HardeningKitty Update

README.md

@@ -60,12 +60,12 @@ PS C:\tmp> Invoke-HardeningKitty -EmojiSupport
 
 ## How To Install
 
-First create the directory *HardeningKitty* and for every version a sub directory like *0.9.0* in a path listed in the *PSModulePath* environment variable.
+First create the directory *HardeningKitty* and for every version a sub directory like *0.9.2* in a path listed in the *PSModulePath* environment variable.
 
 Copy the module *HardeningKitty.psm1*, *HardeningKitty.psd1*, and the *lists* directory to this new directory.
 
 ```powershell
-PS C:\tmp> $Version = "0.9.0"
+PS C:\tmp> $Version = "0.9.2"
 PS C:\tmp> New-Item -Path $Env:ProgramFiles\WindowsPowerShell\Modules\HardeningKitty\$Version -ItemType Directory
 PS C:\tmp> Copy-Item -Path .\HardeningKitty.psd1,.\HardeningKitty.psm1,.\lists\ -Destination $Env:ProgramFiles\WindowsPowerShell\Modules\HardeningKitty\$Version\ -Recurse
 ```
@@ -78,8 +78,8 @@ You can use the script below to download and install the latest release of *Hard
 
 ```powershell
 Function InstallHardeningKitty() {
-    $Version = ((Invoke-WebRequest "https://api.github.com/repos/0x6d69636b/windows_hardening/releases/latest" -UseBasicParsing) | ConvertFrom-Json).Name
-    $HardeningKittyLatestVersionDownloadLink = ((Invoke-WebRequest "https://api.github.com/repos/0x6d69636b/windows_hardening/releases/latest" -UseBasicParsing) | ConvertFrom-Json).zipball_url
+    $Version = (((Invoke-WebRequest "https://api.github.com/repos/scipag/HardeningKitty/releases/latest" -UseBasicParsing) | ConvertFrom-Json).Name).SubString(2)
+    $HardeningKittyLatestVersionDownloadLink = ((Invoke-WebRequest "https://api.github.com/repos/scipag/HardeningKitty/releases/latest" -UseBasicParsing) | ConvertFrom-Json).zipball_url
     $ProgressPreference = 'SilentlyContinue'
     Invoke-WebRequest $HardeningKittyLatestVersionDownloadLink -Out HardeningKitty$Version.zip
     Expand-Archive -Path ".\HardeningKitty$Version.zip" -Destination ".\HardeningKitty$Version" -Force
@@ -98,7 +98,7 @@ InstallHardeningKitty
 
 #### Audit
 
-HardeningKitty performs an audit, saves the results in a CSV file and creates a log file. The files are automatically named and receive a timestamp. Using the parameters _ReportFile_ or _LogFile_, it is also possible to assign your own name and path.
+The default mode is _audit_. HardeningKitty performs an audit, saves the results to a CSV file and creates a log file. The files are automatically named and receive a timestamp. Using the parameters _ReportFile_ or _LogFile_, it is also possible to assign your own name and path.
 
 The _Filter_ parameter can be used to filter the hardening list. For this purpose the PowerShell ScriptBlock syntax must be used, for example `{ $_.ID -eq 4505 }`. The following elements are useful for filtering: ID, Category, Name, Method, and Severity.
 
@@ -112,16 +112,20 @@ HardeningKitty can be executed with a specific list defined by the parameter _Fi
 Invoke-HardeningKitty -FileFindingList .\lists\finding_list_0x6d69636b_user.csv -SkipMachineInformation
 ```
 
-HardeningKitty uses the default list, and saves the results in a specific file.
+HardeningKitty uses the default list, and checks only tests with the severity Medium.
 
 ```powershell
-Invoke-HardeningKitty -Mode Config -Report -ReportFile C:\tmp\my_hardeningkitty_report.csv
+Invoke-HardeningKitty -Filter { $_.Severity -eq "Medium" }
 ```
 
-HardeningKitty uses the default list, and checks only tests with the severity Medium.
+#### Config
+
+The mode _config_ retrives all current settings of a system. If a setting has not been configured, HardeningKitty will use a default value stored in the finding list. This mode can be combined with other functions, for example to create a backup.
+
+HardeningKitty gets the current settings and stores them in a report:
 
 ```powershell
-Invoke-HardeningKitty -Filter { $_.Severity -eq "Medium" }
+Invoke-HardeningKitty -Mode Config -Report -ReportFile C:\tmp\my_hardeningkitty_report.csv
 ```
 
