Diese Arbeit teilt sich im Wesentlichen in zwei Bereiche auf: Windows (Client) Sicherheit und Elastic SIEM. Ein Aspekt, der in dieser Arbeit im Bereich Windows (Client) Sicherheit nahezu gänzlich ausgelassen wurde, sind Angriffsvektoren auf die Sicherheitskomponenten. Eine tiefergehende Analyse mittels „Reverse Engineering“ einer einzelnen Sicherheitskomponente könnte sicherheitsschwache Implementierungsbereiche aufzeigen.
Elastic entwickelt intensiv an Elastic SIEM weiter. Eine erneute Evaluierung und das Aufzeigen der Möglichkeiten in einer oder zwei Versionsupgrades könnten massive Änderungen aufweisen. Eine andere Möglichkeit wäre, Elastic SIEM auf die Skalierung (mehr eingebundene Computer) zu evaluieren. Dabei sollte der Fokus darauf liegen, ob und wie ein Angriff auf einem einzelnen Computer in einem Netzwerk mit beispielsweise über 1000 Computern festgestellt werden kann.
Abkürzungsverzeichnis
ACL Access Control Lists AD Active Directory
ALPC Advanced local procedure call
ASLR Address Space Layout Randomization
BSI Bundesamt für Sicherheit in der Informationstechnik BSOD Bluescreen of Death
CEE Common Event Expression COM Component Object Model CPU Central Processing Unit DLL Dynamic link libraries EKU Enhanced Key Usage ELAM Early Launch Anti-Malware GPO Group Policy Object
GUID Globally Unique Identifier
HTTP(S) HyperText Transfer Protocol (Secure) HVCI HyperVisor Code Integrity
JOP Jump-oriented Programming KDC Key Distribution Center KQL Kibana Query Language LSA Local Security Authority NT New Technology
NTFS New Technology File System NX No eXecute
OLM Object Log Format
PPL Protected Processes Light RDP Remote Desktop Protocol SAM Security Accounts Manager SDK Software Development Kit SID Security Identifier
SIEM Security Information and Event Management SMTP Simple Mail Transfer Protocol
SRP Software Restriction Policy SSH Secure Shell
TBS TPM base Service
TCP Transmission Control Protocol
TGT Ticket-granting Ticket TPM Trusted Platform Module UAC User Account Control
UEFI Unified Extensible Firmware Interface UMCI User Mode Code Integrity
VBS Virtualization-based Security VTL Virtual Trust Level
WDAC Windows Defender Application Control WDAG Windows Defender Application Guard WDCG Windows Defender Credential Guard WDEG Windows Defender Exploit Guard WHQL Windows Hardware Quality Lab WLAN Wireless LAN Area Network
WMI Windows Management Instrumentation
Schlüsselbegriffe
Windows Sicherheit
Virtualization-based Security Elastic
SIEM
LITERATURVERZEICHNIS
[1] “Netmarketshare - Betriebssystemverbreitung im Desktop Bereich,” 03 08 2019. [Online]. Available: https://netmarketshare.com/operating-system- market-share.aspx.
[2] P. Yosifovich, A. Ionescu, M. E. Russinovich and D. A. Solomon, Windows Internals 7th Edition - Part 1, Microsoft Press, 2017.
[3] “microsoft.com - Vergleich Windows Business Versionen,” [Online].
Available: https://www.microsoft.com/de-de/windowsforbusiness/compare.
[Accessed 03 08 2019].
[4] S. Laiho, “Discover Windows 10 internals,” [Online]. Available:
https://channel9.msdn.com/Events/Ignite/2016/BRK4021. [Accessed 08 08 2019].
[5] “Microsoft Hyper-V,” [Online]. Available: https://docs.microsoft.com/en- us/windows-server/virtualization/hyper-v/hyper-v-on-windows-server.
[Accessed 16 02 2020].
[6] “SLAT Patent,” [Online]. Available:
https://patentimages.storage.googleapis.com/44/73/c6/242ff087fbe06f/US 7428626.pdf. [Accessed 16 02 2020].
