 Hey, what's up YouTube? This is an interesting video, right? Because it's something different. I'm not going to be showcasing any code or really anything that I'm doing live. I'm just kind of going to be reviewing or showing things that I've already done in the past, or I'm just going to show something and not have a whole lot of talk or conversation with it. This is an interesting thing though because what I'm trying to showcase is my method or implementation of some stigs or security technical implementation guides for applying them to Windows machines. So right now I think I'm building up the Windows 7 stig. But a lot of these things are very, very similar for Windows XP, Windows Server 2008, and coming off of that. I'm actually looking at some of the older machines like obviously Windows XP and Windows 2008 or not. You don't see those around all that much anymore, at least you certainly shouldn't. But I'm doing that because I'm actually going to be participating in an interesting competition coming up very soon, or the Pro's versus Joe's CTF. I actually got selected for it to play at B-Sides DC this coming October 26th. And I'm really, really looking forward to it because, hey, that sounds awesome. I've never done something like this before. I've done something like this before, but I've never done Pro's versus Joe's. And that's a cool thing. I've been to a B-Sides competition before. I've been to a B-Sides event in B-Sides NYC, New York City last year. But I'm trying to do more of them. Like I submitted a call for papers to B-Sides Connecticut. I submitted one to B-Sides Tampa just to kind of plug into the scene and to have, I don't know, more of a real good reason to go, although I certainly want to go to as many as I can regardless. So I am trying to get down to the DC area. And this is just a really cool, exciting thing because I definitely want to be a part of it. So this website is pros versus joesctf.com or .net. I don't even know. Let me check. I had it full screen. Pros versus Joes.net. Slick. So the team that I'm playing with is part of the Joes, right? That's part of the, it's not like Joes as in like mediocre or actual newbie players and pros versus professionals. It's kind of like that, but not really. It's just that Joes are the blue team and the pros are the red team. So this game had been played before in B-Sides Las Vegas. And the team, my team captain anyway, is actually from the fork bomb team. So I'm just trying to, I don't know, kind of plug into the scene and get to know a little bit more of it. And I want to showcase more of this game, obviously, after I play it. And that's after I learn more about it. But for now, it's just kind of fun to prepare for it and make interesting things because there's a lot of information about there. So there's a lot of information about it already out there. Like you can read through a lot of different people's experiences, their articles, their reports, see some of their code on their GitHub, etc. And I'm starting to prepare some of those things on my own. The website goes into a little bit of an explanation as to what the game really is. It's not the easiest thing to read. I apologize for that. But the competition is, at its heart, a attack and defense blue team versus red team game. So we play as a blue team. And I like that. I like being on the blue team. I've done that before for Cyber Guard and Cyber Flag, some other DOD Department of Defense exercises. And my technique there was essentially being host response and incident response on a lot of Windows machines for one thing, because that game had like 50 or so work stations that you had to monitor and keep eyes on. But you don't really have a whole lot to work with, right? You're in a specific location that does not have real internet connections. So you kind of have a virtual range where you're bringing your tools just like that. But it's harder to set up some big infrastructure. You kind of have to go like a poor man's methodology for remote code execution or just trying to like apply things at scale to many, many computers. And that's exactly what pros versus jose is like in a sense, because you don't have a whole lot of time to put together a big infrastructure. And we only are allowed to use open source tools or scripts or things that we put together ourselves. So that's why it's kind of been fun and I've been trying to put together my own things to prepare for the game. So what I've been doing, as I said, was actually putting together some stigs, or the security technical implementation guides, at least for the windows side of the house, because interestingly enough, the Windows stuff is actually just a lot of at least the majority of the stig is a lot of registry changes, like quick and easy, like tweaks, little changes that you can just put together in a batch script or PowerShell script or something that can be automated. And you can just like, okay, hard force compliance for the stig. And then you're just like that, you're hardened, you're at least a little bit more boarded up than you were without it. So these stigs come from DISA or the Defense Information Systems Agency. And they have a stick viewer that you see and is visible when I go back to the video. And the stick itself is just a procedure and process to actually try and harden or secure, protect and lock down a specific kind of computer. They have these for a ton of different technologies, a ton of different operating systems and things. But right now, I've just been doing it on a lot of the Windows boxes. And I'm trying to put stuff together for Ubuntu and CentOS, because obviously those are going to be crucial parts of the game. But for now, I'm just kind of doing what I can. So trying to showcase this at a little bit more of a breakneck speed, just so it's a little bit more interesting to watch. But I know there's not a whole lot here, maybe it's just mesmerizing thing. But literally, all I'm doing is taking the stick viewer on the left and kind of seeing what they're suggesting, and noting if it is a registry change, I'm gonna go ahead and run a simple reg add command or a simple script put together in like batch or Windows batch or PowerShell, whatever I end up doing it in, and making that change and forcing it. So I can hit the go button, and then just like that, a bunch of things are applied, and I'm at least a little bit more secure. I think that's cool. I think that's interesting. Maybe you'll like it. And honestly, this is awesome to stockpile, right? Like if you had a bunch of like if you had a library just full of a bunch of different stig scripts, or simple things you can do just quick apply to harden a box from like a vanilla image, then dude, more power to you, you're going to rock a blue team game if you have plenty of things like this, or put together utilities that will like monitor things that are wrong. Maybe do some desired state configuration stuff like that. So I've always wanted to showcase some of the stuff like the blue team stuff that I did, especially at CyberGuard and CyberFlag