Don't forget to turn off autoplay, too. It rarely works, but I got my team points for it once edit: Also, in computer management there's the user page, in which double clicking a user will pop up a couple settings, including an "always remember passwords" setting. Turn that off! For every single user! Usually what Cyberpatriot does is pick a random one of the many users with this setting on and only give you points for that user having the setting turned off, so disable it on all of them. And within the same setting page, check that none of the allowed users' accounts are not wrongfully disabled (this doesn't include guests, that should be disabled)
Thank you very much for making a video. But would you recommend any additional steps to make your windows 10 image workforce friendly other than the stuff you mentioned in the video?
Don’t get discouraged if you can’t seem to get more points near the end. I know how tiring it is but I’ve had competitions where my team will finish an os in the last 10 minutes. So read the readme, get those forensics questions and good luck!
I know you probably won't see this, but at 8:15 when you mention auditing, you say that you could lose points, but you then go on to say that you can just disable it again. Will disabling it get you the points back? (Sorry if this is a stupid question, i'm new to cyberpatriot)
If you don't want to make your own list of every step (although I do recommend it, that way you'll know both what to do next and also keep track of what you've already done), you can at least write down the different pages where the steps can be found (i.e computer management, local group policy, etc.)
I'm doing Windows Server 2022 tomorrow gold tear and this video helped out a lot. Though I don't really know how Server 2022 is different from the Windows 10 image. Any tips or videos I can watch to help me?
Do you know if it is recommended to disable the default administrator account for the competition? Or do they just want you to change the name of it? By the way, I love your channel. This was the first video I watched from you and I have been checking out all your penetration test videos. They are super interesting, keep up the good work!
That’s always the hardest part of the competition, especially when you’ve been staring at it for hours. It always helped our team to switch between Linux and windows to get a fresh perspective, but if you want to stay on windows, start exploring. Look at online checklists, look at past competitions and see what types of points your missing and go from there.
A lot of the forensic questions have the same general idea, at least in the beginning of the season, once you get into semi finals, the questions change.
Always check the Local Group Policy (gpedit.msc) or Domain Group Policy (gpmc.msc) settings. Certain settings can disable features on the system. There are hundreds of settings in there, but you can filter them by if they were configured or not by clicking the "State" tab on the top of the settings menu next to the "Setting" tab. This will allow you to see what group policy settings are configured on the system. If you don't see the secpol in the local policies, there may be a group policy setting that is disabling it. You can also just use rsop.msc (Resultant Set of Policy) to see only the group policy settings that are actually configured. Hope this helps!
This happened at last season's competition. It is because the .dll file for local policies was deleted. You have to reinstall wsecedit.dll. Hope this helps.
Don't forget to turn off autoplay, too. It rarely works, but I got my team points for it once
edit: Also, in computer management there's the user page, in which double clicking a user will pop up a couple settings, including an "always remember passwords" setting. Turn that off! For every single user! Usually what Cyberpatriot does is pick a random one of the many users with this setting on and only give you points for that user having the setting turned off, so disable it on all of them. And within the same setting page, check that none of the allowed users' accounts are not wrongfully disabled (this doesn't include guests, that should be disabled)
i love you shawty
Great thanks for not being afraid to be informative 🙏💯
I’m going into cyber patriots this year this is super helpful thank you
Great video, I'm in my freshman year and I'm just joining cyber patriot. This vid is a lot of help, Thanks.
You’re welcome, glad you enjoyed it!
Thank you so much for this video. It's invaluable to me as a new coach to the Cyber Patriot world!
Thank you very much for making a video. But would you recommend any additional steps to make your windows 10 image workforce friendly other than the stuff you mentioned in the video?
The video is more suited for cyber patriot competitions. Every corporate environment has there own requirements for security.
@@PentestsandTech Yes, but for every competition, there are some basic steps like turning on the firewall and stuff. Do you suggest any basic steps?
For windows it’s set up pretty well from install. The competition images are manipulated and purposely created with security holes.
I'm doing the advanced cyberpatriot competition tomorrow, do you have any tips?