[7] A. Ionescu, “alex-ionescu.com - Protected Processes Light (PPL),” [Online].
Available: http://www.alex-ionescu.com/?p=146. [Accessed 04 08 2019].
[8] “Windows SIDs,” [Online]. Available: https://support.microsoft.com/en- us/help/243330/well-known-security-identifiers-in-windows-operating- systems. [Accessed 26 08 2019].
[9] S. Bajikar, “Trusted Platform Module (TPM) based Security on,” in Intel, 2002.
[10] “AMSI - Microsoft,” [Online]. Available: https://docs.microsoft.com/en- us/windows/win32/amsi/antimalware-scan-interface-portal. [Accessed 10 11 2019].
[11] “AMSI - Schutz vor Malware,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/win32/amsi/how-amsi-helps.
[Accessed 10 11 2019].
[12] “Windows 10 - Securing Windows Boot Proccess,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/information-
protection/secure-the-windows-10-boot-process. [Accessed 10 11 2019].
[13] “Windows 10 Enterprise Security,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/. [Accessed 01 02 2020].
[14] “Identity Protection,” [Online]. Available: https://docs.microsoft.com/en- us/windows/security/identity-protection/. [Accessed 01 02 2020].
[15] “Threat Protection,” [Online]. Available: https://docs.microsoft.com/en- us/windows/security/threat-protection/. [Accessed 01 02 2020].
[16] “Threat Protection - Attack surface reduction,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/microsoft-defender-atp/overview-attack-surface-reduction.
[Accessed 01 02 2020].
[17] J. H. Saltzer and M. D. Schroeder, “The protection of information in computer systems,” in Proceedings of the IEEE, 1975.
[18] “AppLocker - Übersicht,” [Online]. Available: https://docs.microsoft.com/en- us/windows/security/threat-protection/windows-defender-application-
control/applocker/what-is-applocker. [Accessed 15 12 2019].
[19] J. Forshaw, “AppLocker - Architektur,” [Online]. Available:
https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-1.html.
[Accessed 25 01 2020].
[20] “SAFER API (Microsoft),” [Online]. Available: https://docs.microsoft.com/en- us/windows/win32/secmgmt/management-functions#safer-functions.
[Accessed 01 25 2020].
[21] J. Forshaw, “AppLocker - Blocking Prozess,” [Online]. Available:
https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-2.html.
[Accessed 25 01 2020].
[22] A. Margosis, “AaronLocker,” [Online]. Available:
https://github.com/microsoft/AaronLocker. [Accessed 25 01 2020].
[23] “AccessChk,” [Online]. Available: https://docs.microsoft.com/en- us/sysinternals/downloads/accesschk. [Accessed 08 02 2020].
[24] “WebEx,” [Online]. Available: https://www.webex.com/. [Accessed 16 02 2020].
[25] “Go To Meeting,” [Online]. Available: https://www.gotomeeting.com/de-at.
[Accessed 16 02 2020].
[26] “Certification requirements for Windows Desktop Apps,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/win32/win_cert/certification- requirements-for-windows-desktop-apps. [Accessed 25 01 2020].
[27] “BitLocker - Microsoft,” [Online]. Available: https://docs.microsoft.com/en- us/windows/security/information-protection/bitlocker/bitlocker-overview.
[Accessed 25 01 2020].
[28] M. E. Russinovich, D. A. Solomon and A. Ionescu, Windows Internals 6th Edition, Part 2, Microsoft Press, 2012.
[29] “Controlled Folder Access,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/microsoft-defender-atp/controlled-folders. [Accessed 06 02 2020].
[30] R. Brewer, “Ransomware attacks: detection, prevention and cure,” in Network Security - Volume 2016, Issue 9, 2016.
[31] “Controlled Folder Access - Aktivierung,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/microsoft-defender-atp/enable-controlled-folders. [Accessed 08 02 2020].
[32] “Controlled Folder Access - Voraussetzungen,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/microsoft-defender-atp/controlled-folders. [Accessed 08 02 2020].
