# hardening

## Document and audit 

* Naming conventions of OUs, computers, users, groups. 
* DNS, network, and DHCP config 
* GPOs 
* A list of enterprises hosts 
* Any trust relationship 
* Users who have elevated permissions. 

## AD hardening categories 

* People 
* Processes 
* Technology 

## Additional AD hardening techniques 

**Creating an AD snapshot with AD explorer** 

* Use valid domain credentials to login 

**PingCastle** 

It is a powerful to evaluates the security posture of an AD environment and provides several different maps and graphs. PingCastle can be a great resource to help you gather one in a nice user-readable map of the domain and it also provides a detailed report of the target domain's security level using a methodology based on a risk assessment framework. 

```
.\PingCastle.exe -h
```

[**Group3r**](https://github.com/Group3r/Group3r) 

* This tool can find vulnerabilities in Active Directory associated Group Policy. Group3r must run from domain-joined host with a domain user. 

[**ADRecon**](https://github.com/adrecon/ADRecon)**.ps1** 

It is useful to gather large amount of data from AD at once 

```
.\ADRecon.ps1
```