Don’t get discouraged if you can’t seem to get more points near the end. I know how tiring it is but I’ve had competitions where my team will finish an os in the last 10 minutes. So read the readme, get those forensics questions and good luck!
we need an updated video!
I know you probably won't see this, but at 8:15 when you mention auditing, you say that you could lose points, but you then go on to say that you can just disable it again. Will disabling it get you the points back? (Sorry if this is a stupid question, i'm new to cyberpatriot)
If you can undo something in the machine that loses you points it will get you the points back
Do you know some other good checklists I could check out?
i didn't turn on core isolation after restart to on core isolation option what can i do now ?
Great overall video!
Glad you enjoyed it
do you have the checklist you keep looking at? Just so I don't forget
If you don't want to make your own list of every step (although I do recommend it, that way you'll know both what to do next and also keep track of what you've already done), you can at least write down the different pages where the steps can be found (i.e computer management, local group policy, etc.)
My question is that do we need to learn programming language too?
If yes then which language?
Btw nice video keep it up
For cyber patriot you do not need to learn a programming language. If you want to, i would recommend python or bash to make scripts for Linux systems.
i also recommend python, its a super easy language to master if you can piece the logic together in your head when solving problems
I'm doing Windows Server 2022 tomorrow gold tear and this video helped out a lot. Though I don't really know how Server 2022 is different from the Windows 10 image. Any tips or videos I can watch to help me?
Spin up a server 2022 virtual machine and try to do some basic stuff in it. There is quite a bit more to the server images.
@@PentestsandTech Got it, thank you so much.
Yo, I'm literally in the same position as you lol.
question - while you're participating in a cyber patriot round, will you be able to check how many points you've gotten so far?
Yes, it shows you on the image. Also you get a notification each time you score points.
Or loose some 😉
@@gammaraider4020 With my practice image I lost points and I don't even know what I did! 😂
Do you know if it is recommended to disable the default administrator account for the competition? Or do they just want you to change the name of it?
By the way, I love your channel. This was the first video I watched from you and I have been checking out all your penetration test videos. They are super interesting, keep up the good work!
If i remember correctly, they only explicitly talk about the guest account. I believe the default admin account can stay. Also thanks man, will do!
@@PentestsandTech Thanks for the help bro
Can you pls put a link to your own checklist?
What should I do when I hit a wall, I think I've done everything but there's definitely still more to do.
That’s always the hardest part of the competition, especially when you’ve been staring at it for hours. It always helped our team to switch between Linux and windows to get a fresh perspective, but if you want to stay on windows, start exploring. Look at online checklists, look at past competitions and see what types of points your missing and go from there.
Are some of the forensic questions repeated from past ones
A lot of the forensic questions have the same general idea, at least in the beginning of the season, once you get into semi finals, the questions change.
Ok,thanks
What if secpool is missing the local policies ???
Always check the Local Group Policy (gpedit.msc) or Domain Group Policy (gpmc.msc) settings. Certain settings can disable features on the system. There are hundreds of settings in there, but you can filter them by if they were configured or not by clicking the "State" tab on the top of the settings menu next to the "Setting" tab. This will allow you to see what group policy settings are configured on the system. If you don't see the secpol in the local policies, there may be a group policy setting that is disabling it. You can also just use rsop.msc (Resultant Set of Policy) to see only the group policy settings that are actually configured. Hope this helps!
This happened at last season's competition. It is because the .dll file for local policies was deleted. You have to reinstall wsecedit.dll. Hope this helps.
Is there a way to change the passwords for all the users at once?
Sadly no, not without some power shell scripting
@@PentestsandTech thx i spent forever changing each users password for the competition last night
If you accidentally remove the wrong user account or a file during a competition is there a way you can restore it?
Easiest way is to open a fresh vm, but if you can get the original files, you should be fine.
If you add an account with the same name as the deleted user it removes the penalty without you having to lose any progress
just joined but I'm using mac.
how would you restart a vm without stopping the competition?
During cyber patriot you are allowed to restart the vm or even boot up a fresh vm. It dosen't stop anything.
10:00