Adding WDEG low security script. Moving errant file.

DARKSURGEON.json

@@ -103,6 +103,7 @@
         "./configuration/configuration-scripts/Set-PowerSettings.ps1",
         "./configuration/configuration-scripts/Set-LowSecurityWindowsDefenderAntiVirusSettings.ps1",
         "./configuration/configuration-scripts/Set-LowSecurityWindowsDefenderSmartScreenSettings.ps1",
+        "./configuration/configuration-scripts/Set-LowSecurityWindowsDefenderExploitGuardSettings.ps1",
         "./configuration/configuration-scripts/Set-WindowsTelemetrySettings.ps1",
         "./configuration/configuration-scripts/Remove-PreInstalledApps.ps1",
         "./configuration/configuration-scripts/Install-Chocolatey.ps1",

configuration/configuration-files/Windows_Defender_Exploit_Guard_Low_Security_Settings.xml

@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MitigationPolicy>
+  <SystemConfig>
+    <DEP Enable="true" EmulateAtlThunks="false" />
+    <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="true" HighEntropy="true" />
+    <ControlFlowGuard Enable="true" SuppressExports="false" />
+    <SEHOP Enable="true" TelemetryOnly="false" />
+    <Heap TerminateOnError="true" />
+  </SystemConfig>
+  <AppConfig Executable="clview.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="cnfnot32.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="excel.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="excelcnv.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="ExtExport.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="graph.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="ie4uinit.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="ieinstal.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="ielowutil.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="ieUnatt.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="iexplore.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="lync.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="MiracastView.exe">
+    <ExtensionPoints DisableExtensionPoints="true" />
+  </AppConfig>
+  <AppConfig Executable="msaccess.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="mscorsvw.exe">
+    <ExtensionPoints DisableExtensionPoints="true" />
+  </AppConfig>
+  <AppConfig Executable="msfeedssync.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="mshta.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="msohtmed.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="msosrec.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="msosync.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="msoxmled.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="mspub.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="msqry32.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="ngen.exe">
+    <ExtensionPoints DisableExtensionPoints="true" />
+  </AppConfig>
+  <AppConfig Executable="ngentask.exe">
+    <ExtensionPoints DisableExtensionPoints="true" />
+  </AppConfig>
+  <AppConfig Executable="onenote.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="onenotem.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="orgchart.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="osfinstaller.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="outlook.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="powerpnt.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="PresentationHost.exe">
+    <DEP Enable="true" EmulateAtlThunks="false" />
+    <ASLR ForceRelocateImages="true" RequireInfo="false" BottomUp="true" HighEntropy="true" />
+    <SEHOP Enable="true" TelemetryOnly="false" />
+    <Heap TerminateOnError="true" />
+  </AppConfig>
+  <AppConfig Executable="PrintDialog.exe">
+    <ExtensionPoints DisableExtensionPoints="true" />
+  </AppConfig>
+  <AppConfig Executable="runtimebroker.exe">
+    <ExtensionPoints DisableExtensionPoints="true" />
+  </AppConfig>
+  <AppConfig Executable="scanost.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="scanpst.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="selfcert.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="setlang.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="svchost.exe">
+    <DynamicCode Audit="true" />
+    <SignedBinaries Audit="true" AuditStoreSigned="false" />
+  </AppConfig>
+  <AppConfig Executable="SystemSettings.exe">
+    <ExtensionPoints DisableExtensionPoints="true" />
+  </AppConfig>
+  <AppConfig Executable="winword.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+  <AppConfig Executable="wordconv.exe">
+    <ASLR ForceRelocateImages="true" RequireInfo="false" />
+  </AppConfig>
+</MitigationPolicy>

configuration/configuration-scripts/New-InstallAtomicRedTeam.ps1

@@ -15,7 +15,7 @@
 Set-StrictMode -Version Latest
 
 $GitBinary = "$Env:SystemDrive\Program Files\Git\cmd\git.exe"
-$ToolsFolder = "$Env:SystemDrive\Users\surgeon\tools"
+$ToolsFolder = "$Env:SystemDrive\Users\darksurgeon\tools"
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 
 Try 

configuration/configuration-scripts/Set-LowSecurityWindowsDefenderExploitGuardSettings.ps1

@@ -0,0 +1,35 @@
+<#  
+	.SYNOPSIS  
+	Configures Windows Defender Exploit Guard (WDEG) settings.
+
+	.DESCRIPTION  
+	Author: Dane Stuckey (@cryps1s)
+	License: MIT
+
+	Configures Windows Defender Exploit Guard (WDEG) Settings. 
+
+	.NOTES 
+ #>
+
+Try
+{
+	# Copy the Exploit Guard Configuration File Locally
+	$ConfigFileLocation = "$Env:SystemRoot\System32\Exploit_Guard.xml"
+	Copy-Item -Path "$Env:SystemDrive\packer\Windows_Defender_Exploit_Guard_Low_Security_Settings.xml" -Destination $ConfigFileLocation -Force
+
+
+	$RegistryKeyPath = "HKLM:\Software\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection"
+	If (-not(Test-Path -Path $RegistryKeyPath)) 
+	{
+		New-Item -Path $RegistryKeyPath -ItemType Directory -Force | Out-Null
+	}
+	# Add registry value
+	New-ItemProperty -Path $RegistryKeyPath -Name "ExploitProtectionSettings" -PropertyType String -Value "$ConfigFileLocation" -Force | Out-Null
+}
+
+Catch
+{
+	Write-Error "Could not implement Windows Defender Exploit Guard configuration settings. Exiting."
+	Write-Host $_.Exception | format-list -force;
+	Exit 1
+}