- Train your IT-Team for AD-Security and basic security within all levels.
- Implement a TIER-Model in your environment.
- Do not break your implemented Tier Model.
- Change frequent your krbtgt account
- Remove RC4 for Kerberos authentication
- Install and implement Sysmon basic logging for all DC
- Install and implement Sysmon basic logging for all Servers
- Admin Workstion should run under Windows 10 Enterprise and look it down
- Actives monitoring for same processes as pxexec.exe and powershell.exe
- Never surf as administrator from a server
- Never turn off UAC
- Enable logging mostly everywhere and store all logs for minimum 30 days.
