState")] 21 | public string TargetState { get; set; } 22 | 23 | public string CurrentState { get; set; } 24 | 25 | [JsonProperty("Category")] 26 | public string Category { get; set; } 27 | 28 | [JsonProperty("ModuleNames")] 29 | public ModuleNames ModuleNames { get; set; } = new ModuleNames(); 30 | 31 | public override bool IsStatusOk => CurrentState.Equals(TargetState); 32 | 33 | public override bool Equals(object obj) 34 | { 35 | if (CurrentState != null && GpoIdentifier != null) 36 | { 37 | var otherPolicy = obj as Policy; 38 | 39 | if (otherPolicy == null) 40 | { 41 | return false; 42 | } 43 | 44 | if (ModuleNames.ValueElementData != null) 45 | { 46 | return CurrentState == otherPolicy.CurrentState && ModuleNames.ValueElementData == otherPolicy.ModuleNames.ValueElementData; 47 | } 48 | 49 | return CurrentState.Equals(otherPolicy.CurrentState); 50 | } 51 | 52 | return base.Equals(obj); 53 | } 54 | 55 | public override int GetHashCode() 56 | { 57 | return Name.GetHashCode() * 17; 58 | } 59 | 60 | public bool ShouldSerializeModuleNames() => false; 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/RegistrySetting.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Readinizer.Backend.Domain.ModelsJson.HelperClasses; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class RegistrySetting : GpoSetting 7 | { 8 | [JsonIgnore] 9 | public int RegistrySettingId { get; set; } 10 | 11 | [JsonIgnore] 12 | public int RsopRefId { get; set; } 13 | 14 | [JsonIgnore] 15 | public Rsop Rsop { get; set; } 16 | 17 | [JsonProperty("Name")] 18 | public string Name { get; set; } 19 | 20 | [JsonProperty("KeyPath")] 21 | public string KeyPath { get; set; } 22 | 23 | [JsonProperty("TargetValue")] 24 | public Value TargetValue { get; set; } 25 | 26 | public Value CurrentValue { get; set; } = new Value(); 27 | 28 | public override bool IsStatusOk => CurrentValue.Number.Equals(TargetValue.Number); 29 | 30 | public override bool Equals(object obj) 31 | { 32 | if (GpoIdentifier != null) 33 | { 34 | var registrySetting = obj as RegistrySetting; 35 | 36 | if (registrySetting == null) 37 | { 38 | return false; 39 | } 40 | 41 | return CurrentValue.Name == registrySetting.CurrentValue.Name && CurrentValue.Number == registrySetting.CurrentValue.Number; 42 | } 43 | return base.Equals(obj); 44 | } 45 | 46 | public override int GetHashCode() 47 | { 48 | return Name.GetHashCode() * 17; 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/Rsop.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using Newtonsoft.Json; 5 | 6 | namespace Readinizer.Backend.Domain.Models 7 | { 8 | public class Rsop 9 | { 10 | [JsonIgnore] 11 | public int RsopId { get; set; } 12 | 13 | [JsonIgnore] 14 | public int? DomainRefId { get; set; } 15 | 16 | [JsonIgnore] 17 | public virtual ADDomain Domain { get; set; } 18 | 19 | [JsonIgnore] 20 | public int? OURefId { get; set; } 21 | 22 | [JsonIgnore] 23 | public virtual OrganizationalUnit OrganizationalUnit { get; set; } 24 | 25 | [JsonIgnore] 26 | public int? SiteRefId { get; set; } 27 | 28 | public virtual Site Site { get; set; } 29 | 30 | [JsonIgnore] 31 | public int? RsopPotRefId { get; set; } 32 | 33 | [JsonIgnore] 34 | public virtual RsopPot RsopPot { get; set; } 35 | 36 | public double RsopPercentage 37 | { 38 | get 39 | { 40 | var counterAuditSettings = AuditSettings.Count(auditSetting => auditSetting.TargetSettingValue == auditSetting.CurrentSettingValue); 41 | var counterPolicies = Policies.Count(policy => policy.TargetState == policy.CurrentState); 42 | var counterRegistrySettings = RegistrySettings.Count(registrySetting => registrySetting.IsPresent && registrySetting.CurrentValue.Number == registrySetting.TargetValue.Number 43 | && registrySetting.CurrentValue.Element.Modules == registrySetting.TargetValue.Element.Modules); 44 | var counterSecurityOptions = SecurityOptions.Count(securityOption => securityOption.TargetDisplay.DisplayBoolean == securityOption.CurrentDisplay.DisplayBoolean); 45 | 46 | var overallCounter = counterAuditSettings + counterPolicies + counterRegistrySettings + counterSecurityOptions; 47 | var sumOfSettings = AuditSettings.Count + Policies.Count + RegistrySettings.Count + SecurityOptions.Count; 48 | 49 | return Math.Round(((double)overallCounter / (double)sumOfSettings) * 100); 50 | } 51 | } 52 | 53 | public virtual ICollection AuditSettings { get; set; } 54 | 55 | public virtual ICollection Policies { get; set; } 56 | 57 | public virtual ICollection RegistrySettings { get; set; } 58 | 59 | public virtual ICollection SecurityOptions { get; set; } 60 | 61 | public virtual ICollection Gpos { get; set; } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/RsopPot.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using Newtonsoft.Json; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class RsopPot 7 | { 8 | [JsonIgnore] 9 | public int RsopPotId { get; set; } 10 | 11 | public string Name { get; set; } 12 | 13 | public string DateTime { get; set; } 14 | 15 | public int? DomainRefId { get; set; } 16 | 17 | public virtual ADDomain Domain { get; set; } 18 | 19 | public virtual ICollection Rsops { get; set; } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/SecurityOption.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Readinizer.Backend.Domain.ModelsJson.HelperClasses; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class SecurityOption : GpoSetting 7 | { 8 | [JsonIgnore] 9 | public int SecurityOptionId { get; set; } 10 | 11 | [JsonIgnore] 12 | public int RsopRefId { get; set; } 13 | 14 | [JsonIgnore] 15 | public Rsop Rsop { get; set; } 16 | 17 | [JsonProperty("Description")] 18 | public string Description { get; set; } 19 | 20 | [JsonProperty("Path")] 21 | public string Path { get; set; } 22 | 23 | [JsonProperty("KeyName")] 24 | public string KeyName { get; set; } 25 | 26 | [JsonProperty("TargetDisplay")] 27 | public Display TargetDisplay { get; set; } 28 | 29 | public Display CurrentDisplay { get; set; } = new Display(); 30 | 31 | public override bool IsStatusOk => CurrentDisplay.DisplayBoolean.Equals(TargetDisplay.DisplayBoolean); 32 | 33 | public override bool Equals(object obj) 34 | { 35 | if (CurrentDisplay.Name != null && CurrentDisplay.DisplayBoolean != null) 36 | { 37 | var securityOption = obj as SecurityOption; 38 | 39 | if (securityOption == null) 40 | { 41 | return false; 42 | } 43 | 44 | return CurrentDisplay.Name == securityOption.CurrentDisplay.Name && 45 | CurrentDisplay.DisplayBoolean == securityOption.CurrentDisplay.DisplayBoolean; 46 | } 47 | return base.Equals(obj); 48 | } 49 | 50 | public override int GetHashCode() 51 | { 52 | return Description.GetHashCode() * 17; 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/SecuritySettingsParsed.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Backend.Domain.Models 2 | { 3 | public class SecuritySettingsParsed 4 | { 5 | public string Icon { get; set; } 6 | 7 | public string Color { get; set; } 8 | 9 | public string Setting { get; set; } 10 | 11 | public string Value { get; set; } 12 | 13 | public string Target { get; set; } 14 | 15 | public string GPO { get; set; } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/Site.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using Newtonsoft.Json; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class Site 7 | { 8 | [JsonIgnore] 9 | public int SiteId { get; set; } 10 | 11 | public string Name { get; set; } 12 | 13 | public virtual ICollection Subnets { get; set; } 14 | 15 | [JsonIgnore] 16 | public virtual ICollection Domains { get; set; } 17 | 18 | [JsonIgnore] 19 | public virtual ICollection Computers { get; set; } 20 | 21 | [JsonIgnore] 22 | public virtual List Rsops { get; set; } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Models/TreeNode.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using Newtonsoft.Json; 3 | 4 | namespace Readinizer.Backend.Domain.Models 5 | { 6 | public class TreeNode 7 | { 8 | [JsonIgnore] 9 | public Dictionary TypeRefIdDictionary { get; set; } 10 | 11 | public string Identifier { get; set; } 12 | 13 | public string Description { get; set; } 14 | 15 | public double AnalysisPercentage { get; set; } 16 | 17 | [JsonIgnore] 18 | public bool IsRSoP { get; set; } 19 | 20 | public List ChildNodes { get; set; } = new List(); 21 | 22 | public List OrganizationalUnits { get; set; } 23 | 24 | public Rsop Rsop { get; set; } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/AuditSettingJson.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Readinizer.Backend.Domain.Models; 3 | 4 | namespace Readinizer.Backend.Domain.ModelsJson 5 | { 6 | public class AuditSettingJson 7 | { 8 | public AuditSettingJson() 9 | { 10 | SubcategoryName = "Undefined"; 11 | PolicyTarget = "Undefined"; 12 | CurrentSettingValue = 0; 13 | } 14 | 15 | [JsonProperty("GPO")] 16 | public Gpo Gpo { get; set; } 17 | 18 | [JsonProperty("SubCategoryName")] 19 | public string SubcategoryName { get; set; } 20 | 21 | [JsonProperty("PolicyTarget")] 22 | public string PolicyTarget { get; set; } 23 | 24 | [JsonProperty("SettingValue")] 25 | public AuditSetting.AuditSettingValue CurrentSettingValue { get; set; } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/Converter/SingleValueArrayConverter.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using Newtonsoft.Json; 4 | 5 | namespace Readinizer.Backend.Domain.ModelsJson.Converter 6 | { 7 | public class SingleValueArrayConverter : JsonConverter 8 | { 9 | public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer) 10 | { 11 | throw new NotImplementedException(); 12 | } 13 | 14 | public override bool CanWrite => false; 15 | 16 | public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) 17 | { 18 | var returnValue = new object(); 19 | if (reader.TokenType == JsonToken.StartObject) 20 | { 21 | var instance = (T)serializer.Deserialize(reader, typeof(T)); 22 | returnValue = new List() { instance }; 23 | } 24 | else if (reader.TokenType == JsonToken.StartArray) 25 | { 26 | returnValue = serializer.Deserialize(reader, objectType); 27 | } 28 | return returnValue; 29 | } 30 | 31 | public override bool CanConvert(Type objectType) 32 | { 33 | return true; 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/HelperClasses/Display.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.ModelsJson.HelperClasses 4 | { 5 | public class Display 6 | { 7 | public Display() 8 | { 9 | Name = "Undefined"; 10 | DisplayBoolean = "Undefined"; 11 | } 12 | 13 | [JsonProperty("Name")] 14 | public string Name { get; set; } 15 | 16 | [JsonProperty("DisplayBoolean")] 17 | public string DisplayBoolean { get; set; } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/HelperClasses/Element.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.ModelsJson.HelperClasses 4 | { 5 | public class Element 6 | { 7 | public Element() 8 | { 9 | Modules = "Undefined"; 10 | } 11 | 12 | [JsonProperty("Data")] 13 | public string Modules { get; set; } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/HelperClasses/Identifier.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.ModelsJson.HelperClasses 4 | { 5 | public class Identifier 6 | { 7 | [JsonProperty("#text")] 8 | public string Id { get; set; } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/HelperClasses/Link.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.ModelsJson.HelperClasses 4 | { 5 | public class Link 6 | { 7 | [JsonProperty("SOMPath")] 8 | public string SOMPath { get; set; } 9 | 10 | [JsonProperty("AppliedOrder")] 11 | public string AppliedOrder { get; set; } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/HelperClasses/ListBox.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.ModelsJson.HelperClasses 4 | { 5 | public class ListBox 6 | { 7 | public ListBox() 8 | { 9 | Value = new Value(); 10 | State = "Undefined"; 11 | } 12 | [JsonProperty("Value")] 13 | public Value Value { get; set; } 14 | 15 | [JsonProperty("State")] 16 | public string State { get; set; } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/HelperClasses/ModuleNames.