The following article is a discussion on configuration settings that could potentially help to improve your Microsoft Windows Laptop Security – protecting and defending your data from Malicious actors. Join the discussion below or reach out to Redbot Security for Cybersecurity Services.
By definition, the act of hardening is, “A process intended to eliminate a means of attack by patching vulnerabilities and turning off nonessential services. – NIST SP 800-12”. Realistically, the act of hardening is akin to wearing your seatbelt while driving. You may not be a victim of an accident; in this case a data breach, but you level of risk and potential impact for severe damage due to a compromise from a ‘drive-by’ malicious actor is high. Especially if your mobile infrastructure (laptops, cellphones, touchpads, etc.) are not effectively configured to withstand a technical attack.
Malicious actors prey on weak configurations like locusts. Microsoft, despite knowing that their operating systems, have inherent weaknesses have done little to enhance its initial security outside of remediation for publicly known vulnerabilities. Alone, Microsoft had 1,212 security vulnerabilities in 2021. 104 of them were rated at critical risk for Remote Code Execution (RCE) or privilege escalation. Most of us only really hear about the critical vulnerabilities, such as ETTERNALBLUE (MS17-010); a vulnerability that is consistently exploited on regular penetration tests. Microsoft does a ?decent? job of enforcing security patching, but other issues remain. Specifically, most security engineers and consultants would refer to these as misconfigurations, but it’s Microsoft’s approach to the balancing act that is security versus usability. Microsoft aim as giving the administrators and end users the highest usability with as little hinderance as possible, meaning that security takes the back seat. Unfortunately, these weaknesses in security settings allow hackers and other malicious actors to gain a foothold and launch more sophisticated attack techniques that will likely expose sensitive information and gain unauthorized access.
Laptop hardening is a process that involves taking steps to secure a laptop system against potential threats. The purpose is to reduce the system’s vulnerability to cyberattacks, unauthorized access, and data theft. Hardening a laptop essentially means tightening its security to protect sensitive data and the system’s integrity.
A hardened laptop is a computer that has been specifically configured and prepared to resist attacks and intrusions. It typically involves a combination of hardware and software modifications to make the laptop more secure against cyber threats.
Hardening and patching are two crucial components of maintaining computer and network security. Let’s delve into what each term means:
Hardening: As previously discussed, hardening is the process of securing a system by reducing its surface of vulnerability. This process involves removing unnecessary applications, disabling unnecessary services, configuring settings securely, installing protective software, and sometimes even altering physical aspects of the system. The goal of hardening is to eliminate as many risk factors as possible and protect against potential threats.
Patching: Patching is the process of applying updates (“patches”) to software and firmware. These patches often include fixes for known bugs and vulnerabilities that could otherwise be exploited by hackers. Regular patching is an essential part of system maintenance and security. Software developers routinely release patches as they discover and resolve vulnerabilities in their software.
Device hardening is the process of securing a device by reducing its susceptibility to attacks by eliminating as many security risks as possible. This involves modifying the default configuration to close unnecessary points of access and harden security settings. Device hardening applies to any computing device, such as laptops, smartphones, tablets, routers, servers, and even IoT (Internet of Things) devices.
One mistake that Redbot Security sees on a regular basis is that network and systems administrators rely on the implementation of VPNs to control access. This is a false sense of security that; if not implemented correctly, can lead to bigger issues. But why? A VPN opens a direct tunnel to hosts and services (typically on enterprise networks) that are otherwise not directly accessible from the internet. Depending on its configuration, the VPN commonly will also redirect all internet-bound network traffic to provide a layer of security and privacy. The VPN software does this by establishing a virtual network interface and implementing routing rules. What it does not do is hide the computer from the current Local Area Network (LAN). This means that when the laptop or mobile device connects to untrusted networks, such as a coffee shop or airport Wi-Fi network, it still maintains a presence. In most non-enterprise networks, network administrators can enable network segmentation and client isolation techniques that keep users from communicating with one another. However, outside of the corporate-owned networks, administrators that allow mobile devices to connect to untrusted networks cannot enforce these policies. Furthermore, for home-based workers, personal internal networks often share a local network with devices that are truly a high-risk, such as the computers and mobile devices of children or unregulated IoT devices.
Before delving into the top configurable settings to harden Windows-based laptops, let’s take a moment to discuss the understand the most common attacks techniques used by malicious actors.
It’s loud, but password guessing is effective and straightforward. Furthermore, it requires little to no skill and can be fully automated by an attacker. The effectiveness preys upon users setting weak, guessable passwords. Yes, ‘123456’ and ‘Password1’ are the most common, along with ‘Season+Year’. Even with a baseline password policy of eight characters and enforced complexity, ‘Password1’ and ‘Fall2022’ meet the set criteria. This is further advanced by the fact that local administrators on Microsoft Windows operating systems do not lock out. This means that an attacker can send hundreds, if not thousands of guesses from open-sourced dictionaries with mutation rules in an incredibly short amount of time.
