Releasing my Windows 10/11 Hardening app, free, of course, else it wouldn't be here.

Releasing my Windows 10/11 Hardening app, free, of course, else it wouldn't be here.

I used to have a hardening script for years, but now AI made it easy to convert my hardening script into an app.

It's beyond just a few settings - all of the ones in the recommended profile are battle-tested (I used to work in Microsoft's security consulting division in the Middle East).

Feedback is welcome, I promise to take into account and fix all issues reported here.

Here's the official description:

Most hardening tools overcorrect. Blindly applying a full DISA STIG to a personal or power-user machine wrecks it: it disables your password manager, kills InPrivate, turns on Controlled Folder Access that blocks your own apps, and demands a BitLocker PIN on every boot, all for compliance checkboxes that add little real security.

AtlantHarden v2.0 is built around a smarter idea: stop how malware and attackers actually get in and run, and skip the friction that does not stop them. Comprehensive when you want it with the Maximum profile, sensible by default with Recommended. Every change is backed up automatically and fully reversible.

Features

  • 579 hardening settings across registry, PowerShell, firewall, file associations, audit policy, and ASR rules
  • 354 DISA STIG controls across Windows 11 (V2R7), Edge (V2R5), Chrome (V2R11), Firefox (V6R7), and Office 365 ProPlus (V3R5)
  • 34 ACSC Essential Eight settings (July 2024) with live compliance scoring
  • 3 one-click profiles: Basic (95 settings), Recommended (318), and Maximum (579), each fully reviewable before apply
  • Recommended profile is gaming and performance safe and leaves your password manager, InPrivate, and history working
  • 19 Attack Surface Reduction rules blocking Office macros, ransomware, credential theft, and script droppers
  • LOLBin firewall rules blocking certutil, mshta, wscript, regsvr32, and wmic from the network
  • File association neutralization opening dangerous script types (.js, .vbs, .hta, .scr) as text
  • Browser hardening across Edge, Chrome, and Firefox simultaneously
  • PowerShell logging triad: script block + module + transcription
  • Registers itself as allowed for ASR and Controlled Folder Access so it never locks you out
  • Full backup with automatic pre-change snapshot, .reg export, and System Restore integration
  • Silent deployment via CLI for enterprise fleets, plus configuration import and export
  • One-click HTML security report with STIG and ACSC compliance metrics

If the mods allow it, I'll add a download link in here - else, just google "Atlant Harden"

https://atlantsecurity.com/downloads/atlant-harden

P.S. As this is free, I hope I am not breaking the no spam and no advertising rules

u/xorredd — 8 hours ago
▲ 13 r/computerforensics+1 crossposts

If you ever wanted to carve out a piece of MFT/Journal - a timeframe, path or file extensions... here's your chance

I worked in forensics for many years and one of the most annoying things in MFT/Journal analysis, is that initial work of prepping the files until they are readable by humans (size, format, timeframe). I used to export to csv, open in emeditor, then carve out the time periods I did not care about, but that took time and was not reliable.

Now, with the emergence of AI, I was finally able to create the app that does it.

It basically allows you to select a timeframe, extensions you do or do not care about, folders you wish to exclude, and go on your merry way of exporting the valid but carved out MFT for use in other tools or a CSV for use in your favorite tools, too.

As this could be a collaborative project... and I will NEVER sell it, it will remain free (and maybe even open source) - what else would you like to see in such an app? Mods, am I allowed to add a link to a free tool here?

https://preview.redd.it/smc3u9vl679h1.png?width=2470&format=png&auto=webp&s=8435e8ed9428b9d46396d069816eefe7fe631af1

I am almost certain there is no free or paid software out there that allows this kind of laser-focused carving of MFT files for speed of analysis. If the mods allow it, I'll post a link to the download. It's Freeware.

reddit.com
u/xorredd — 12 days ago
▲ 2 r/SaaS

Full disclosure: I have 2 SaaS products and also a cybersecurity company (atlant security), I've been a CISO and part of Microsoft's security consulting team and basically been on both sides of the barricade.