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.ModelsJson.HelperClasses 4 | { 5 | public class ModuleNames 6 | { 7 | [JsonProperty("State")] 8 | public string State { get; set; } 9 | 10 | [JsonProperty("ValueElementData")] 11 | public string ValueElementData { get; set; } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/HelperClasses/Path.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.ModelsJson.HelperClasses 4 | { 5 | public class Path 6 | { 7 | [JsonProperty("Identifier")] 8 | public Identifier GpoIdentifier { get; set; } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/HelperClasses/Value.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | 3 | namespace Readinizer.Backend.Domain.ModelsJson.HelperClasses 4 | { 5 | public class Value 6 | { 7 | public Value() 8 | { 9 | Element = new Element(); 10 | Name = "Undefined"; 11 | Number = "Undefined"; 12 | } 13 | 14 | [JsonProperty("Element")] 15 | public Element Element { get; set; } = new Element(); 16 | 17 | [JsonProperty("Name")] 18 | public string Name { get; set; } 19 | 20 | [JsonProperty("Number")] 21 | public string Number { get; set; } 22 | 23 | public bool ShouldSerializeElement() => false; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/PolicyJson.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Readinizer.Backend.Domain.Models; 3 | using Readinizer.Backend.Domain.ModelsJson.HelperClasses; 4 | 5 | namespace Readinizer.Backend.Domain.ModelsJson 6 | { 7 | public class PolicyJson 8 | { 9 | public PolicyJson() 10 | { 11 | Name = "Undefined"; 12 | CurrentState = "Undefined"; 13 | Category = "Undefined"; 14 | ModuleNames = new ListBox(); 15 | } 16 | 17 | [JsonProperty("GPO")] 18 | public Gpo Gpo { get; set; } 19 | 20 | [JsonProperty("Name")] 21 | public string Name { get; set; } 22 | 23 | [JsonProperty("State")] 24 | public string CurrentState { get; set; } 25 | 26 | [JsonProperty("Category")] 27 | public string Category { get; set; } 28 | 29 | [JsonProperty("Listbox")] 30 | public ListBox ModuleNames { get; set; } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/RegistrySettingJson.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Readinizer.Backend.Domain.Models; 3 | using Readinizer.Backend.Domain.ModelsJson.HelperClasses; 4 | 5 | namespace Readinizer.Backend.Domain.ModelsJson 6 | { 7 | public class RegistrySettingJson 8 | { 9 | public RegistrySettingJson() 10 | { 11 | KeyPath = "Undefined"; 12 | CurrentValue = new Value(); 13 | } 14 | 15 | [JsonProperty("GPO")] 16 | public Gpo Gpo { get; set; } 17 | 18 | [JsonProperty("KeyPath")] 19 | public string KeyPath { get; set; } 20 | 21 | [JsonProperty("Value")] 22 | public Value CurrentValue { get; set; } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/ModelsJson/SecurityOptionJson.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Readinizer.Backend.Domain.Models; 3 | using Readinizer.Backend.Domain.ModelsJson.HelperClasses; 4 | 5 | namespace Readinizer.Backend.Domain.ModelsJson 6 | { 7 | public class SecurityOptionJson 8 | { 9 | public SecurityOptionJson() 10 | { 11 | KeyName = "Undefined"; 12 | CurrentSettingNumber = "Undefined"; 13 | CurrentDisplay = new Display(); 14 | } 15 | 16 | [JsonProperty("GPO")] 17 | public Gpo Gpo { get; set; } 18 | 19 | [JsonProperty("KeyName")] 20 | public string KeyName { get; set; } 21 | 22 | [JsonProperty("SettingNumber")] 23 | public string CurrentSettingNumber { get; set; } 24 | 25 | [JsonProperty("Display")] 26 | public Display CurrentDisplay { get; set; } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.InteropServices; 3 | 4 | // General Information about an assembly is controlled through the following 5 | // set of attributes. Change these attribute values to modify the information 6 | // associated with an assembly. 7 | [assembly: AssemblyTitle("Readinizer.Backend.Domain")] 8 | [assembly: AssemblyDescription("")] 9 | [assembly: AssemblyConfiguration("")] 10 | [assembly: AssemblyCompany("")] 11 | [assembly: AssemblyProduct("Readinizer.Backend.Domain")] 12 | [assembly: AssemblyCopyright("Copyright © 2019")] 13 | [assembly: AssemblyTrademark("")] 14 | [assembly: AssemblyCulture("")] 15 | 16 | // Setting ComVisible to false makes the types in this assembly not visible 17 | // to COM components. If you need to access a type in this assembly from 18 | // COM, set the ComVisible attribute to true on that type. 19 | [assembly: ComVisible(false)] 20 | 21 | // The following GUID is for the ID of the typelib if this project is exposed to COM 22 | [assembly: Guid("c84b26aa-2b13-44b3-ba9f-d967f6e73f95")] 23 | 24 | // Version information for an assembly consists of the following four values: 25 | // 26 | // Major Version 27 | // Minor Version 28 | // Build Number 29 | // Revision 30 | // 31 | // You can specify all the values or you can default the Build and Revision Numbers 32 | // by using the '*' as shown below: 33 | // [assembly: AssemblyVersion("1.0.*")] 34 | [assembly: AssemblyVersion("1.0.0.0")] 35 | [assembly: AssemblyFileVersion("1.0.0.0")] 36 | -------------------------------------------------------------------------------- /Readinizer.Backend.Domain/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Readinizer.Frontend/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /Readinizer.Frontend/App.xaml: -------------------------------------------------------------------------------- 1 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Readinizer.Frontend/App.xaml.cs: -------------------------------------------------------------------------------- 1 | using Readinizer.Backend.Business.Interfaces; 2 | using Readinizer.Backend.Business.Services; 3 | using Readinizer.Backend.DataAccess.Interfaces; 4 | using Readinizer.Frontend.Interfaces; 5 | using Readinizer.Frontend.ViewModels; 6 | using Readinizer.Frontend.Views; 7 | using System; 8 | using System.Configuration; 9 | using System.Data.Entity; 10 | using System.Windows; 11 | using MaterialDesignThemes.Wpf; 12 | using MvvmDialogs; 13 | using Readinizer.Backend.Business.Factory; 14 | using Readinizer.Backend.DataAccess.Context; 15 | using Readinizer.Backend.DataAccess.UnitOfWork; 16 | using Unity; 17 | 18 | namespace Readinizer.Frontend 19 | { 20 | /// 21 | /// Interaction logic for App.xaml 22 | /// 23 | public partial class App : Application 24 | { 25 | protected override void OnStartup(StartupEventArgs e) 26 | { 27 | base.OnStartup(e); 28 | 29 | IUnityContainer container = new UnityContainer(); 30 | 31 | container.RegisterType(); 32 | container.RegisterType(); 33 | container.RegisterType(); 34 | container.RegisterType(); 35 | container.RegisterType(); 36 | container.RegisterType(); 37 | container.RegisterType(); 38 | container.RegisterType(); 39 | 40 | container.RegisterType(); 41 | container.RegisterType(); 42 | container.RegisterType(); 43 | container.RegisterType(); 44 | container.RegisterType(); 45 | container.RegisterType(); 46 | container.RegisterType(); 47 | container.RegisterType(); 48 | container.RegisterType(); 49 | container.RegisterType(); 50 | container.RegisterType(); 51 | container.RegisterType(); 52 | 53 | container.RegisterType(); 54 | 55 | container.RegisterSingleton(); 56 | container.RegisterSingleton(); 57 | container.RegisterSingleton(); 58 | 59 | container.RegisterSingleton(); 60 | 61 | AppDomain.CurrentDomain.SetData("DataDirectory", System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetEntryAssembly().Location)); 62 | 63 | var ctx = new DbContext(ConfigurationManager.ConnectionStrings["ReadinizerDbContext"].ConnectionString); 64 | ctx.Database.CreateIfNotExists(); 65 | 66 | var applicationView = container.Resolve(); 67 | applicationView.Show(); 68 | } 69 | 70 | private void Application_DispatcherUnhandledException(object sender, System.Windows.Threading.DispatcherUnhandledExceptionEventArgs e) 71 | { 72 | var friendlyMsg = $"Sorry something went wrong. The error was: [{e.Exception.Message}]"; 73 | const string caption = "Error"; 74 | MessageBox.Show(friendlyMsg, caption, MessageBoxButton.OK, MessageBoxImage.Error); 75 | 76 | // Signal that we handled things--prevents Application from exiting 77 | e.Handled = true; 78 | } 79 | 80 | protected override void OnExit(ExitEventArgs e) 81 | { 82 | base.OnExit(e); 83 | 84 | 85 | } 86 | } 87 | } 88 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Converters/NullToInvisibleConverter.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.ObjectModel; 3 | using System.Windows; 4 | using System.Windows.Data; 5 | using Readinizer.Backend.Domain.Models; 6 | 7 | namespace Readinizer.Frontend.Converters 8 | { 9 | public class NullToInvisibleConverter : IValueConverter 10 | { 11 | public object Convert(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture) 12 | { 13 | switch (value) 14 | { 15 | case ObservableCollection observableCollection1: 16 | { 17 | return observableCollection1.Count <= 0 ? Visibility.Hidden : Visibility.Visible; 18 | } 19 | case ObservableCollection organisationalUnits: 20 | { 21 | var observableCollection = organisationalUnits; 22 | return observableCollection.Count <= 0 ? Visibility.Hidden : Visibility.Visible; 23 | } 24 | default: 25 | { 26 | return value == null ? Visibility.Hidden : Visibility.Visible; 27 | } 28 | } 29 | } 30 | 31 | public object ConvertBack(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture) 32 | { 33 | throw new NotImplementedException(); 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Converters/ProgressForegroundConverter.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Globalization; 3 | using System.Windows.Data; 4 | using System.Windows.Media; 5 | 6 | namespace Readinizer.Frontend.Converters 7 | { 8 | public class ProgressForegroundConverter : IValueConverter 9 | { 10 | public object Convert(object value, Type targetType, object parameter, CultureInfo culture) 11 | { 12 | double progress = (double)value; 13 | Brush foreground = Brushes.Green; 14 | Brush background = Brushes.Red; 15 | 16 | if (progress > 90d) 17 | { 18 | foreground = Brushes.Green; 19 | } 20 | else if (progress > 75d) 21 | { 22 | foreground = Brushes.LawnGreen; 23 | } 24 | else if (progress > 50d) 25 | { 26 | foreground = Brushes.Yellow; 27 | } 28 | else if (progress > 25d) 29 | { 30 | foreground = Brushes.Orange; 31 | } 32 | 33 | return foreground; 34 | } 35 | 36 | public object ConvertBack(object value, Type targetType, object parameter, CultureInfo culture) 37 | { 38 | throw new NotImplementedException(); 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Favicon/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Frontend/Favicon/favicon.ico -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/IApplicationViewModel.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Interfaces 2 | { 3 | interface IApplicationViewModel 4 | { 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/IBaseViewModel.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Interfaces 2 | { 3 | public interface IBaseViewModel 4 | { 5 | } 6 | } -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/IDomainResultViewModel.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Interfaces 2 | { 3 | public interface IDomainResultViewModel 4 | { 5 | 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/IOUResultViewModel.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Interfaces 2 | { 3 | internal interface IOUResultViewModel 4 | { 5 | } 6 | } -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/IRSoPResultViewModel.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Interfaces 2 | { 3 | internal interface IRSoPResultViewModel 4 | { 5 | } 6 | } -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/ISpinnerViewModel.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Interfaces 2 | { 3 | interface ISpinnerViewModel 4 | { 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/IStartUpViewModel.