[33] “IRP_MJ_CREATE,” [Online]. Available: https://docs.microsoft.com/en- us/windows-hardware/drivers/ifs/irp-mj-create. [Accessed 08 02 2020].
[34] “Application Control,” [Online]. Available: https://docs.microsoft.com/en- us/windows/security/threat-protection/device-guard/introduction-to-device- guard-virtualization-based-security-and-windows-defender-application- control. [Accessed 02 02 2020].
[35] “Windows Defender Application Control,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/windows-defender-application-control/windows-defender- application-control. [Accessed 02 02 2020].
[36] “Device Guard - BSI Analyse,” [Online]. Available:
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-
Sicherheit/SiSyPHus/Workpackage7_Device_Guard.pdf. [Accessed 02 02 2020].
[37] “WDAC - Verteilung der Konfiguration,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/windows-defender-application-control/deploy-windows-
defender-application-control-policies-using-group-policy. [Accessed 13 02 2020].
[38] “WDAG - Policys erzwingen,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/windows-defender-application-control/enforce-windows- defender-application-control-policies. [Accessed 13 02 2020].
[39] “Windows Defender Application Guard,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/windows-defender-application-guard/wd-app-guard-overview.
[Accessed 07 02 2020].
[40] “vmmem Prozess,” [Online]. Available:
https://devblogs.microsoft.com/oldnewthing/20180717-00/?p=99265.
[Accessed 16 02 2020].
[41] “LSA Protection,” [Online]. Available: https://docs.microsoft.com/en- us/windows-server/security/credentials-protection-and-
management/configuring-additional-lsa-protection. [Accessed 01 02 2020].
[42] “Credential Guard - Funktionsweise,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/identity-
protection/credential-guard/credential-guard-how-it-works. [Accessed 01 02 2020].
[43] “Mimikatz,” [Online]. Available: https://github.com/gentilkiwi/mimikatz.
[Accessed 08 02 2020].
[44] “Windows Defender Credential Guard - Konfiguration,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/identity-
protection/credential-guard/credential-guard-manage. [Accessed 08 02 2020].
[45] “Credential Guard - Erwägungen,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/identity-
protection/credential-guard/credential-guard-considerations. [Accessed 02 02 2020].
[46] “Credential Guard - 3rd Party Security Support Provider,” [Online].
Available: https://docs.microsoft.com/en-
us/windows/win32/w8cookbook/third-party-security-support-providers-with- credential-guard. [Accessed 02 02 2020].
[47] “Credential Guard - SSP,” [Online]. Available:
https://blog.nviso.eu/2018/01/09/windows-credential-guard-mimikatz/.
[Accessed 02 02 2020].
[48] “Windows Defender Exploit Guard,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/microsoft-defender-atp/exploit-protection. [Accessed 06 02 2020].
[49] “EMET,” [Online]. Available: https://www.microsoft.com/en- us/download/details.aspx?id=50766. [Accessed 06 02 2020].
[50] “EMET - End of Life,” [Online]. Available: https://support.microsoft.com/de- at/help/2458544/the-enhanced-mitigation-experience-toolkit. [Accessed 06 02 2020].
[51] “WDEG - Mitigations,” [Online]. Available: https://docs.microsoft.com/en- us/windows/security/threat-protection/microsoft-defender-atp/customize- exploit-protection. [Accessed 06 02 2020].
[52] “"ASR Rules",” [Online]. Available: https://docs.microsoft.com/en- us/windows/security/threat-protection/microsoft-defender-atp/attack-
surface-reduction. [Accessed 06 02 2020].
[53] “Microsoft Security Baseline 1909,” [Online]. Available:
https://techcommunity.microsoft.com/t5/microsoft-security-
baselines/security-baseline-final-for-windows-10-v1909-and-windows- server/ba-p/1023093. [Accessed 13 02 2020].
[54] G. Haslinger, “WDEG Baseline Scripts,” [Online]. Available:
https://github.com/gunnarhaslinger/Windows-Defender-Exploit-Guard- Configuration. [Accessed 15 02 2020].
[55] “20744C- Securing Windows Server 2016,” in Microsoft Training.