Link-Local Multicast Name Resolution (LLMNR) sounds super fancy, but it’s ultimately one of the worst protocols ever developed in the history of technology. Furthermore, it’s enabled by default and is only absolutely needed for super rare cases, such as the lack of access to DNS services. While enabled, an attacker can monitor a network for certain protocols; typically associated with authentication against network-based resources, and intercept or manipulate the authentication process to illicit an authentication request. In most cases, the intercept must be cracked offline and cannot be used in the moment for Pass-the-Hash (PTH) techniques, but it’s a start.
Direct manipulation of SMB traffic can reveal a lot about a host on the network, such as name, operating system, and even the build or patching version. In some cases, the attacker can leverage things like e-mail or access to other network resources to intercept authentication requests similar to LLMNR-based attacks.
Pretty sure, the attack techniques surrounding missing security patching is large enough to be it’s own topic. However, to summarize this point, there are loads of Remote Code Execution (RCE) vulnerabilities that have come to light over the last 20 years and are backed by a plethora of available resources quickly discovered through internet-based searches using Google or Bing. Most also have publicly available, Proof of Concept (PoC) code or pre-compiled binaries that are similar to handing over a live grenade to the attacker with instructions on how to pull the pin.
Without a VPN redirecting web application traffic, the user may be at risk for web-based attack techniques. These are commonly Cross-Site Scripting (XSS) and Java-derived vulnerabilities that attempt to seal session cookies, and authentication credentials, execute malicious code, or hijack browsers.
“You won!” and “A relative you didn’t know left you their fortune when they passed.” I’m sure we’ve all seen them,… all day long. Despite advanced technology and new products every year to thwart phishing, it works and it’s here to stay. Even elementary and high schools are teaching students about how to recognize phishing emails. The problem is that just like mass marketing, it’s easy for a malicious actor to target as few as one (1) or up to 10,000 people with ease. Inevitably; despite the poor grammar and lack of spellcheck, someone will eventually click the Link of Doom.
Here are some of the best security laptops in the USA:
These are just a few of the many secure laptops available in the USA. When choosing a security laptop, it is important to consider your needs and budget. You should also make sure that the laptop comes with the latest security features and is regularly updated with security patches.
Now, on to the good stuff. Here are 10 things that and Windows Professional user or administrator can do to enhance security of their laptop (apologies to Windows Home users, Microsoft doesn’t believe in allowing you configurable access unless you pay for the upgrade).
Note: Non-domain joined (folks that own a laptop with Windows Professional), can leverage the built in Group Policy Editor (gpedit.msc), while enterprise administrators should capitalize on Microsoft’s Group Policy Objects (GPOs) for Active Directory.
Note: User Rights Assignments is located in Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment. Please exercise extreme caution with these policies. Misconfiguration can and likely will cause a computer to crash. For that reason, Redbot Security will not be covering this section in detail. Understanding the concept of Privilege and Role Separation is the key takeaway.
Helpful Hint: If the laptop has biometric authentication, such as a finger print reader, assign one your index finger to one account and your middle finger to the other.
Andrew has 20+ years of hands-on security experience leading teams or working individually on highly technical engagements for a wide variety of commercial and government industries in IT and OT security. Andrew is an active security community leader/member that has developed Redbot Security’s penetration testing methodologies, security policies, attack tools, social engineering tactics, and application and IoT testing guidance. Andrew is able to hack his way into a variety of IT/OT networks, devices and applications and has been known take over entire cities, Simulating Real World Attacks – Before they Become Real…
Senior Level Hands-on-Keyboard
Manual Testing
Get a Project Quote
Should an Employee Report Security Incidents Involving Family Members? Is your business or job at risk if a bad actor gets access to your family. Will they gain access to you?
The likelihood of a cyber attack on a mobile platform is significantly high, but how difficult is it for a malicious actor to generate malware? You might be surprised.
Insecure Direct Object Reference (IDOR) vulnerabilities pose a significant risk to the security of web applications, allowing attackers unauthorized access to sensitive data and functionalities. By understanding the implications of IDOR and adopting secure coding practices, web developers can protect their applications and users from potential exploitation.
Mass Assignment Vulnerability occurs when a web application allows users to submit a more extensive set of data than is intended or safe. The potential consequences of this vulnerability can be severe
Attackers can manipulate the serialized data to execute malicious code, compromise the application, or gain unauthorized access.
Kerberos Authentication Service Response (AS-REP) Roasting, a technique similar to Kerberoasting, has gained prominence as a method for attackers to compromise Active Directory (AD) authentication systems.
Becoming proficient in Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) network testing can appear daunting as there are fewer learning resources.