The story of your own SaaS will surely involve a security incident, if not a dozen or more. Every code collection that also involves human interaction from your employees and/or customers, will inevitably meet some malicious intent or code in its lifetime.

Your servers will get vulnerable from time to time, when a new 0-day is released and before a patch becomes available.

Your code and included libraries will include vulnerable versions.

Your app will contain unpatched security vulnerabilities, before you identify and fix them.

And your employees will open phishing emails from time to time... fully exposing everything they have access to - to an outsider...

so.... how do you deal with this?

While many might suggest you start buying security apps and software and appliances, I suggest you go another route.

SECURITY HARDENING

I believe in security architecture and I believe you should apply it across the board. Securing your computers (all your employees computers), theirs apps, their access to stuff, then securing your servers, code, libraries, then building detection and response.

Because it's not about IF you will interact with malicious code and intent, but When and what you do when that happens. If you detect a micro-breach on time, you win.

Use AI to help you:

  1. design secure SaaS - across the code, infra, etc

  2. evaluate your code and setup for vulnerabilities

  3. evaluate your systems and setup for business logic flaws (negative money transfers is basically giving free money, for example)

I will answer all your questions in this thread.

reddit.com
u/xorredd — 2 months ago
▲ 106 r/SoftwareTips+1 crossposts

Guys, I wrote a new plugin for Wordpress security. It is quite extensive and has recently been approved on the directory. The plugin is FREE (for the mods!) and will never become paid. So there's no promotion of products and services here. In fact, I invite the mods to try it themselves.

https://wordpress.org/plugins/atlant-security/

Below is the full functionality, explained:
Atlant Security is a comprehensive WordPress security plugin that provides enterprise-grade protection through 17 integrated security modules organized in a 5-layer defense architecture.

5-Layer Defense Architecture

  1. Pre-WordPress WAF — Firewall, rate limiter, and IP blocking run before WordPress processes the request.
  2. Application-Aware — Login security, custom login URL, two-factor authentication, session hardening, cron monitoring, and REST API policies.
  3. Content & Config — WordPress hardening, security headers, AI crawler management, and honeypot traps.
  4. Outbound & Data — SSRF prevention, malware scanning (files and database).
  5. Response & Recovery — Post-breach recovery, notifications, visitor log, and audit log.

Key Features

Web Application Firewall (WAF)
Inspects every request against 28+ attack pattern families including SQL injection, XSS, remote code execution, path traversal, PHP object injection, and WordPress-specific attacks. Block or log-only mode. Triple URL decoding prevents evasion.

Brute Force Protection
Progressive lockout system (5 min > 30 min > 24 hours) with configurable thresholds. Generic login error messages prevent username enumeration. Author enumeration blocking.

Malware Scanner
Local file and database scanner with 38 malware signatures. Detects backdoors, webshells (WSO, c99, r57), crypto miners, credit card skimmers, and obfuscated code. Quarantine system with web access blocking.

Two-Factor Authentication (2FA)
TOTP (Google Authenticator, Authy) and email OTP. Per-role enforcement, 10 recovery codes, 5-minute challenge timeout, replay attack prevention.

Honeypot Traps
Zero-false-positive bot detection: hidden link traps, fake login pages, comment honeypots, and Contact Form 7 integration. 3-layer safe bot protection ensures Googlebot, Bingbot, and allowed AI crawlers are never blocked.

AI Crawler Management
Control 20+ known AI/LLM training crawlers (GPTBot, ClaudeBot, Google-Extended, Bytespider, and more). Per-crawler toggles, robots.txt integration, and 403 enforcement. Block training crawlers while allowing browsing bots.

Security Headers
Manage HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, CSP, CORP, and COOP. Letter-grade scoring system. Remove X-Powered-By and Server headers.