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Interfaces 2 | { 3 | public interface IStartUpViewModel 4 | { 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/ISysmonResultViewModel.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Interfaces 2 | { 3 | internal interface ISysmonResultViewModel 4 | { 5 | } 6 | } -------------------------------------------------------------------------------- /Readinizer.Frontend/Interfaces/ITreeStructureResultViewModel.cs: -------------------------------------------------------------------------------- 1 | using System.ComponentModel; 2 | 3 | namespace Readinizer.Frontend.Interfaces 4 | { 5 | interface ITreeStructureResultViewModel : INotifyPropertyChanged 6 | { 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /Readinizer.Frontend/MainWindow.xaml: -------------------------------------------------------------------------------- 1 |  9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Readinizer.Frontend/MainWindow.xaml.cs: -------------------------------------------------------------------------------- 1 | using Readinizer.Frontend.ViewModels; 2 | using System; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | using System.Windows; 8 | using System.Windows.Controls; 9 | using System.Windows.Data; 10 | using System.Windows.Documents; 11 | using System.Windows.Input; 12 | using System.Windows.Media; 13 | using System.Windows.Media.Imaging; 14 | using System.Windows.Navigation; 15 | using System.Windows.Shapes; 16 | 17 | namespace Readinizer.Frontend 18 | { 19 | /// 20 | /// Interaction logic for MainWindow.xaml 21 | /// 22 | public partial class MainWindow : Window 23 | { 24 | public MainWindow() 25 | { 26 | InitializeComponent(); 27 | 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Messages/ChangeProgressText.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Messages 2 | { 3 | public class ChangeProgressText 4 | { 5 | public string ProgressText { get; set; } 6 | 7 | public ChangeProgressText(string progressText) 8 | { 9 | ProgressText = progressText; 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Messages/ChangeView.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace Readinizer.Frontend.Messages 4 | { 5 | public class ChangeView 6 | { 7 | public Type ViewModelType { get; } 8 | public int RefId { get; set; } 9 | public string Visibility { get; set; } 10 | 11 | public ChangeView(Type viewModelType) 12 | { 13 | ViewModelType = viewModelType; 14 | } 15 | 16 | public ChangeView(Type viewModelType, int refId) 17 | { 18 | ViewModelType = viewModelType; 19 | RefId = refId; 20 | } 21 | 22 | public ChangeView(Type viewModelType, string visibility) 23 | { 24 | ViewModelType = viewModelType; 25 | Visibility = visibility; 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Messages/EnableExport.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Messages 2 | { 3 | public class EnableExport 4 | { 5 | public bool ExportEnabled { get; set; } 6 | 7 | public EnableExport() 8 | { 9 | ExportEnabled = true; 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Messages/SnackbarMessage.cs: -------------------------------------------------------------------------------- 1 | namespace Readinizer.Frontend.Messages 2 | { 3 | public class SnackbarMessage 4 | { 5 | public string Message { get; } 6 | 7 | public SnackbarMessage(string message) 8 | { 9 | Message = message; 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.InteropServices; 3 | using System.Windows; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Readinizer.Frontend")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("Readinizer.Frontend")] 13 | [assembly: AssemblyCopyright("Copyright © 2019")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | //In order to begin building localizable applications, set 23 | //CultureYouAreCodingWith in your .csproj file 24 | //inside a . For example, if you are using US english 25 | //in your source files, set the to en-US. Then uncomment 26 | //the NeutralResourceLanguage attribute below. Update the "en-US" in 27 | //the line below to match the UICulture setting in the project file. 28 | 29 | //[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)] 30 | 31 | 32 | [assembly: ThemeInfo( 33 | ResourceDictionaryLocation.None, //where theme specific resource dictionaries are located 34 | //(used if a resource is not found in the page, 35 | // or application resource dictionaries) 36 | ResourceDictionaryLocation.SourceAssembly //where the generic resource dictionary is located 37 | //(used if a resource is not found in the page, 38 | // app, or any theme specific resource dictionaries) 39 | )] 40 | 41 | 42 | // Version information for an assembly consists of the following four values: 43 | // 44 | // Major Version 45 | // Minor Version 46 | // Build Number 47 | // Revision 48 | // 49 | // You can specify all the values or you can default the Build and Revision Numbers 50 | // by using the '*' as shown below: 51 | // [assembly: AssemblyVersion("1.0.*")] 52 | [assembly: AssemblyVersion("1.0.0.0")] 53 | [assembly: AssemblyFileVersion("1.0.0.0")] 54 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Properties/Resources.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace Readinizer.Frontend.Properties 12 | { 13 | 14 | 15 | /// 16 | /// A strongly-typed resource class, for looking up localized strings, etc. 17 | /// 18 | // This class was auto-generated by the StronglyTypedResourceBuilder 19 | // class via a tool like ResGen or Visual Studio. 20 | // To add or remove a member, edit your .ResX file then rerun ResGen 21 | // with the /str option, or rebuild your VS project. 22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")] 23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] 24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 25 | internal class Resources 26 | { 27 | 28 | private static global::System.Resources.ResourceManager resourceMan; 29 | 30 | private static global::System.Globalization.CultureInfo resourceCulture; 31 | 32 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] 33 | internal Resources() 34 | { 35 | } 36 | 37 | /// 38 | /// Returns the cached ResourceManager instance used by this class. 39 | /// 40 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 41 | internal static global::System.Resources.ResourceManager ResourceManager 42 | { 43 | get 44 | { 45 | if ((resourceMan == null)) 46 | { 47 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Readinizer.Frontend.Properties.Resources", typeof(Resources).Assembly); 48 | resourceMan = temp; 49 | } 50 | return resourceMan; 51 | } 52 | } 53 | 54 | /// 55 | /// Overrides the current thread's CurrentUICulture property for all 56 | /// resource lookups using this strongly typed resource class. 57 | /// 58 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 59 | internal static global::System.Globalization.CultureInfo Culture 60 | { 61 | get 62 | { 63 | return resourceCulture; 64 | } 65 | set 66 | { 67 | resourceCulture = value; 68 | } 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace Readinizer.Frontend.Properties 12 | { 13 | 14 | 15 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 16 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")] 17 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase 18 | { 19 | 20 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 21 | 22 | public static Settings Default 23 | { 24 | get 25 | { 26 | return defaultInstance; 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /Readinizer.Frontend/RecommendedSettings/RecommendedAuditSettings.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "SubCategoryName": "Audit Kerberos Authentication Service", 4 | "PolicyTarget": "Account Logon", 5 | "TargetSettingValue": "SuccessAndFailure" 6 | }, 7 | { 8 | "SubCategoryName": "Audit Kerberos Service Ticket Operations", 9 | "PolicyTarget": "Account Logon", 10 | "TargetSettingValue": "SuccessAndFailure" 11 | }, 12 | { 13 | "SubCategoryName": "Audit Computer Account Management", 14 | "PolicyTarget": "Account Management", 15 | "TargetSettingValue": "Success" 16 | }, 17 | { 18 | "SubCategoryName": "Audit Other Account Management Events", 19 | "PolicyTarget": "Account Management", 20 | "TargetSettingValue": "Success" 21 | }, 22 | { 23 | "SubCategoryName": "Audit Security Group Management", 24 | "PolicyTarget": "Account Management", 25 | "TargetSettingValue": "Success" 26 | }, 27 | { 28 | "SubCategoryName": "Audit User Account Management", 29 | "PolicyTarget": "Account Management", 30 | "TargetSettingValue": "SuccessAndFailure" 31 | }, 32 | { 33 | "SubCategoryName": "Audit Process Creation", 34 | "PolicyTarget": "Detailed Tracking", 35 | "TargetSettingValue": "Success" 36 | }, 37 | { 38 | "SubCategoryName": "Audit Process Termination", 39 | "PolicyTarget": "Detailed Tracking", 40 | "TargetSettingValue": "Success" 41 | }, 42 | { 43 | "SubCategoryName": "Audit Account Lockout", 44 | "PolicyTarget": "Logon/Logoff", 45 | "TargetSettingValue": "Failure" 46 | }, 47 | { 48 | "SubCategoryName": "Audit Group Membership", 49 | "PolicyTarget": "Logon/Logoff", 50 | "TargetSettingValue": "Success" 51 | }, 52 | { 53 | "SubCategoryName": "Audit Logoff", 54 | "PolicyTarget": "Logon/Logoff", 55 | "TargetSettingValue": "Success" 56 | }, 57 | { 58 | "SubCategoryName": "Audit Logon", 59 | "PolicyTarget": "Logon/Logoff", 60 | "TargetSettingValue": "SuccessAndFailure" 61 | }, 62 | { 63 | "SubCategoryName": "Audit Other Logon/Logoff Events", 64 | "PolicyTarget": "Logon/Logoff", 65 | "TargetSettingValue": "SuccessAndFailure" 66 | }, 67 | { 68 | "SubCategoryName": "Audit Special Logon", 69 | "PolicyTarget": "Logon/Logoff", 70 | "TargetSettingValue": "Success" 71 | }, 72 | { 73 | "SubCategoryName": "Audit File Share", 74 | "PolicyTarget": "Object Access", 75 | "TargetSettingValue": "SuccessAndFailure" 76 | }, 77 | { 78 | "SubCategoryName": "Audit File System", 79 | "PolicyTarget": "Object Access", 80 | "TargetSettingValue": "SuccessAndFailure" 81 | }, 82 | { 83 | "SubCategoryName": "Audit Handle Manipulation", 84 | "PolicyTarget": "Object Access", 85 | "TargetSettingValue": "Success" 86 | }, 87 | { 88 | "SubCategoryName": "Audit Kernel Object", 89 | "PolicyTarget": "Object Access", 90 | "TargetSettingValue": "SuccessAndFailure" 91 | }, 92 | { 93 | "SubCategoryName": "Audit Other Object Access Events", 94 | "PolicyTarget": "Object Access", 95 | "TargetSettingValue": "SuccessAndFailure" 96 | }, 97 | { 98 | "SubCategoryName": "Audit Registry", 99 | "PolicyTarget": "Object Access", 100 | "TargetSettingValue": "SuccessAndFailure" 101 | }, 102 | { 103 | "SubCategoryName": "Audit SAM", 104 | "PolicyTarget": "Object Access", 105 | "TargetSettingValue": "SuccessAndFailure" 106 | }, 107 | { 108 | "SubCategoryName": "Audit Audit Policy Change", 109 | "PolicyTarget": "Policy Change", 110 | "TargetSettingValue": "Success" 111 | }, 112 | { 113 | "SubCategoryName": "Audit MPSSVC Rule-Level Policy Change", 114 | "PolicyTarget": "Policy Change", 115 | "TargetSettingValue": "Success" 116 | }, 117 | { 118 | "SubCategoryName": "Audit Non Sensitive Privilege Use", 119 | "PolicyTarget": "Privilege Use", 120 | "TargetSettingValue": "SuccessAndFailure" 121 | }, 122 | { 123 | "SubCategoryName": "Audit Sensitive Privilege Use", 124 | "PolicyTarget": "Privilege Use", 125 | "TargetSettingValue": "SuccessAndFailure" 126 | }, 127 | { 128 | "SubCategoryName": "Audit Security System Extension", 129 | "PolicyTarget": "System", 130 | "TargetSettingValue": "Success" 131 | }, 132 | { 133 | "SubCategoryName": "Audit System Integrity", 134 | "PolicyTarget": "System", 135 | "TargetSettingValue": "SuccessAndFailure" 136 | } 137 | ] -------------------------------------------------------------------------------- /Readinizer.Frontend/RecommendedSettings/RecommendedPolicies.