[56] B. Schneier and N. Ferguson, “A Cryptographic Evaluation of IPsec,” in Counterpane Internet Security, Inc., 1999.
[57] “Windows Defender Firewall - Hardening Guide,” [Online]. Available:
https://medium.com/@cryps1s/endpoint-isolation-with-the-windows- firewall-462a795f4cfb. [Accessed 07 02 2020].
[58] “Windows Firewall Endpoint Isolation - Export,” [Online]. Available:
https://github.com/pmatula/windows-firewall-endpoint-isolation. [Accessed 10 02 2020].
[59] “ProcessHacker,” [Online]. Available: https://processhacker.sourceforge.io/.
[Accessed 13 02 2020].
[60] “Elastic,” [Online]. Available: https://www.elastic.co/. [Accessed 29 02 2020].
[61] “Elasticsearch,” [Online]. Available: https://www.elastic.co/elasticsearch.
[Accessed 29 02 2020].
[62] “Kibana,” [Online]. Available: https://www.elastic.co/kibana. [Accessed 29 02 2020].
[63] “Logstash,” [Online]. Available: https://www.elastic.co/logstash. [Accessed 29 02 2020].
[64] “Beats,” [Online]. Available: https://www.elastic.co/beats. [Accessed 29 02 2020].
[65] B. Azarmi, Learning Kibana 5.0, Packt Publishing, 2017.
[66] “Winlogbeat,” [Online]. Available:
https://www.elastic.co/de/beats/winlogbeat. [Accessed 29 02 2020].
[67] S. Bhatt, P. K. Manadhata and L. Zomlot, “The Operational Role of Security Information and Event Management Systems,” IEEE Security & Privacy ( Volume: 12 , Issue: 5 , Sept.-Oct. 2014 ), 2014.
[68] “Elastic Stack Installationsdokumentation,” [Online]. Available:
https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic- stack.html. [Accessed 05 03 2020].
[69] “Elasticsearch Sicherheitsfeatures Version 7.1.0,” [Online]. Available:
https://www.elastic.co/blog/security-for-elasticsearch-is-now-free.
[Accessed 05 03 2020].
[70] “Elasticsearch TLS,” [Online]. Available:
https://www.elastic.co/guide/en/elasticsearch/reference/current/ssl-tls.html.
[Accessed 05 03 2020].
[71] “Elasticsearch Node Zertifikate,” [Online]. Available:
https://www.elastic.co/guide/en/elasticsearch/reference/7.6/configuring- tls.html#node-certificates. [Accessed 05 03 2020].
[72] “Kibana Sicherheit,” [Online]. Available:
https://www.elastic.co/guide/en/kibana/7.6/using-kibana-with-security.html.
[Accessed 05 03 2020].
[73] “Windows Eventlog,” [Online]. Available: https://docs.microsoft.com/en- us/windows/win32/wes/windows-event-log. [Accessed 15 03 2020].
[74] “Event Tracing,” [Online]. Available: https://docs.microsoft.com/en- us/windows/win32/etw/about-event-tracing. [Accessed 15 03 2020].
[75] “Severity Levels,” [Online]. Available: https://docs.microsoft.com/en- us/windows/win32/wes/defining-severity-levels. [Accessed 15 03 2020].
[76] “Sysmon,” [Online]. Available: https://docs.microsoft.com/en- us/sysinternals/downloads/sysmon. [Accessed 22 03 2020].
[77] C. Balles and A. Sharfuddin, “Breaking Imphash,” in Cornell University, 2019.
[78] “SwiftOnSecurity Sysmon Konfiguration,” [Online]. Available:
https://github.com/SwiftOnSecurity/sysmon-config. [Accessed 22 03 2020].
[79] “Sysmon Konfiguration ion-storm,” [Online]. Available:
https://github.com/ion-storm/sysmon-config. [Accessed 22 03 2020].
[80] “MITRE ATT&CK,” [Online]. Available: https://attack.mitre.org/. [Accessed 22 03 2020].
[81] “ATT&CK Metriken,” [Online]. Available:
https://attack.mitre.org/matrices/enterprise/. [Accessed 22 03 2020].