Machine Learning (ML) is a subset of AI, and, more than likely, closely aligns with what we consider to be AI in the media.
Recent reports of significant cybersecurity layoffs in the United States have raised concerns about the nation’s preparedness to defend against cyber threats
The FBI released its FY 2024 IC3 Annual Report on April 24, 2025, detailing 859,532 complaints and a record $16.6 billion in losses. In this post, we highlight how phishing, BEC, and cryptocurrency fraud continue to surge, why ransomware remains a top threat to critical infrastructure, and which demographics are most at risk. Plus, discover Redbot Security’s proven strategies,from manual penetration testing to red teaming, that can help you turn IC3 data into actionable defenses.
From API-server exploits to supply-chain threats, this checklist shows how the best penetration testing companies harden Kubernetes. Boost resilience now.
Cybercriminals are ditching malware and exploiting trusted tools already inside your systems. Learn how Living off the Land (LotL) attacks work, and how to stop them.
From pipelines and water systems to power grids and transit networks, U.S. critical infrastructure is under siege. With CISA budget slashed, is a national cyber disaster inevitable?
Understanding NIST 800 and Its Impact on Penetration Testing Requirements.
Internal network penetration testing is essential for identifying security gaps within an organization’s infrastructure. Attackers exploit misconfigured permissions, weak credentials, and unpatched vulnerabilities to escalate privileges and move laterally within networks. A thorough penetration test helps uncover these risks before they are exploited, ensuring stronger security controls, improved access management, and compliance with industry standards. Redbot Security’s expert-led penetration testing provides in-depth assessments to fortify your internal network against evolving threats.
Redbot Security’s senior-level cloud security team brings years of expertise in AWS, GCP, and Azure security. Our approach is rooted in manual-controlled testing and deep-dive security analysis, ensuring that we uncover hidden vulnerabilities that automated tools often miss.
Cymbiotic Hive: The Simple, Rapid-Deployment Solution to Access Management
With data breaches surging by 68% last year alone, cybersecurity has evolved from a low-key technical matter into a defining issue demanding top-level attention.
Increasingly, investors see proactive cybersecurity spending as a hallmark of strong corporate governance. It can be factored into how they value a company’s resilience and risk profile
Our nation is under attack and overwhelmed. Modern Security teams face numerous challenges in managing network and application security effectively.
Our nation is under attack and overwhelmed. Modern Security teams face numerous challenges in managing network and application security effectively.
Is your security team sharing sensitive data unknowingly?
Through repeated random sampling, allows us to simulate a wide array of social engineering attacks with a depth and breadth previously unimaginable.
While penetration testing is valuable in identifying technical vulnerabilities, red teaming provides a more holistic assessment by simulating realistic threat scenarios. By embracing red teaming, organizations can bolster their defenses, uncover weaknesses, and stay one step ahead of sophisticated adversaries.
Malicious actors leveraging OSINT to uncover confidential and sensitive information that is publicly available online. Learn how to prevent risks.
Client-side desyncs are a class of browser-powered HTTP smuggling attacks. What you need to know and how to prevent a malicious actor from taking advantage of this vulnerability.
Active Directory Certificate Services (AD CS) presents various security risks for organizations. This article will help you understand a Relay Attack.
What is an API? APIs, including local and remote, come in various forms and are fundamental to modern software development. They serve as the bridge between different software components, enabling them to work together seamlessly.
While plenty of articles cover the Modbus protocol with varying degrees of detail and usage, this article aims to examine the Modbus protocol with an offensive security lens.
Malicious actors prey on weak configurations like locusts. Microsoft, despite knowing that their operating systems, have inherent weaknesses have done little to enhance their initial security outside of remediation for publicly known vulnerabilities.
The following article is a discussion about helping you to best utilize your military skills to successfully transition into the commercial space.
The following article is a discussion that explores JavaScript Web Tokens
The following article is a discussion that explores Wave Behaviors to Locate Wireless Access Points and Devices
Today, cybercriminals have plenty of entry points to exploit. Therefore, it has become crucial for organizations to improve their attack surface visibility to have more effective protection. This is where attack surface management (ASM) comes into play. This article will explore all about attack surface management (ASM), including its importance, working principle, and benefits.
Check out the latest cybersecurity news around the globe
Over 40 leading cybersecurity professionals and infosec experts have signed an open letter […]
A high severity flaw affecting Broadcom’s Brocade Fabric OS (FOS) has allowed attackers to run […]
width="2490" height="1400" sizes="(max-width: 2490px) 100vw, 2490px">Auf Berlins Info- und […]
CISOs seeking insights into the latest cyberattack trends should note that cybercriminals’ […]
Die Ransomware-Gruppe Akira soll bei Hitachis IT-Services- und Infrastruktur-Tochter zugeschlagen […]
Our expert team will help scope your project and provide a fast and accurate project estimate.
Contact Redbot Security