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Name": "Include command line in process creation events", 4 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\System\\Audit Process Creation", 5 | "TargetState": "Enabled", 6 | "Category": "System/Audit Process Creation" 7 | }, 8 | { 9 | "Name": "Turn on Module Logging", 10 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows PowerShell", 11 | "TargetState": "Enabled", 12 | "Category": "Windows Components/Windows PowerShell", 13 | "ModuleNames": { 14 | "State": "Enabled", 15 | "ValueElementData": "*" 16 | } 17 | }, 18 | { 19 | "Name": "Turn on PowerShell Script Block Logging", 20 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows PowerShell", 21 | "TargetState": "Enabled", 22 | "Category": "Windows Components/Windows PowerShell" 23 | } 24 | ] -------------------------------------------------------------------------------- /Readinizer.Frontend/RecommendedSettings/RecommendedRegistrySettings.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Name": "Lsass.exe audit mode", 4 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\SCM: Pass the Hash Mitigations", 5 | "KeyPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\LSASS.exe", 6 | "TargetValue": { 7 | "Name": "AuditLevel", 8 | "Number": "8" 9 | } 10 | }, 11 | { 12 | "Name": "LSA Protection", 13 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\SCM: Pass the Hash Mitigations", 14 | "KeyPath": "SYSTEM\\CurrentControlSet\\Control\\Lsa", 15 | "TargetValue": { 16 | "Name": "RunAsPPL", 17 | "Number": "1" 18 | } 19 | } 20 | ] -------------------------------------------------------------------------------- /Readinizer.Frontend/RecommendedSettings/RecommendedSecurityOptions.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Description": "Force Audit Policy", 4 | "Path": "Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options", 5 | "KeyName": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\SCENoApplyLegacyAuditPolicy", 6 | "SettingNumber": "1", 7 | "TargetDisplay": { 8 | "Name": "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings", 9 | "DisplayBoolean": "true" 10 | } 11 | } 12 | ] -------------------------------------------------------------------------------- /Readinizer.Frontend/ViewModels/BaseViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Linq; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | using Readinizer.Frontend.Interfaces; 8 | 9 | namespace Readinizer.Frontend.ViewModels 10 | { 11 | public abstract class BaseViewModel : INotifyPropertyChanged, IBaseViewModel 12 | { 13 | 14 | #region INotifyPropertyChanged Members 15 | 16 | public event PropertyChangedEventHandler PropertyChanged; 17 | 18 | protected void OnPropertyChanged(string propertyName) 19 | { 20 | PropertyChanged?.Invoke(this, new PropertyChangedEventArgs(propertyName)); 21 | } 22 | 23 | #endregion 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /Readinizer.Frontend/ViewModels/DomainResultViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Windows.Input; 5 | using GalaSoft.MvvmLight; 6 | using GalaSoft.MvvmLight.Command; 7 | using GalaSoft.MvvmLight.Messaging; 8 | using Readinizer.Backend.DataAccess.Interfaces; 9 | using Readinizer.Backend.Domain.Models; 10 | using Readinizer.Frontend.Interfaces; 11 | using Readinizer.Frontend.Messages; 12 | 13 | namespace Readinizer.Frontend.ViewModels 14 | { 15 | public class DomainResultViewModel : ViewModelBase, IDomainResultViewModel 16 | { 17 | private ADDomain Domain { get; set; } 18 | 19 | private List goodList { get; set; } 20 | public List GoodList => goodList; 21 | 22 | private List badList { get; set; } 23 | public List BadList => badList; 24 | 25 | private readonly IUnitOfWork unitOfWork; 26 | 27 | private ICommand backCommand; 28 | public ICommand BackCommand => backCommand ?? (backCommand = new RelayCommand(Back)); 29 | 30 | private string potName; 31 | public string PotName 32 | { 33 | get => potName; 34 | set 35 | { 36 | potName = value; 37 | var rsopPotID = RsopPots.Find(x => x.Name.Equals(potName)).RsopPotId; 38 | ShowPotView(rsopPotID); 39 | potName = null; 40 | } 41 | } 42 | 43 | public int RefId { get; set; } 44 | 45 | public string DomainName => Domain.Name; 46 | 47 | public List> PieChartData => LoadPieChartData(); 48 | 49 | public List RsopPots { get; set; } 50 | 51 | 52 | [Obsolete("Only for design data", true)] 53 | public DomainResultViewModel() 54 | { 55 | if (!IsInDesignMode) 56 | { 57 | throw new Exception("Use only for design mode"); 58 | } 59 | } 60 | 61 | public DomainResultViewModel(IUnitOfWork unitOfWork) 62 | { 63 | this.unitOfWork = unitOfWork; 64 | } 65 | 66 | public void loadRsopPots() 67 | { 68 | Domain = unitOfWork.ADDomainRepository.GetByID(RefId); 69 | RsopPots = Domain.RsopPots; 70 | fillLists(); 71 | } 72 | 73 | private void fillLists() 74 | { 75 | var bad = new List(); 76 | var good = new List(); 77 | foreach (var pot in RsopPots) 78 | { 79 | if (pot.Rsops.FirstOrDefault().RsopPercentage > 99) 80 | { 81 | good.Add(pot.Name); 82 | 83 | } 84 | else 85 | { 86 | bad.Add(pot.Name); 87 | } 88 | } 89 | 90 | goodList = good; 91 | badList = bad; 92 | } 93 | 94 | private List> LoadPieChartData() 95 | { 96 | var goodPots = GoodList.Count; 97 | var badPots = BadList.Count; 98 | 99 | var valueList = new List> 100 | { 101 | new KeyValuePair("Correct", goodPots), 102 | new KeyValuePair("Not Correct", badPots) 103 | }; 104 | 105 | return valueList; 106 | } 107 | 108 | private void ShowPotView(int potRefId) 109 | { 110 | Messenger.Default.Send(new ChangeView(typeof(RSoPResultViewModel), potRefId)); 111 | } 112 | 113 | private void ShowTreeStructure() 114 | { 115 | Messenger.Default.Send(new ChangeView(typeof(TreeStructureResultViewModel))); 116 | } 117 | 118 | private void Back() 119 | { 120 | ShowTreeStructure(); 121 | } 122 | } 123 | } 124 | 125 | -------------------------------------------------------------------------------- /Readinizer.Frontend/ViewModels/OUResultViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Windows.Input; 4 | using GalaSoft.MvvmLight; 5 | using GalaSoft.MvvmLight.Command; 6 | using GalaSoft.MvvmLight.Messaging; 7 | using Readinizer.Backend.Business.Interfaces; 8 | using Readinizer.Backend.DataAccess.Interfaces; 9 | using Readinizer.Backend.Domain.Models; 10 | using Readinizer.Frontend.Interfaces; 11 | using Readinizer.Frontend.Messages; 12 | 13 | namespace Readinizer.Frontend.ViewModels 14 | { 15 | public class OUResultViewModel : ViewModelBase, IOUResultViewModel 16 | { 17 | private readonly IUnitOfWork unityOfWork; 18 | private readonly ISecuritySettingParserService securitySettingParserService; 19 | 20 | private ICommand backCommand; 21 | public ICommand BackCommand => backCommand ?? (backCommand = new RelayCommand(Back)); 22 | 23 | public int RefId{ get; set; } 24 | 25 | public Rsop rsop { get; set; } 26 | 27 | public string Ou => rsop.OrganizationalUnit.Name; 28 | 29 | private List securitySettings; 30 | public List SecuritySettings 31 | { 32 | get => securitySettings; 33 | set => Set(ref securitySettings, value); 34 | } 35 | 36 | [Obsolete("Only for design data", true)] 37 | public OUResultViewModel() 38 | { 39 | if (!IsInDesignMode) 40 | { 41 | throw new Exception("Use only for design mode"); 42 | } 43 | } 44 | 45 | public OUResultViewModel(IUnitOfWork unityOfWork, ISecuritySettingParserService securitySettingParserService) 46 | { 47 | this.securitySettingParserService = securitySettingParserService; 48 | this.unityOfWork = unityOfWork; 49 | } 50 | 51 | public void Load() => LoadSettings(); 52 | 53 | private async void LoadSettings() 54 | { 55 | SecuritySettings = await securitySettingParserService.ParseSecuritySettings(RefId, "OU"); 56 | RaisePropertyChanged(nameof(SecuritySettings)); 57 | } 58 | 59 | private static void ShowPotView(int potRefId) 60 | { 61 | Messenger.Default.Send(new ChangeView(typeof(RSoPResultViewModel), potRefId)); 62 | 63 | } 64 | 65 | private void Back() 66 | { 67 | ShowPotView(rsop.RsopPotRefId.GetValueOrDefault()); 68 | } 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /Readinizer.Frontend/ViewModels/RSoPResultViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Threading.Tasks; 5 | using System.Windows.Input; 6 | using GalaSoft.MvvmLight; 7 | using GalaSoft.MvvmLight.Command; 8 | using GalaSoft.MvvmLight.Messaging; 9 | using Readinizer.Backend.Business.Interfaces; 10 | using Readinizer.Backend.DataAccess.Interfaces; 11 | using Readinizer.Backend.Domain.Models; 12 | using Readinizer.Frontend.Interfaces; 13 | using Readinizer.Frontend.Messages; 14 | 15 | namespace Readinizer.Frontend.ViewModels 16 | { 17 | public class RSoPResultViewModel : ViewModelBase, IRSoPResultViewModel 18 | { 19 | private readonly IUnitOfWork unitOfWork; 20 | private readonly ISecuritySettingParserService securitySettingParserService; 21 | 22 | private ICommand backCommand; 23 | public ICommand BackCommand => backCommand ?? (backCommand = new RelayCommand(Back)); 24 | 25 | private List securitySettings; 26 | public List SecuritySettings 27 | { 28 | get => securitySettings; 29 | set => Set(ref securitySettings, value); 30 | } 31 | 32 | private string rsop; 33 | public string Rsop 34 | { 35 | get => rsop; 36 | set 37 | { 38 | rsop = value; 39 | var rsopList = rsopPot.Rsops.ToList(); 40 | var rsopID = rsopList.Find(x => x.OrganizationalUnit.Name.Equals(rsop)).RsopId; 41 | ShowOUView(rsopID); 42 | rsop = null; 43 | } 44 | } 45 | 46 | public RsopPot rsopPot { get; set; } 47 | 48 | public string GISS => rsopPot.Name; 49 | 50 | public int RefId { get; set; } 51 | 52 | public List OUsInGISS => loadOUs(); 53 | 54 | public void Load() => LoadSettings(); 55 | 56 | 57 | [Obsolete("Only for design data", true)] 58 | public RSoPResultViewModel() 59 | { 60 | if (!IsInDesignMode) 61 | { 62 | throw new Exception("Use only for design mode"); 63 | } 64 | } 65 | 66 | public RSoPResultViewModel(IUnitOfWork unitOfWork, ISecuritySettingParserService securitySettingParserService) 67 | { 68 | this.unitOfWork = unitOfWork; 69 | this.securitySettingParserService = securitySettingParserService; 70 | } 71 | 72 | private async void LoadSettings() 73 | { 74 | SecuritySettings = await securitySettingParserService.ParseSecuritySettings(RefId, "RSoPPot"); 75 | RaisePropertyChanged(nameof(SecuritySettings)); 76 | } 77 | 78 | private List loadOUs() 79 | { 80 | var rsops = rsopPot.Rsops; 81 | return rsops.Select(x => x.OrganizationalUnit.Name).ToList(); 82 | } 83 | 84 | private async Task> GetOusAsync() 85 | { 86 | var ous = await unitOfWork.OrganizationalUnitRepository.GetAllEntities(); 87 | return ous; 88 | } 89 | 90 | private static void ShowOUView(int rsopRefId) 91 | { 92 | Messenger.Default.Send(new ChangeView(typeof(OUResultViewModel), rsopRefId)); 93 | } 94 | 95 | private static void ShowDomainView(int domainRefId) 96 | { 97 | Messenger.Default.Send(new ChangeView(typeof(DomainResultViewModel), domainRefId)); 98 | } 99 | 100 | private void Back() 101 | { 102 | ShowDomainView(rsopPot.Domain.ADDomainId); 103 | } 104 | } 105 | } 106 | -------------------------------------------------------------------------------- /Readinizer.Frontend/ViewModels/SpinnerViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using GalaSoft.MvvmLight; 3 | using GalaSoft.MvvmLight.Messaging; 4 | using Readinizer.Backend.Business.Interfaces; 5 | using Readinizer.Frontend.Interfaces; 6 | using Readinizer.Frontend.Messages; 7 | 8 | namespace Readinizer.Frontend.ViewModels 9 | { 10 | public class SpinnerViewModel : ViewModelBase, ISpinnerViewModel 11 | { 12 | private readonly IADDomainService adDomainService; 13 | 14 | private string progressText; 15 | public string ProgressText 16 | { 17 | get => progressText; 18 | set => Set(ref progressText, value); 19 | } 20 | 21 | [Obsolete("Only for design data", true)] 22 | public SpinnerViewModel() 23 | { 24 | if (!IsInDesignMode) 25 | { 26 | throw new Exception("Use only for design mode"); 27 | } 28 | } 29 | 30 | public SpinnerViewModel(IADDomainService adDomainService) 31 | { 32 | this.adDomainService = adDomainService; 33 | Messenger.Default.Register(this, ChangeProgressText); 34 | } 35 | 36 | public void ChangeProgressText(ChangeProgressText changeProgressText) 37 | { 38 | ProgressText = changeProgressText.ProgressText; 39 | RaisePropertyChanged(nameof(ProgressText)); 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /Readinizer.Frontend/ViewModels/SysmonResultViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Windows.Input; 5 | using GalaSoft.MvvmLight; 6 | using GalaSoft.MvvmLight.Command; 7 | using GalaSoft.MvvmLight.Messaging; 8 | using Readinizer.Backend.DataAccess.Interfaces; 9 | using Readinizer.Backend.Domain.Models; 10 | using Readinizer.Frontend.Interfaces; 11 | using Readinizer.Frontend.Messages; 12 | 13 | namespace Readinizer.Frontend.ViewModels 14 | { 15 | public class SysmonResultViewModel : ViewModelBase, ISysmonResultViewModel 16 | { 17 | private readonly IUnitOfWork unitOfWork; 18 | 19 | private ICommand backCommand; 20 | public ICommand BackCommand => backCommand ?? (backCommand = new RelayCommand(Back)); 21 | 22 | private List sysmonActiveList { get; set; } 23 | public List SysmonActiveList => sysmonActiveList; 24 | 25 | private List sysmonNotActiveList { get; set; } 26 | public List SysmonNotActiveList => sysmonNotActiveList; 27 | 28 | public List Computers { get; set; } 29 | 30 | public void loadComputers() 31 | { 32 | Computers = unitOfWork.ComputerRepository.GetAllEntities().Result; 33 | fillLists(); 34 | } 35 | 36 | public List> PieChartData => LoadPieChartData(); 37 | 38 | [Obsolete("Only for design data", true)] 39 | public SysmonResultViewModel() 40 | { 41 | if (!IsInDesignMode) 42 | { 43 | throw new Exception("Use only for design mode"); 44 | } 45 | } 46 | 47 | public SysmonResultViewModel(IUnitOfWork unitOfWork) 48 | { 49 | this.unitOfWork = unitOfWork; 50 | } 51 | 52 | private void fillLists() 53 | { 54 | var bad = new List(); 55 | var good = new List(); 56 | foreach (var computer in Computers) 57 | { 58 | if (computer.isSysmonRunning.Equals(true)) 59 | { 60 | good.Add(computer.ComputerName + "." + computer.OrganizationalUnits.FirstOrDefault().ADDomain.Name); 61 | 62 | } 63 | else if (computer.isSysmonRunning.Equals(false)) 64 | { 65 | bad.Add(computer.ComputerName + "." + computer.OrganizationalUnits.FirstOrDefault().ADDomain.Name); 66 | } 67 | } 68 | 69 | sysmonActiveList = good; 70 | sysmonNotActiveList = bad; 71 | } 72 | 73 | private List> LoadPieChartData() 74 | { 75 | var runningCounter = SysmonActiveList.Count; 76 | var notRunningCounter = sysmonNotActiveList.Count; 77 | 78 | var valueList = new List> 79 | { 80 | new KeyValuePair("Sysmon is running", runningCounter), 81 | new KeyValuePair("Sysmon is not running", notRunningCounter) 82 | }; 83 | 84 | return valueList; 85 | } 86 | 87 | private static void ShowTreeStructure() 88 | { 89 | Messenger.Default.Send(new ChangeView(typeof(TreeStructureResultViewModel))); 90 | } 91 | 92 | private static void Back() 93 | { 94 | ShowTreeStructure(); 95 | } 96 | } 97 | } 98 | 99 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/ApplicationView.xaml: -------------------------------------------------------------------------------- 1 |  23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/ApplicationView.xaml.cs: -------------------------------------------------------------------------------- 1 | using System.Windows; 2 | using Readinizer.Frontend.ViewModels; 3 | 4 | namespace Readinizer.Frontend.Views 5 | { 6 | /// 7 | /// Interaction logic for ApplicationView.xaml 8 | /// 9 | public partial class ApplicationView : Window 10 | { 11 | public ApplicationView(ApplicationViewModel applicationViewModel) 12 | { 13 | InitializeComponent(); 14 | DataContext = applicationViewModel; 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/DomainResultView.xaml.cs: -------------------------------------------------------------------------------- 1 | using System.Windows.Controls; 2 | 3 | namespace Readinizer.Frontend.Views 4 | { 5 | /// 6 | /// Interaction logic for Window1.xaml 7 | /// 8 | public partial class DomainResultView : UserControl 9 | { 10 | public DomainResultView() 11 | { 12 | InitializeComponent(); 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/OUResultView.xaml.cs: -------------------------------------------------------------------------------- 1 | using System.Windows.Controls; 2 | 3 | namespace Readinizer.Frontend.Views 4 | { 5 | /// 6 | /// Interaction logic for RSoPOverview.xaml 7 | /// 8 | public partial class OUResultView : UserControl 9 | { 10 | public OUResultView() 11 | { 12 | InitializeComponent(); 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/RSoPResultView.xaml.cs: -------------------------------------------------------------------------------- 1 | using System.Windows.Controls; 2 | 3 | namespace Readinizer.Frontend.Views 4 | { 5 | /// 6 | /// Interaction logic for RSoPOverview.xaml 7 | /// 8 | public partial class RsopResultView : UserControl 9 | { 10 | public RsopResultView() 11 | { 12 | InitializeComponent(); 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/SpinnerView.xaml: -------------------------------------------------------------------------------- 1 |  16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 39 | 40 | 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/SpinnerView.xaml.cs: -------------------------------------------------------------------------------- 1 | using System.Windows.Controls; 2 | 3 | namespace Readinizer.Frontend.Views 4 | { 5 | /// 6 | /// Interaction logic for StartUpView.xaml 7 | /// 8 | public partial class SpinnerView : UserControl 9 | { 10 | public SpinnerView() 11 | { 12 | InitializeComponent(); 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/StartUpView.xaml: -------------------------------------------------------------------------------- 1 |  19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 74 | 75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/StartUpView.xaml.cs: -------------------------------------------------------------------------------- 1 | using System.Windows.Controls; 2 | 3 | namespace Readinizer.Frontend.Views 4 | { 5 | /// 6 | /// Interaction logic for StartUpView.xaml 7 | /// 8 | public partial class StartUpView : UserControl 9 | { 10 | public StartUpView() 11 | { 12 | InitializeComponent(); 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/SysmonResultView.xaml.cs: -------------------------------------------------------------------------------- 1 | using System.Windows.Controls; 2 | 3 | namespace Readinizer.Frontend.Views 4 | { 5 | /// 6 | /// Interaction logic for Window1.xaml 7 | /// 8 | public partial class SysmonResultView : UserControl 9 | { 10 | public SysmonResultView() 11 | { 12 | InitializeComponent(); 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Readinizer.Frontend/Views/TreeStructureResultView.xaml.cs: -------------------------------------------------------------------------------- 1 | using System.Windows.Controls; 2 | 3 | namespace Readinizer.Frontend.Views 4 | { 5 | /// 6 | /// Interaction logic for TreeStructureResultView.xaml 7 | /// 8 | public partial class TreeStructureResultView : UserControl 9 | { 10 | public TreeStructureResultView() 11 | { 12 | InitializeComponent(); 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Readinizer.Frontend/app.manifest: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 52 | 59 | 60 | 61 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /Readinizer.Frontend/nlog.config: -------------------------------------------------------------------------------- 1 |  2 | 7 | 8 | 9 | 10 | 11 | 17 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /Readinizer.Frontend/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /Readinizer.Standalone/CommonServiceLocator.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/CommonServiceLocator.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/EntityFramework.SqlServer.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/EntityFramework.SqlServer.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/EntityFramework.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/EntityFramework.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/GalaSoft.MvvmLight.Extras.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/GalaSoft.MvvmLight.Extras.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/GalaSoft.MvvmLight.Platform.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/GalaSoft.MvvmLight.Platform.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/GalaSoft.MvvmLight.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/GalaSoft.MvvmLight.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/IPAddressRange.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/IPAddressRange.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/IPAddressRange.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | IPAddressRange 5 | 6 | 7 | 8 | 9 | Counts the number of leading 1's in a bitmask. 10 | Returns null if value is invalid as a bitmask. 11 | 12 | 13 | 14 | 15 | 16 | 17 | Creates an empty range object, equivalent to "0.0.0.0/0". 18 | 19 | 20 | 21 | 22 | Creates a new range with the same start/end address (range of one) 23 | 24 | 25 | 26 | 27 | 28 | Create a new range from a begin and end address. 29 | Throws an exception if Begin comes after End, or the 30 | addresses are not in the same family. 31 | 32 | 33 | 34 | 35 | Creates a range from a base address and mask bits. 36 | This can also be used with to create a 37 | range based on a subnet mask. 38 | 39 | 40 | 41 | 42 | 43 | 44 | Takes a subnetmask (eg, "255.255.254.0") and returns the CIDR bit length of that 45 | address. Throws an exception if the passed address is not valid as a subnet mask. 46 | 47 | The subnet mask to use 48 | 49 | 50 | 51 | 52 | Returns the range in the format "begin-end", or 53 | as a single address if End is the same as Begin. 54 | 55 | 56 | 57 | 58 | 59 | Returns a Cidr String if this matches exactly a Cidr subnet 60 | 61 | 62 | 63 | 64 | Returns the input typed as IEnumerable<IPAddress> 65 | 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /Readinizer.Standalone/MaterialDesignColors.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/MaterialDesignColors.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/MaterialDesignThemes.Wpf.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/MaterialDesignThemes.Wpf.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Microsoft.GroupPolicy.Management.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Microsoft.GroupPolicy.Management.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Microsoft.GroupPolicy.ServerAdminTools.GpmgmtLib.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Microsoft.GroupPolicy.ServerAdminTools.GpmgmtLib.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/MvvmDialogs.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/MvvmDialogs.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/NLog.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/NLog.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Newtonsoft.Json.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Newtonsoft.Json.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Readinizer.Backend.Business.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Readinizer.Backend.Business.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Readinizer.Backend.DataAccess.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Readinizer.Backend.DataAccess.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Readinizer.Backend.DataAccess.dll.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /Readinizer.Standalone/Readinizer.Backend.Domain.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Readinizer.Backend.Domain.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Readinizer.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Readinizer.exe -------------------------------------------------------------------------------- /Readinizer.Standalone/Readinizer.exe.