is a lot of PowerShell. And I've wanted to showcase PowerShell, maybe as a tutorial series, and then maybe just showcasing some of that security side aspect to it, because I've done a lot of stuff with CIS internals, which is maybe like I would literally just use PS exec and fan out commands across multiple computers. And I know there's obviously a much better way to do that in PowerShell. I'm sure you could do some PowerShell remoting or some like start job on a computer thing. And there's probably a much smarter and better way to do it. But at the time, all right, here's my poor man's methodology of just getting remote execution across multiple computers. And it seemed to work just fine. And I would use other tools like Posh R2 rapid response and PowerShell deep blue CLI stuff from sands and other other other interesting things. And I would love to showcase that soon. But I know this is weird, right? Because this isn't my normal like, okay, I'm gonna do a tutorial and like live code beside you kind of thing. This is just kind of showcasing what I had done previously. And honestly, truth be told, I've been struggling to motivate myself like to record things to make things primarily because I've just done a crappy low spot in life and I'm trying to move on and to get to DC and do something new. But the core of that and really that what I'm what I'm wanting to say is that I'm listening to a lot of Gary Vaynerchuk, Gary Vee, and you can have your own opinion about him, like totally, that's totally cool. I think one of the things that he had said has kind of spoken to me in a strange way because it's peculiar how I could apply it. And he had said, when you're trying to put stuff out on the internet, creating content and being like a YouTuber or someone that just has a presence online, he says, don't don't just create document, like don't create document or document not create. And that's interesting, right, because a lot of my stuff is a screen capture of stuff that I'm doing, like banging on a keyboard to tutorial and make guides and video walkthroughs for you as if I'm going through them with you as if I'm sitting beside you and trying to teach you step by step how to do something. So documenting what I've done what I've done previously, I think that's the best way I can do it because I can still scream record the actions that I'm taking the stuff that I'm doing. And then if I put a little bit more commentary or narrative over it, maybe that's interesting. I don't know, maybe people will watch that. And even with this kind of topic, right, because normally I've, I think my channel started out with programming tutorials, Python, like Windows batch and stuff. And I wanted to develop that further. But then I went to college and then college frickin tore my life apart. And I got into the capture flag scene, though I got into cyber security stuff while I was here. And now the channel has kind of changed into a little bit more of a capture flag direction. But I think a lot of the growth came from when I taught programming stuff. And I think if I were to get back to, like Windows dev, right, or like web frameworks, like if people wanted to see cool stuff, like, oh, React, JS, Angular, Vue, maybe that would bring more of the masses or Windows PowerShell, right, and automation and hardening for the blue team stuff. I think that that attracts some things, some good, some good stuff. So I did want to improve this. And that's kind of why I wanted to put this one out there, put this video out here with a weird title, right, with weird content in the video, in that, okay, if I say this video is about securing Windows boxes with disastiggs, how many people will come to this? Will they? I'm just trying to feel the pulse. I'm trying to test the water, see if this is a thing. And maybe too many people won't be just scared away or blown off by the fact that this video is just me talking. But hopefully people enjoy that a little bit. I don't know. I hope there's still something interesting. And certainly I will showcase this stuff if you really, really want to see more of it. Say the word. I want to be better, especially in collecting more people and building this audience, building this family, join the Discord. Building this community is a really cool thing. And it's honestly just fun to see the growth. YouTube is a flower, right, that I'm trying to water and grow. And that's fun and kind of cool. So I am trying different things I'm wanting to anyway. Well, still trying to get out of this rut that I am in my life and move over this hurdle. So thanks for watching, guys. I hope you enjoyed this different thing, right? I'm going to try and do a little bit more of this where I do have footage already pre-prepared, especially because I'm doing stuff with the Pro's VJOs and the B-Sides DC preparation. I do have some content that I've just been recording. And I do that all the time with CTFs, right? I would just record my entire footage of playing some kind of game. I literally have the raw footage of me playing Pico for six hours. I could showcase that for some reason, if you guys wanted it. But I'll talk over it and maybe it'll be interesting stuff. I'm going to throw it out there and put it on the Internet and you as whatever entity that you are, all holy Internet, you can do with it what you want to do. So thank you. Before I go, I do want to give a quick shout out and thank you to the people that support me on Patreon. Thank you guys so much. Cannot say it enough. I'm grateful for each and every one of you and I am looking forward to hopefully have a few more of you. It's awesome. So thank you so much. One dollar a month on Patreon will give you a special shout out just like this at the end of every video. I know it's not a whole lot, but maybe it's just a small incentive, like, hey, just helping some dude out, being a good Samaritan, trying to get those warm, fuzzy feelings in your heart. And I'm very, very grateful for it. Five dollars a month or more will get you early access for videos, like everything that I create on YouTube. I'll put in a Google Drive folder that's shared with you. So whenever my videos are done, like recorded, complete and ready to go, they'll go in that folder and you'll be able to see them before they may be scheduled to release on YouTube in case I have stuff backlogged and ready for a couple of days out. I need to get better at that, but I will hopefully get some stuff backlogged and a whole lot of stuff coming out very, very soon once I get out of here and get down to DC and start a new life. So thanks for watching. If you did like this video, please do like, comment, and subscribe. Join our Discord server link in the description. It is a cool community full of CTO players, programmers, and hackers. Hang out with me and a bunch of other cool people. Tons are way smarter than me, so it's definitely a cool place to get plugged in. And just kind of be involved in the scene. Thank you so much, guys. Hope to see you in the next video. Hope to see you on Patreon. Love ya. See you later.