Ciphers Security

TryHackMe Walkthrough: Microsoft Windows Hardening

TryHackMe Walkthrough: Microsoft Windows Hardening

The room aims to teach basic concepts required to harden a windows workstation coupled with knowledge of services/software/applications that may result in hacking a computer or data breach.

Learning ObjectivesIdentity & access management network managementApplication management storage & ComputeImportance of updating WindowsCheat sheet for hardening WindowsConnecting to the Machine

We will be using Windows 10 as a development/test machine throughout the room with the following credentials:

  • Machine IP:
  • Username: Harden
  • Password: harden

You can start the virtual machine in split screen view by clicking Start Machine. Alternatively, you can connect with the VM using the above credentials through Remote Desktop.   Prerequisites

Before starting this room, go through the following already developed rooms for understanding the fundamentals:

Follow along with the steps described in upcoming tasks. Let’s begin.

Task 2 Understanding General Concepts

Question: What is the startup type of App Readiness service in the services panel?
1. Open services panel by run services.msc


2. search for a service named App Readiness in the services panel

TryHackMe Walkthrough: Microsoft Windows Hardening

3. open the service and read the startup type in it

TryHackMe Walkthrough: Microsoft Windows Hardening

Answer: Manual

Question: Open Registry Editor and find the key “tryhackme”. What is the default value of the key? 

TryHackMe Walkthrough: Microsoft Windows Hardening

Question: Open the Diagnosis folder and go through the various log files. Can you find the flag?

  1. C:\ProgramData\Microsoft\Diagnosis
TryHackMe Walkthrough: Microsoft Windows Hardening 1

2. now copy the flag.txt.txt file to any of user privileged directories like document folder and read the flag

TryHackMe Walkthrough: Microsoft Windows Hardening 2

Task 3 Identity & Access Management

Question: Find the name of the Administrator Account of the attached VM.
Answer: Harden

Question: Go to the User Account Control Setting Panel (Control Panel > All Control Panel Items > User Accounts). What is the default level of Notification?
Answer: Always Notify

Question: How many standard accounts are created in the VM?
Answer: 0

Task 4 Network Management

Question: Open Windows Firewall and click on Monitoring in the left pane – which of the following profiles is active? Domain, Private, Public?
Answer: Private

Question: Find the IP address resolved for the website in the Virtual Machine as per the local host file.
Hint: check the etc host file located at C:/Windows/System32/Drivers/etc/hosts

Question: Open the command prompt and enter arp -a. What is the Physical address for the IP address
Answer: ff-ff-ff-ff-ff-ff

Task 5 Application Management

Question: Windows Defender Antivirus is configured to exclude a particular extension from scanning. What is the extension?
Answer: .ps

Question: A Word document is received from an unknown email address. It is best practice to open it immediately on your personal computer (yay/nay).
Answer: nay

Question: What is the flag you received after executing the Office Hardening Batch file?
Answer: {THM_1101110}

Task 6 Storage Management

Question: A security engineer has misconfigured the attached VM and stored a BitLocker recovery key in the same computer. Can you read the last six digits of the recovery key?
Answer: 377564

Question: How many characters does the BitLocker recovery key have in the attached VM?
Answer: 48

Question: A backup file is placed on the Desktop of the attached VM. What is the extension of that file?
Answer: .bkf

Task 7 Updating Windows

Question: What is the CVE score for the vulnerability CVE ID CVE-2022-32230?
Answer: 7.8

Task 8 Cheat sheet for Hardening Windows

Question: I have completed the room.
Answer: done

If you have any queries regarding the above content, or you want to update anything in the content, then contact us with your queries. You can directly post your question in the group.

Connect with us on these platforms


Connect with us