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /Readinizer.Standalone/RecommendedSettings/RecommendedPolicies.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Name": "Include command line in process creation events", 4 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\System\\Audit Process Creation", 5 | "TargetState": "Enabled", 6 | "Category": "System/Audit Process Creation" 7 | }, 8 | { 9 | "Name": "Turn on Module Logging", 10 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows PowerShell", 11 | "TargetState": "Enabled", 12 | "Category": "Windows Components/Windows PowerShell", 13 | "ModuleNames": { 14 | "State": "Enabled", 15 | "ValueElementData": "*" 16 | } 17 | }, 18 | { 19 | "Name": "Turn on PowerShell Script Block Logging", 20 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows PowerShell", 21 | "TargetState": "Enabled", 22 | "Category": "Windows Components/Windows PowerShell" 23 | } 24 | ] -------------------------------------------------------------------------------- /Readinizer.Standalone/RecommendedSettings/RecommendedRegistrySettings.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Name": "Lsass.exe audit mode", 4 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\SCM: Pass the Hash Mitigations", 5 | "KeyPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\LSASS.exe", 6 | "TargetValue": { 7 | "Name": "AuditLevel", 8 | "Number": "8" 9 | } 10 | }, 11 | { 12 | "Name": "LSA Protection", 13 | "Path": "Computer Configuration\\Policies\\Administrative Templates\\SCM: Pass the Hash Mitigations", 14 | "KeyPath": "SYSTEM\\CurrentControlSet\\Control\\Lsa", 15 | "TargetValue": { 16 | "Name": "RunAsPPL", 17 | "Number": "1" 18 | } 19 | } 20 | ] -------------------------------------------------------------------------------- /Readinizer.Standalone/RecommendedSettings/RecommendedSecurityOptions.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Description": "Force Audit Policy", 4 | "Path": "Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options", 5 | "KeyName": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\SCENoApplyLegacyAuditPolicy", 6 | "SettingNumber": "1", 7 | "TargetDisplay": { 8 | "Name": "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings", 9 | "DisplayBoolean": "true" 10 | } 11 | } 12 | ] -------------------------------------------------------------------------------- /Readinizer.Standalone/System.Runtime.CompilerServices.Unsafe.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/System.Runtime.CompilerServices.Unsafe.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/System.Windows.Controls.DataVisualization.Toolkit.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/System.Windows.Controls.DataVisualization.Toolkit.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/System.Windows.Controls.Input.Toolkit.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/System.Windows.Controls.Input.Toolkit.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/System.Windows.Controls.Layout.Toolkit.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/System.Windows.Controls.Layout.Toolkit.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/System.Windows.Interactivity.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/System.Windows.Interactivity.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Unity.Abstractions.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Unity.Abstractions.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Unity.Container.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Unity.Container.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/WPFToolkit.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/WPFToolkit.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Xceed.Wpf.AvalonDock.Themes.Aero.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Xceed.Wpf.AvalonDock.Themes.Aero.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Xceed.Wpf.AvalonDock.Themes.Metro.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Xceed.Wpf.AvalonDock.Themes.Metro.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Xceed.Wpf.AvalonDock.Themes.VS2010.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Xceed.Wpf.AvalonDock.Themes.VS2010.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Xceed.Wpf.AvalonDock.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Xceed.Wpf.AvalonDock.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/Xceed.Wpf.Toolkit.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/Xceed.Wpf.Toolkit.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/de/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/de/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/es/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/es/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/fr/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/fr/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/hu/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/hu/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/it/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/it/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/nlog.config: -------------------------------------------------------------------------------- 1 |  2 | 7 | 8 | 9 | 10 | 11 | 17 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /Readinizer.Standalone/pt-BR/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/pt-BR/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/ro/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/ro/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/ru/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/ru/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/sv/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/sv/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.Standalone/zh-Hans/Xceed.Wpf.AvalonDock.resources.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Readinizer.Standalone/zh-Hans/Xceed.Wpf.AvalonDock.resources.dll -------------------------------------------------------------------------------- /Readinizer.sln.DotSettings: -------------------------------------------------------------------------------- 1 |  2 | AD 3 | True 4 | True 5 | True 6 | True 7 | True 8 | True 9 | True 10 | True 11 | True 12 | True 13 | True 14 | True 15 | True 16 | True 17 | True 18 | True 19 | True 20 | True 21 | True 22 | True 23 | True 24 | True 25 | True -------------------------------------------------------------------------------- /ReadinizerPortable.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/ReadinizerPortable.zip -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/DefinitelyNotSysmon.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/DefinitelyNotSysmon.PNG -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/action.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/action.PNG -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/action_original.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/action_original.PNG -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/domain_folder - Copy.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/domain_folder - Copy.PNG -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/domain_folder.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/domain_folder.PNG -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/new_task.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/new_task.PNG -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/ondemand.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/ondemand.PNG -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/scheduled_task_create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/scheduled_task_create.png -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/scheduled_task_create_original.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/scheduled_task_create_original.PNG -------------------------------------------------------------------------------- /Wiki/Images/SysmonManual/trigger.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/SysmonManual/trigger.PNG -------------------------------------------------------------------------------- /Wiki/Images/UserManual/domainscreen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/domainscreen.png -------------------------------------------------------------------------------- /Wiki/Images/UserManual/gissscreen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/gissscreen.png -------------------------------------------------------------------------------- /Wiki/Images/UserManual/homescreen - Copy.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/homescreen - Copy.PNG -------------------------------------------------------------------------------- /Wiki/Images/UserManual/homescreen.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/homescreen.PNG -------------------------------------------------------------------------------- /Wiki/Images/UserManual/navexport.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/navexport.png -------------------------------------------------------------------------------- /Wiki/Images/UserManual/navfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/navfile.png -------------------------------------------------------------------------------- /Wiki/Images/UserManual/navhelp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/navhelp.png -------------------------------------------------------------------------------- /Wiki/Images/UserManual/ouscreen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/ouscreen.png -------------------------------------------------------------------------------- /Wiki/Images/UserManual/resultscreen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/resultscreen.png -------------------------------------------------------------------------------- /Wiki/Images/UserManual/sqlserver-express.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/sqlserver-express.PNG -------------------------------------------------------------------------------- /Wiki/Images/UserManual/sqlserver-localdb.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/sqlserver-localdb.PNG -------------------------------------------------------------------------------- /Wiki/Images/UserManual/sysmonscreen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/UserManual/sysmonscreen.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/enable-winrm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/enable-winrm.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/eventvwr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/eventvwr.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/gpoService.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/gpoService.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/gpoSettings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/gpoSettings.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/kerberos-encryption.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/kerberos-encryption.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/logAccess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/logAccess.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/securityEventLog.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/securityEventLog.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/subscriptionProp1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/subscriptionProp1.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/subscriptionProp2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/subscriptionProp2.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/subscriptionProp3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/subscriptionProp3.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/subscriptionProp4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/subscriptionProp4.png -------------------------------------------------------------------------------- /Wiki/Images/WEFManual/wecServer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Images/WEFManual/wecServer.png -------------------------------------------------------------------------------- /Wiki/Markdown/Appendix-A: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Markdown/Appendix-A -------------------------------------------------------------------------------- /Wiki/Markdown/Appendix-B: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Markdown/Appendix-B -------------------------------------------------------------------------------- /Wiki/Markdown/Getting-Started.md: -------------------------------------------------------------------------------- 1 | # Download 2 | You can find the installer, the portable application or the plain code on this GitHub repository: 3 | [Readinizer Release](https://github.com/clma91/Readinizer/releases/) 4 | 5 | # Installation 6 | ## Installer 7 | Execute the installer and click ``Next''. Select the folder where the Readinizer should be installed. By default, a folder is created in Program Files. Confirm the installation by clicking on "Next". Allow the make changes to your device. After the installation is complete, close the installer. 8 | 9 | ## Portable Application 10 | Unpack the ZIP folder. The portable application does not need any further installation. Just execute the Readinizer.exe as an administrator. -------------------------------------------------------------------------------- /Wiki/Markdown/Home.md: -------------------------------------------------------------------------------- 1 | # Welcome to the Readinizer wiki! 2 | *** 3 | 1. [User Manual](https://github.com/clma91/Readinizer/wiki/User-Manual)
