Code can be found here . For the upcoming CCDC regionals, I'll need to manage multiple different windows machines and servers. In the state competition, I had made a simple script that created some basic firewall rules mostly targetting Active Directory services. I then applied these to both the Windows server 2012 DC and the Windows server 2016 Hyper-V/Docker machine. The rules worked fine for both, especially considering that I decided to 'reduce my threat surface' by removing the net adapters from the Docker box. However, for regionals, I'll be managing multiple Active Directories, Exchange servers, and Docker at the very least. Having a rigid script that applies the same firewall rules to every box won't work as well as it did in state, and creating a new script for each machine is too time-consuming. So I decided to create something that could detect what services and roles were installed on a given machine and then install the necessary firewall rules based o
EDIT: Related video made for a class The CCDC qualifiers are over now, and my team got 1st! That being said, towards the end of the day, we noticed a lot of suspicious traffic coming to the AD box. While I couldn't figure it out during the competition, it turns out that the red team had been using the zerologon exploit . After we got back, I wanted to learn the ins and outs of this exploit in order to prevent myself from getting hit with it again at the next competition. Turns out, it's relatively easy to set up and execute using Impacket and Risksense' zerologon script. For the testing environment, I have a Windows lab consisting of a 2012 AD, 2019 Email server, 2016 Docker/Hyper-V box, and Windows 10 and 7 machines. This setup is for CCDC prep and is designed to mirror the environments and machines used in the competition. I also have a kali box running on the same network as the Windows machines. This is what staged the attacks on the 2012 AD server. To begin with,