[82] “Elastic SIEM Ankündigung,” [Online]. Available:
https://www.elastic.co/blog/introducing-elastic-siem. [Accessed 22 03 2020].
[83] “Elastic Common Schema,” [Online]. Available:
https://www.elastic.co/guide/en/ecs/current/index.html. [Accessed 22 03 2020].
[84] “Einführung Elastic Common Schema,” [Online]. Available:
https://www.elastic.co/de/blog/introducing-the-elastic-common-schema.
[Accessed 22 03 2020].
[85] “Filebeat,” [Online]. Available: https://www.elastic.co/beats/filebeat.
[Accessed 22 03 2020].
[86] “Cisco Firewall,” [Online]. Available:
https://www.cisco.com/c/de_at/products/security/firewalls/index.html.
[Accessed 22 03 2020].
[87] “CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service,” [Online].
Available: https://www.nccgroup.trust/uk/about-us/newsroom-and- events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-
elevation-to-system-via-the-upnp-device-host-service-and-the-update- orchestrator-service/. [Accessed 29 03 2020].
[88] “COMahawk - CVE-2019-1405 und CVE-2019-1322,” [Online]. Available:
https://github.com/apt69/COMahawk. [Accessed 29 03 2020].
[89] “Microsoft Error Code Lookup Tool,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/win32/debug/system-error- code-lookup-tool. [Accessed 31 03 2020].
[90] “Uncommon Processes,” [Online]. Available:
https://discuss.elastic.co/t/uncommon-processes/190115. [Accessed 05 04 2020].
[91] “Nishang PowerShell Suite,” [Online]. Available:
https://github.com/samratashok/nishang. [Accessed 02 04 2020].
[92] “Nishang - Invoke-PowerShellTcp,” [Online]. Available:
https://github.com/samratashok/nishang/blob/master/Shells/Invoke- PowerShellTcp.ps1. [Accessed 02 04 2020].
[93] “Microsoft Office,” [Online]. Available: https://docs.microsoft.com/en- us/office/. [Accessed 04 04 2020].
[94] “Gefahren von Makros in Office-Dateien,” [Online]. Available:
https://www.microsoft.com/security/blog/2016/03/22/new-feature-in-office- 2016-can-block-macros-and-help-prevent-infection/. [Accessed 04 04 2020].
[95] “Makros Office,” [Online]. Available: https://docs.microsoft.com/en- us/office/vba/library-reference/concepts/getting-started-with-vba-in-office.
[Accessed 04 04 2020].
[96] “Office Makro Sicherheit Australian Cyber Gov,” [Online]. Available:
https://www.cyber.gov.au/publications/microsoft-office-macro-security.
[Accessed 04 04 2020].
[97] “Remote Display Protocol,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/win32/termserv/remote- desktop-protocol. [Accessed 04 04 2020].
[98] F. Roth, “Sigma,” [Online]. Available: https://github.com/Neo23x0/sigma.
[Accessed 02 05 2020].
[99] F. Roth, “Sigma Regeln,” [Online]. Available:
https://github.com/Neo23x0/sigma/tree/master/rules. [Accessed 02 05 2020].
[100] “Sigma Regel Konverter online,” [Online]. Available: https://uncoder.io/.
[Accessed 02 05 2020].
[101] “Sigma Regel SAM Dump ins AppData,” [Online]. Available:
https://github.com/NVISO-BE/sigma-
public/blob/master/rules/windows/sysmon/sysmon_quarkspw_filedump.ym l. [Accessed 02 05 2020].
[102] “QuarksPwDump,” [Online]. Available:
https://github.com/quarkslab/quarkspwdump. [Accessed 02 05 2020].
[103] “Event-IDs Microsoft Defender,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/threat-
protection/microsoft-defender-atp/event-views. [Accessed 02 05 2020].
[104] J. Hosp, Kryptowährungen: Bitcoin, Ethereum, Blockchain, ICOs & Co.
einfach erklärt, FinanzBuch Verlag, 2018.