4 | 1.1 [Requirements & Limitations](https://github.com/clma91/Readinizer/wiki/Readinizer-Requirements-&-Limitaions)
5 | 1.2 [Getting Started](https://github.com/clma91/Readinizer/wiki/Getting-Started)
6 | 1.3 [How to use Readinizer](https://github.com/clma91/Readinizer/wiki/How-to-use-Readinizer)
7 | 2. [Install Sysmon through GPO](https://github.com/clma91/Readinizer/wiki/Install-Sysmon-through-GPO)
8 | 2.1 [Sysmon](https://github.com/clma91/Readinizer/wiki/Sysmon)
9 | 2.2 [Requirements & Limitations](https://github.com/clma91/Readinizer/wiki/Sysmon-Requirements-&-Limitations)
10 | 2.3 [Implementation](https://github.com/clma91/Readinizer/wiki/Implementation:-Install-Sysmon-through-GPO)
11 | 3. [Windows Event Forwarding deploying fleet wide](https://github.com/clma91/Readinizer/wiki/Windows-Event-Forwarding-deploying-fleet-wide)
12 | 3.1 [WEF Introduction](https://github.com/clma91/Readinizer/wiki/WEF-Introduction)
13 | 3.2 [WEF Requirements & Limitations](https://github.com/clma91/Readinizer/wiki/WEF---Requirements-&-Limitations)
14 | 3.3 [WEF Deployment](https://github.com/clma91/Readinizer/wiki/WEF---Deployment)
15 | 3.4 [WEF Encryption](https://github.com/clma91/Readinizer/wiki/WEF-Encryption)
16 | 3.5 [Appendix A: Event Log IDs](https://github.com/clma91/Readinizer/wiki/Appendix-A:-Event-Log-IDs)
17 | 3.6 [Appendix B: ReadinizerWEFRecommendation.xml](https://github.com/clma91/Readinizer/wiki/Appendix-B:-ReadinizerWEFRecommendation.xml)
18 | 4. [Recommended Group Policy Object](https://github.com/clma91/Readinizer/wiki/Recommended-Group-Policy)
19 | 20 | *** 21 | -------------------------------------------------------------------------------- /Wiki/Markdown/Implementation: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CompassSecurity/Readinizer/df7bd8fe0aa3249b13743b4223c4fa8a06b63628/Wiki/Markdown/Implementation -------------------------------------------------------------------------------- /Wiki/Markdown/Install-Sysmon-through-GPO.md: -------------------------------------------------------------------------------- 1 | This manual is a step by step guide on how to install Sysmon on a Windows domain without the use of an automatic software deployment tool. To achieve this goal, Sysmon is deployed through Group Policy Objects. 2 | 3 | Sysmon is a monitoring service that logs events such as process creation, network connections and file access and changes. Sysmon logs events which Windows does not log and/or does this in a much more detailed way. 4 | 5 | A network folder will be created to which each client has access. Three files are stored in this folder: 6 | * Sysmon Executable: The regular Sysmon executable. 7 | * Sysmon Configuration File: A XML-file which contains the configuration that will be applied to the Sysmon service. 8 | * Batch File: The batch file will be executed remotely and check whether the Sysmon service is all ready installed and running. If this is not the case, it will install Sysmon on the computer. 9 | 10 | A Group Policy Object will be created and applied to the domain. Within this GPO a Scheduled Task is set, which will execute the batch file in regular, defined intervals. -------------------------------------------------------------------------------- /Wiki/Markdown/Readinizer-Requirements-&-Limitaions.md: -------------------------------------------------------------------------------- 1 | ## Operating System 2 | The Readinizer runs on all Windows 10 Professional Version 1709 operated systems as well as on all servers with the operating system Windows Server 2016. 3 | 4 | ## User Authorizations 5 | To run the Readinizer successfully, the user needs administrator rights on the executing machine. Additionally, he needs Local Administrator and Remote Desktop User rights in every domain that is going to be analyzed. It is recommended to create a custom user/user group. 6 | 7 | ## Firewall Settings 8 | To enable the Readinizer to read the Resultant Set of Policies, the Remote Server Administration Tools (RSAT) must be installed/activated on the executing device. 9 | 10 | ## Pre-Installed Software 11 | ### Remote Server Administration Tool 12 | To enable the Readinizer to read the Resultant Set of Policies, the Remote Server Administration Tools (RSAT) must be installed/activated on the executing device. 13 | 14 | #### Version 1803 and older 15 | For computers with Windows 10 Version 1803 and older the RSAT can be downloaded here: 16 | 17 | [RSAT](https://www.microsoft.com/en-us/download/details.aspx?id=45520) 18 | 19 | The installation is simple and self-explanatory. 20 | 21 | #### Version 1809 and newer 22 | Since the October 2018 update, the RSAT is pre-installed on Windows Professional machines. However, it still has to be activated. To do so open on your system: 23 | * _Settings --> App_ 24 | * The click on **Manage optional features** 25 | * Then click the **Add a feature** button. 26 | * Scroll down unti you see the **RSAT: Group Policy Management Tools** and install this feature. 27 | 28 | ### SQLLocalDB 29 | To display the complexity of an Active Directory, the Readinizer needs a database. For this a lightweight database is used, a SQLLocalDB. To install the LocalDB download the SQL Server Express installer. It can be downloaded here: 30 | [SQL Server 2017 Express edition](https://www.microsoft.com/en-us/sql-server/sql-server-editions-express) 31 | After executing the downloaded installer, a installation type has to be selected. Choose **Download Media** 32 | * Select the **LocalDB**-toggle and select where the LocalDB-installer should be saved. 33 | * After this installer is downloaded, open it at the provided path. Install SQLLocalDB by using the installation wizard. -------------------------------------------------------------------------------- /Wiki/Markdown/Recommended-Group-Policy.md: -------------------------------------------------------------------------------- 1 | The Group Policy Object settings that are recommended can be downloaded here: [Recommended Group Policy](https://github.com/clma91/Readinizer/releases) 2 | 3 | This is the backup file of the recommended Group Policy Object. 4 | Download the ZIP file and unpack it. 5 | Open the Group Policy Management Console and create a Group Policy Object. 6 | Right click on the newly created GPO and select **Import Settings**. 7 | 8 | The _Import Settings Wizard_ opens, provide the path to the downloaded backup file and import the settings. 9 | Link the new GPO to your domain. -------------------------------------------------------------------------------- /Wiki/Markdown/Sysmon-Requirements-&-Limitations.md: -------------------------------------------------------------------------------- 1 | # Requirements 2 | Sysmon runs on clients with the operating system "Windows 7" and higher, and on servers with "Windows Server 2008 R2" and higher. Moreover, to run the Scheduled Task "Windows 7" is the minimum required version. 3 | 4 | The user needs permission to create a network folder and edit files in it. 5 | 6 | The user needs access to the Active Directory and must be able to create and set a Group Policy Object on a domain. 7 | 8 | # Limitations 9 | This guide was only tested on "Windows 10" and "Windows Server 2016" and is therefore limited to these operating systems. Theoretically this guide should work for all operating systems from Windows 7 and higher, or Windows Server 2008 R2 and higher. This however, was not tested for this guide. -------------------------------------------------------------------------------- /Wiki/Markdown/Sysmon.md: -------------------------------------------------------------------------------- 1 | # What is Sysmon? 2 | Sysmon is a monitor service developed by Mark Russinovich and Thomas Garnier. They describe Sysmon as followed: 3 | > _System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time.1_ 4 | 5 | # Why Sysmon? 6 | This is the conclusion to Sysmon from our study thesis: 7 | > _Sysmon logs several events on the system which are partly logged by default too. For example, the event ``A new process has been created'' with the identifier (ID) 4688 is logged by Sysmon with the ID 1 ``Process Creation'' . The problem is that the default logged event with the ID 4688 logs only the executable file (EXE) name as well as the including path. But attackers want to stay below the radar, so they might replace the original EXE a with malicious one and rename it like the original. Hence, there is no way to determine with the system based event log entry 4688 if the original EXE was executed. Sysmon eliminates exactly this gap by logging not only the name and path of the EXE but also the hash value of the EXE. Ergo Sysmon brings a big advantage to detect if a malicious EXE was executed or not. Therefore a reference hash value of the executed EXE is required to compare the hash values on its correctness._ 8 | 9 | More detailed information can be found at [Sysmon](https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon) 10 | 11 | 12 | *** 13 | 1[Mark Russinovich & Thomas Garnier, Sysmon v9.0, https://docs.microsoft.com/enus/sysinternals/downloads/sysmon, February 2019] 14 | -------------------------------------------------------------------------------- /Wiki/Markdown/User-Manual.md: -------------------------------------------------------------------------------- 1 | This is the user manual of the Readinizer 2 | # Requirements & Limitations 3 | 1. [Requirements & Limitations](https://github.com/clma91/Readinizer/wiki/Readinizer-Requirements-&-Limitaions) 4 | 5 | # Getting Started 6 | 2. [Getting Started](https://github.com/clma91/Readinizer/wiki/Getting-Started) 7 | 8 | # How to use Readinizer 9 | 3. [How to use Readinizer](https://github.com/clma91/Readinizer/wiki/How-to-use-Readinizer) -------------------------------------------------------------------------------- /Wiki/Markdown/WEF---Requirements-&-Limitations.md: -------------------------------------------------------------------------------- 1 | # Requirements 2 | A WEC environment can be deployed on any "Windows 10" or "Windows Server 2012R2" system and above. However, it is highly recommended to use a "Windows Server" with enough disk space. Furthermore, it is recommended to use disks which have a "high speed" write capability to increase the number of events per second that a one WEC can handle. 