Session Security
Cookie hardening (HttpOnly, Secure, SameSite). Session binding via IP + User-Agent fingerprint detects hijacking. Concurrent session limits. Idle timeout. Optional admin bypass for all session restrictions.

Rate Limiter
Sliding-window rate limiting across 11 endpoint categories: frontend, login, search, feed, REST API, WooCommerce checkout, XML-RPC, and cron.

REST API Policies
Per-route access control with authentication requirements, HTTP method restrictions, rate limits, and IP whitelists. 5 built-in policies protect user enumeration, search, and write endpoints.

Cron Guard
Monitors wp-cron.php for flood attacks. Detects suspicious scheduled tasks via baseline comparison. System cron migration helper.

Outbound Monitor (SSRF Prevention)
Monitors all outgoing HTTP requests. Blocks requests to private/internal IP ranges including cloud metadata endpoints. Domain allowlist with wildcard support. Caller detection traces requests to specific plugins.

Post-Breach Recovery
12 emergency actions: terminate sessions, force password reset, rotate secret keys, emergency lockdown, reinstall core, reinstall plugins, audit admin accounts, clear caches, malware scan, disable plugins, and downloadable incident report.

Real-Time Dashboard
Live visitor monitoring with 15-second auto-refresh. Stat cards, traffic charts, top IPs with VirusTotal integration, browser distribution, and IP detail modals.

Visitor Log & Audit Log
Complete request history with filters (IP, URL, bots, blocked, time range). Tamper-resistant admin action audit trail.

Notifications
Email alerts (HTML formatted, color-coded severity), Slack webhooks, custom JSON webhooks, and daily digest. Configurable severity threshold with 5-minute deduplication.

WordPress Hardening
One-click toggles: disable XML-RPC, hide WordPress version, block REST API user enumeration, block author enumeration, disable file editor, block PHP execution in uploads.

What Makes Atlant Security Different

  • Pre-WordPress WAF — Blocks attacks via auto_prepend_file before WordPress even loads
  • Outbound HTTP Monitor — Detects SSRF attacks and unauthorized outbound connections
  • Database Backdoor Scanner — Scans wp_options and wp_posts for eval(), base64, and hidden backdoors
  • Client-Side Bot Detection — JavaScript challenges and browser fingerprinting catch sophisticated bots
  • AI/LLM Crawler Blocking — Identify and block AI training crawlers scraping your content
  • Honeypot Traps — Hidden links, fake login pages, invisible form fields that only bots trigger
  • Cron Guard — Monitors wp-cron for unauthorized scheduled tasks planted by malware
  • Post-Breach Recovery — Guided recovery toolkit with 12 emergency actions in one place
  • Session Fingerprint Binding — Binds sessions to IP + User-Agent so stolen cookies are useless
  • Real-Time Visitor Dashboard — Live visitor feed updated every 15 seconds
  • Smart Password Policy — Minimum length, complexity, common-password blocking, and passphrase support
  • Granular REST API Policies — Per-endpoint control, not just a global on/off switch
  • Safe Mode Override — One constant in wp-config.php disables all blocking features instantly
  • Deactivation Data Control — Choose to keep or wipe all security data when deactivating
  • Zero phone-home — No telemetry, no tracking, fully GDPR-compliant (external services used only when explicitly enabled by the admin — see External Services section)

Why Atlant Security?

  • All-in-one — Replaces 5-6 separate security plugins
  • No external dependencies — Core security features run locally on your server
  • Zero phone-home — No telemetry, no tracking (optional features like GeoIP use external services only when explicitly enabled — see External Services section)
  • GDPR-friendly — No external fonts, no CDN resources
  • Setup wizard — Configure core security in under 2 minutes
  • Clean uninstall — Removes all database tables and options when deleted (opt-in)
  • Safe Mode — Emergency override if you get locked out of your site

u/simplerdrought — 2 months ago