[105] K. Sigler, “Crypto-jacking: how cyber-criminals are exploiting the crypto- currency boom,” in Computer Fraud & Security, 2018.
[106] “Kryptomining Trend 2019,” [Online]. Available:
https://www.ikarussecurity.com/security-news/neuer-malware-trend-crypto- miner-uebertreffen-ransomware/. [Accessed 02 05 2020].
[107] “Metricbeat,” [Online]. Available:
https://www.elastic.co/de/beats/metricbeat. [Accessed 02 05 2020].
[108] “Metricbeat CPU und Prozesse,” [Online]. Available:
https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat- module-system.html. [Accessed 02 05 2020].
[109] “Metricbeat Metriken,” [Online]. Available:
https://www.elastic.co/guide/en/beats/metricbeat/current/exported-fields- system.html. [Accessed 03 05 2020].
[110] P. Yosifovich, “CPUStres,” [Online]. Available:
https://docs.microsoft.com/en-us/sysinternals/downloads/cpustres.
[Accessed 03 05 2020].
[111] “Practical implementation of Windows end-point security,” [Online].
Available:
https://www.theseus.fi/bitstream/handle/10024/139806/Leppanen_Tuomo.
pdf?sequence=1. [Accessed 05 04 2020].
[112] “Katakri,” [Online]. Available:
https://www.defmin.fi/files/3417/Katakri_2015_Information_security_audit_t ool_for_authorities_Finland.pdf. [Accessed 05 04 2020].
[113] D. Pham, M. Halgamuge, A. Syed and P. Mendis, “Optimizing Windows Security Features to Block Malware and Hack,” in PIERS Proceedings, 2010.
[114] R. Durve and A. Bouridane, “Windows 10 Security Hardening using Device Guard Whitelisting and AppLocker Blacklisting,” in 2017 Seventh International Conference on Emerging Security Technologies (EST), 2017.
[115] J. Baráth, “Optimizing windows 10 logging to detect network security,” in 2017 Communication and Information Technologies (KIT), 2017.
[116] K. Sornalakshmi, “Detection of DoS attack and Zero Day Threat with SIEM,”
in International Conference on Intelligent Computing and Control Systems, 2017.
[117] J. Baráth, “Network behavior analysis of selected operating systems,” in Communication and Information Technologies (KIT), 2019.
[118] “ArcSight,” [Online]. Available: https://www.microfocus.com/en- us/products/siem-security-information-event-management/overview.
[Accessed 15 05 2020].
[119] R. Hofstede, P. Celeda, B. Trammell, I. Drago, R. Sadre, A. Sperotto and A.
Pras, “Flow Monitoring Explained: From Packet Capture to Data Analysis with NetFlow and IPFIX,” in Institute of Electrical and Electronics Engineers Inc., 2014.
[120] “Eset,” [Online]. Available: https://www.eset.com/at/. [Accessed 15 05 2020].
[121] I. Kotenko and A. Chechulin, “Attack Modeling and Security Evaluation Component,” in Attack Modeling and Security Evaluation Component, 2012.
[122] A. Azodi, D. Jäger, F. Cheng and C. Meinel, “Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems,” in International Conference on Advanced Cloud and Big Data, 2013.
[123] “Common Event Expression,” 2010. [Online]. Available:
https://cee.mitre.org/docs/CEE_Architecture_Overview-v0.5.pdf.
[Accessed 15 05 2020].
[124] “TPM Fundamentals - Microsoft,” [Online]. Available:
https://docs.microsoft.com/en-us/windows/security/information- protection/tpm/tpm-fundamentals. [Accessed 10 11 2019].
[125] D. R. Miller, S. Harris, A. Harper, S. Vandyke and C. Blask, “Security Information and Event Management (Siem) Implementation,” McGraw-Hill Osborne Media, 2010.
[126] “SiSyPHuS Windows 10 BSI,” [Online]. Available:
https://www.bsi.bund.de/DE/Themen/Cyber-
Sicherheit/Empfehlungen/SiSyPHuS_Win10/SiSyPHuS_node.html.
[Accessed 05 04 2020].