 #### Backup
@@ -265,7 +269,8 @@ HardeningKitty can be used to audit systems against the following baselines / be
 | Microsoft Security baseline for Microsoft Edge | 98, 99, 100, 101, 102, 103, 104, 105, 106 | Final |
 | Microsoft Security baseline for Microsoft Edge | 107, 108, 109, 110, 111 | Final |
 | Microsoft Security baseline for Microsoft Edge | 112, 113 | Final |
-| Microsoft Security baseline for Microsoft Edge | 114 | Final |
+| Microsoft Security baseline for Microsoft Edge | 114, 115, 116 | Final |
+| Microsoft Security baseline for Microsoft Edge | 117, 118, 119 | Final |
 | Microsoft Security baseline for Windows 10 | 2004 | Final |
 | Microsoft Security baseline for Windows 10 | 20H2, 21H1 | Final |
 | Microsoft Security baseline for Windows 10 | 21H2 | Final |
@@ -274,6 +279,8 @@ HardeningKitty can be used to audit systems against the following baselines / be
 | Microsoft Security baseline for Windows 11 | 21H2 | Final |
 | Microsoft Security baseline for Windows 11 (Machine) | 22H2 | Final |
 | Microsoft Security baseline for Windows 11 (User) | 22H2 | Final |
+| Microsoft Security baseline for Windows 11 (Machine) | 23H2 | Final |
+| Microsoft Security baseline for Windows 11 (User) | 23H2 | Final |
 | Microsoft Security baseline for Windows Server (DC) | 2004 | Final |
 | Microsoft Security baseline for Windows Server (Member) | 2004 | Final |
 | Microsoft Security baseline for Windows Server (DC) | 20H2 | Final |

lists/finding_list_0x6d69636b_user.csv

@@ -27,15 +27,16 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
 4407,"Office 2016 / Office 365","Microsoft Excel: Block macros from running in Office files from the Internet",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Excel\Security,blockcontentexecutionfrominternet,,,,0,1,=,Medium
 4408,"Office 2016 / Office 365","Microsoft Excel: VBA Macro Notification Settings",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Security,vbawarnings,,,,2,4,=,Medium
 4409,"Office 2016 / Office 365","Microsoft Excel: VBA Macro Notification Settings (Policy)",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Excel\Security,vbawarnings,,,,2,4,=,Medium
+4402,"Office 2016 / Office 365","Microsoft Excel: Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DontUpdateLinks,,,,0,1,=,Medium
+4403,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDEAllowed)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDEAllowed,,,,1,1,=,Medium
+4404,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDECleaned)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDECleaned,,,,0,1,=,Medium
+4424,"Office 2016 / Office 365","Microsoft Excel: Python Notification Settings",Registry,,HKCU:\software\policies\microsoft\office\16.0\excel\security,PythonFunctionWarnings,,,,,2,=,Medium
+4410,"Office 2016 / Office 365","Microsoft OneNote: Disable embedded files",Registry,,HKCU:\Software\Microsoft\Office\16.0\OneNote\Options,DisableEmbeddedFiles,,,,0,1,=,Medium
 4411,"Office 2016 / Office 365","Microsoft PowerPoint: Block macros from running in Office files from the Internet",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\PowerPoint\Security,blockcontentexecutionfrominternet,,,,0,1,=,Medium
 4412,"Office 2016 / Office 365","Microsoft PowerPoint: VBA Macro Notification Settings (Policy)",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\PowerPoint\Security,vbawarnings,,,,2,4,=,Medium
 4415,"Office 2016 / Office 365","Microsoft Word: Block macros from running in Office files from the Internet",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Word\Security,blockcontentexecutionfrominternet,,,,0,1,=,Medium
 4416,"Office 2016 / Office 365","Microsoft Word: VBA Macro Notification Settings",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Security,vbawarnings,,,,2,4,=,Medium
 4417,"Office 2016 / Office 365","Microsoft Word: VBA Macro Notification Settings (Policy)",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Word\Security,vbawarnings,,,,2,4,=,Medium
-4402,"Office 2016 / Office 365","Microsoft Excel: Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DontUpdateLinks,,,,0,1,=,Medium
-4403,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDEAllowed)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDEAllowed,,,,1,1,=,Medium
-4404,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDECleaned)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDECleaned,,,,0,1,=,Medium
-4410,"Office 2016 / Office 365","Microsoft OneNote: Disable embedded files",Registry,,HKCU:\Software\Microsoft\Office\16.0\OneNote\Options,DisableEmbeddedFiles,,,,0,1,=,Medium
 4413,"Office 2016 / Office 365","Microsoft Word: Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Options,DontUpdateLinks,,,,0,1,=,Medium
 4414,"Office 2016 / Office 365","Microsoft Word (Mail): Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Options\WordMail,DontUpdateLinks,,,,0,1,=,Medium
 4418,"Office 365","Disable the Office 365 Telemetry module",Registry,,HKCU:\Software\Policies\Microsoft\office\common\clienttelemetry,DisableTelemetry,,,,,1,=,Medium