3 | 4 | # Limitations 5 | The following limitations have been derived from microsoft \footnote{Further information about WEF deployment: [Use Windows Event Forwarding to help with intrusion detection](https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection) 6 | * There are no recommendations in this manual for disk sizes, as this can vary greatly depending on the number of clients within the network. 7 | * A WEC can only handle a limited number of clients due its limitation of available TCP ports. Therefore, the number of clients which subscribe to a single WEC must be considered. 8 | * The registry size of the WEC can increase to an unmanageable size over time. Because for every client - which connects to a WEF subscription - a registry key is created in order to store bookmark and source heartbeat information. Unfortunately, inactive or no longer existing clients are not removed. A quote from Microsoft in this regard: 9 | 10 | 11 | > * _When a subscription has >1000 WEF sources connect to it [...] Event Viewer can become unresponsive for a few minutes when selecting the Subscriptions node in the left-navigation, but will function normally afterwards. 1_ 12 | > * _At >50,000 lifetime WEF sources, Event Viewer is no longer an option and wecutil.exe (included with Windows) must be used to configure and manage subscriptions. 1_ 13 | > * _At >100,000 lifetime WEF sources, the registry will not be readable and the WEC server will likely have to be rebuilt. 1_ 14 | 15 | 16 | # Additional Information 17 | * WEF can handle VPN, RAS and DirectAccess connected clients 18 | * The clients local event log acts as a buffer in case of connection loss 19 | * Supports IPv4 and IPv6 20 | * In a Active Directory environment there is no need for additional settings to encrypt the events which will be sent to the WEC. By default the events are encrypted using Kerberos (with NTLM as a fallback option). More information see [WEF Encryption](https://github.com/clma91/Readinizer/wiki/WEF-Encryption) 21 | 22 | *** 23 | 1 [Microsoft, Use Windows Event Forwarding to help with intrusion detection, February 2019](https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection) 24 | -------------------------------------------------------------------------------- /Wiki/Markdown/WEF-Encryption.md: -------------------------------------------------------------------------------- 1 | # Encryption of Event Logs 2 | As already in the section \ref{RequirementsLimitations} \nameref{RequirementsLimitations} explained, the event logs in a Windows environment are encrypted by default using Kerberos. This section briefly explains which encryption standard is used and which strength it provides. 3 | 4 | The following list shows all encryption types and their key strength supported for Kerberos: 5 | 6 | | **Encryption Type** |**Description**|**Key Strength**| 7 | | ------------------- |-------------| -----| 8 | | DES_CBC_CRC | Data Encryption Standard with Cipher Block Chaining using the Cyclic Redundancy Check function | 56 bit | 9 | | DES_CBC_MD5 | Data Encryption Standard with Cipher Block Chaining using the Message-Digest algorithm 5 checksum function | 56 bit | 10 | | RC4\_HMAC\_MD5 | Rivest Cipher 4 with Hashed Message Authentication Code using the Message-Digest algorithm 5 checksum function | 56 - 128 bit | 11 | | AES128\_HMAC\_SHA1 | Advanced Encryption Standard in 128 bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1) | 128 bit | 12 | | AES256\_HMAC\_SHA1 | Advanced Encryption Standard in 256 bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1) | 256 bit | 13 | 14 | 15 | Since Windows 7 and Windows Server 2008, Microsoft has disabled the weak encryption types DES_CBC_CRC and DES_CBC_MD5 by default. These encryption types are since those versions deprecated but can still be activated manually for legacy support. Although, this is definitely not recommended! 16 | 17 | The encryption type RC4_HMAC_MD5 can reach a strength of 128 bit, but both sides (client / server) must support the full-strength encryption. Otherwise the weak encryption type is used as described in RFC47571: 18 | 19 | > _A Kerberos client and server can negotiate over key length if they are using mutual authentication. If the client is unable to perform full-strength encryption, it may propose a key in the "subkey" field of the authenticator, using a weaker encryption type. [...]_ 2} 20 | 21 | Thus the encryption type RC4_HMAC_MD5 does not guarantee sufficiently strong encryption. Only the two encryption types AES128_HMAC_SHA1 and AES256_HMAC_SHA1 use a minimum key length of 128 bit. In principle, however, the strongest encryption is always automatically negotiated between both parties. Nevertheless it is recommended to only allow the two encryption types AES128_HMAC_SHA1 and AES256_HMAC_SHA1. 22 | 23 | This can be achieved with the following GPO setting (`Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Configure encryption types allowed for Kerberos`): 24 | 25 | ![Kerberos encryption](https://github.com/clma91/Readinizer/blob/master/Wiki/Images/WEFManual/kerberos-encryption.png) 26 | 27 | *** 28 | 1 [K.Jaganathan, L.Zhu, J.Brezak.The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows, December 2006](https://tools.ietf.org/html/rfc4757) 29 | 30 | 2 [Section 6, Microsoft, Network security: Configure encryption types allowed for Kerberos, April 2017](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos) -------------------------------------------------------------------------------- /Wiki/Markdown/WEF-Introduction.md: -------------------------------------------------------------------------------- 1 | # What is Windows Event Forwarding? 2 | Windows Event Forwarding (WEF) allows system administrators that logs are no longer stored on individual clients and servers (further referred as only clients) within the organisation, but centrally on a server. A Windows Event Collector (WEC) server is defined as the central instance responsible for collecting the client logs. The event logs are written on the individual clients and then forwarded to the WEC. 3 | 4 | 5 | On the WEC, subscriptions can be created for the clients, which define which event logs the clients should forward to the WEC. WEF subscription can be set up as push or pull procedure. In principle, however, the pull procedure should not be used, as the WEC queries all clients for their event logs that have not yet been sent. This means that at certain times the network is stressed by many clients. In contrast, the push procedure does not stress the network as much as the clients themselves decide when to send the event logs to the WEC. 6 | 7 | # Advantages with WEF 8 | WEF is a passive system with regard to event logging, which ensures the completeness and a longer lifetime of the event logs. Even with WEF, events are still logged on clients and servers, but forwarded to the central instance. This in turn allows a much faster forensic analysis in case of advanced persistent threat (APT) or lateral movement - conventional event logging (like specific application logs) can also be stored centrally. With the extended lifetime of event logs, APTs can be better tracked and analyzed. From the technical report on the "RUAG cyber espionage case" it is clear that a long lifetime of log files can improve a complete forensic analysis: 9 | 10 | > _Unfortunately, log files at RUAG only go back until September 2014, where we still see C&C activity. Additionally, many suspicious devices have been reinstalled in the meantime; Hence we cannot determine the initial attack vector. 1_ 11 | 12 | This manual is mostly based on Jessica Paynes article "Monitoring what matters – Windows Event Forwarding for everyone (even if you already have a SIEM.)" 2 13 | 14 | *** 15 | 1 [GovCERT.ch, APTCaseRUAG(EspionageCaseatRUAG), Technical report, MELANI:GovCERT, May 2016](https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.htm) 16 | 2 [JessicaPayne, Monitoring what matters - Windows Event Forwarding for everyone(even if you already have a SIEM.), November 2015](https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/) -------------------------------------------------------------------------------- /Wiki/Markdown/Windows-Event-Forwarding-deploying-fleet-wide.md: -------------------------------------------------------------------------------- 1 | This manual describes step by step how Windows Event Forwaring (WEF) - also known as central logging - can be integrated over an entire Windows domain. 2 | 3 | A Windows Event Collector (WEC) is installed, which is responsible for the collection of all logs of the clients. A GPO is defined which allows the selected clients to send their logs to the WEC. The subscription is described, which defines what to log. -------------------------------------------------------------------------------- /Wiki/Markdown/_Sidebar.md: -------------------------------------------------------------------------------- 1 | 1. [User Manual](https://github.com/clma91/Readinizer/wiki/User-Manual)
2 | 1.1 [Requirements & Limitations](https://github.com/clma91/Readinizer/wiki/Readinizer-Requirements-&-Limitaions)
3 | 1.2 [Getting Started](https://github.com/clma91/Readinizer/wiki/Getting-Started)
4 | 1.3 [How to use Readinizer](https://github.com/clma91/Readinizer/wiki/How-to-use-Readinizer)
5 | 2. [Install Sysmon through GPO](https://github.com/clma91/Readinizer/wiki/Install-Sysmon-through-GPO)
6 | 2.1 [Sysmon](https://github.com/clma91/Readinizer/wiki/Sysmon)
7 | 2.2 [Requirements & Limitations](https://github.com/clma91/Readinizer/wiki/Sysmon-Requirements-&-Limitations)
8 | 2.3 [Implementation](https://github.com/clma91/Readinizer/wiki/Implementation:-Install-Sysmon-through-GPO)
9 | 3. [Windows Event Forwarding deploying fleet wide](https://github.com/clma91/Readinizer/wiki/Windows-Event-Forwarding-deploying-fleet-wide)
10 | 3.1 [WEF Introduction](https://github.com/clma91/Readinizer/wiki/WEF-Introduction)
11 | 3.2 [WEF Requirements & Limitations](https://github.com/clma91/Readinizer/wiki/WEF---Requirements-&-Limitations)
12 | 3.3 [WEF Deployment](https://github.com/clma91/Readinizer/wiki/WEF---Deployment)
13 | 3.4 [WEF Encryption](https://github.com/clma91/Readinizer/wiki/WEF-Encryption)
14 | 3.5 [Appendix A: Event Log IDs](https://github.com/clma91/Readinizer/wiki/Appendix-A:-Event-Log-IDs)
15 | 3.6 [Appendix B: ReadinizerWEFRecommendation.xml](https://github.com/clma91/Readinizer/wiki/Appendix-B:-ReadinizerWEFRecommendation.xml)
16 | 4. [Recommended Group Policy Object](https://github.com/clma91/Readinizer/wiki/Recommended-Group-Policy)
17 | -------------------------------------------------------------------------------- /azure-pipelines.yml: -------------------------------------------------------------------------------- 1 | # .NET Desktop 2 | # Build and run tests for .NET Desktop or Windows classic desktop solutions. 3 | # Add steps that publish symbols, save build artifacts, and more: 4 | # https://docs.microsoft.com/azure/devops/pipelines/apps/windows/dot-net 5 | 6 | trigger: 7 | - master 8 | 9 | pool: 10 | vmImage: 'windows-latest' 11 | 12 | variables: 13 | solution: '**/*.sln' 14 | buildPlatform: 'Any CPU' 15 | buildConfiguration: 'Release' 16 | 17 | steps: 18 | - task: NuGetToolInstaller@0 19 | 20 | - task: NuGetCommand@2 21 | inputs: 22 | restoreSolution: '$(solution)' 23 | 24 | - task: VSBuild@1 25 | inputs: 26 | solution: '$(solution)' 27 | platform: '$(buildPlatform)' 28 | configuration: '$(buildConfiguration)' 29 | 30 | - task: VSTest@2 31 | inputs: 32 | platform: '$(buildPlatform)' 33 | configuration: '$(buildConfiguration)' 34 | --------------------------------------------------------------------------------