lists/finding_list_cis_microsoft_windows_10_enterprise_22h2_machine.csv

@@ -344,7 +344,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
 18.9.7.1.2,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0A (Thunderbolt)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs,PCI\CC_0C0A,,,,0,PCI\CC_0C0A,=,Medium
 18.9.7.1.3,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices that match an ID (Retroactive)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions,DenyDeviceIDsRetroactive,,,,0,1,=,Medium
 18.9.7.1.4,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup class",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions,DenyDeviceClasses,,,,0,1,=,Medium
-189.7.1.5.1,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match d48179be-ec20-11d1-b6b8-00c04fa372a7 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,d48179be-ec20-11d1-b6b8-00c04fa372a7,,,,0,d48179be-ec20-11d1-b6b8-00c04fa372a7,=,Medium
+18.9.7.1.5.1,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match d48179be-ec20-11d1-b6b8-00c04fa372a7 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,d48179be-ec20-11d1-b6b8-00c04fa372a7,,,,0,d48179be-ec20-11d1-b6b8-00c04fa372a7,=,Medium
 18.9.7.1.5.2,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match 7ebefbc0-3200-11d2-b4c2-00a0C9697d07 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,7ebefbc0-3200-11d2-b4c2-00a0C9697d07,,,,0,7ebefbc0-3200-11d2-b4c2-00a0C9697d07,=,Medium
 18.9.7.1.5.3,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match c06ff265-ae09-48f0-812c-16753d7cba83 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,c06ff265-ae09-48f0-812c-16753d7cba83,,,,0,c06ff265-ae09-48f0-812c-16753d7cba83,=,Medium
 18.9.7.1.5.4,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match 6bdd1fc1-810f-11d0-bec7-08002be2092f (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,6bdd1fc1-810f-11d0-bec7-08002be2092f,,,,0,6bdd1fc1-810f-11d0-bec7-08002be2092f,=,Medium

lists/finding_list_microsoft_windows_tls.csv

@@ -27,18 +27,18 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
 1025,"Schannel: TLS Settings: Protocols","Server: TLSv1.2 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server",Disabledbydefault,,,,,0,=,Medium
 1026,"Schannel: TLS Settings: Protocols","Client: TLSv1.2",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client",Enabled,,,,,1,=,Medium
 1027,"Schannel: TLS Settings: Protocols","Client: TLSv1.2 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client",Disabledbydefault,,,,,0,=,Medium
-1028,"Schannel: TLS Settings: Chipers",NULL,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL,Enabled,,,,,0,=,High
-1029,"Schannel: TLS Settings: Chipers","DES 56/56",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56",Enabled,,,,,0,=,High
-1030,"Schannel: TLS Settings: Chipers","RC2 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128",Enabled,,,,,0,=,High
-1031,"Schannel: TLS Settings: Chipers","RC2 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128",Enabled,,,,,0,=,High
-1032,"Schannel: TLS Settings: Chipers","RC2 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128",Enabled,,,,,0,=,High
-1033,"Schannel: TLS Settings: Chipers","RC4 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128",Enabled,,,,,0,=,High
-1034,"Schannel: TLS Settings: Chipers","RC4 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128",Enabled,,,,,0,=,High
-1035,"Schannel: TLS Settings: Chipers","RC4 64/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128",Enabled,,,,,0,=,High
-1036,"Schannel: TLS Settings: Chipers","RC4 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128",Enabled,,,,,0,=,High
-1037,"Schannel: TLS Settings: Chipers","Triple DES 168",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168",Enabled,,,,,0,=,Medium
-1038,"Schannel: TLS Settings: Chipers","AES 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128",Enabled,,,,,1,=,Medium
-1039,"Schannel: TLS Settings: Chipers","AES 256/256",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256",Enabled,,,,,1,=,Medium
+1028,"Schannel: TLS Settings: Ciphers",NULL,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL,Enabled,,,,,0,=,High
+1029,"Schannel: TLS Settings: Ciphers","DES 56/56",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56",Enabled,,,,,0,=,High
+1030,"Schannel: TLS Settings: Ciphers","RC2 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128",Enabled,,,,,0,=,High
+1031,"Schannel: TLS Settings: Ciphers","RC2 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128",Enabled,,,,,0,=,High
+1032,"Schannel: TLS Settings: Ciphers","RC2 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128",Enabled,,,,,0,=,High
+1033,"Schannel: TLS Settings: Ciphers","RC4 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128",Enabled,,,,,0,=,High
+1034,"Schannel: TLS Settings: Ciphers","RC4 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128",Enabled,,,,,0,=,High
+1035,"Schannel: TLS Settings: Ciphers","RC4 64/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128",Enabled,,,,,0,=,High
+1036,"Schannel: TLS Settings: Ciphers","RC4 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128",Enabled,,,,,0,=,High
+1037,"Schannel: TLS Settings: Ciphers","Triple DES 168",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168",Enabled,,,,,0,=,Medium
+1038,"Schannel: TLS Settings: Ciphers","AES 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128",Enabled,,,,,1,=,Medium
+1039,"Schannel: TLS Settings: Ciphers","AES 256/256",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256",Enabled,,,,,1,=,Medium
 1040,"Administrative Templates: Network","SSL Configuration Settings: SSL Cipher Suite Order",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002,Functions,,,,,"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",=,Medium
 1065,"Administrative Templates: Network","SSL Configuration Settings: ECC Curve Order",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002,EccCurves,,,,,NistP384;NistP256,=,Medium
 1041,"Schannel: TLS Settings: Hashes",MD5,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5,Enabled,,,,,0,=,Medium