Security Assessment Capability Showcase | Houston's Technology Consulting

Executive Overview

Combined security posture across external domain and internal endpoint assessment vectors.

Domain Security

houstons.tech

Strong email authentication with SPF hardfail and DMARC reject, but critically absent web security headers and no HTTP-to-HTTPS enforcement leave the site exposed.

Endpoint Security

ENDPOINT-01 (Windows 11 Pro)

Strong credential protections (LSA/RunAsPPL, WDigest disabled) undermined by a passwordless admin account, disabled Tamper Protection, and critical forensic blind spots.

37

Total Findings

2

Critical

9

High Severity

10

MITRE Techniques

15+

Frameworks Mapped

40

ISM Controls Tested

Methodology

A two-pronged approach combining external domain reconnaissance with internal endpoint telemetry.

Domain Security Assessment

External-facing attack surface analysis

DNS record enumeration (A, AAAA, MX, NS, TXT, CAA, DNSSEC, DANE/TLSA)
TLS/SSL configuration and cipher suite analysis
Email authentication chain (SPF, DKIM, DMARC, MTA-STS, BIMI)
HTTP security headers (9-header assessment)
HSTS preload status verification
Blacklist / reputation checks (9 lists)
Certificate Transparency log enumeration
OSINT and site crawl analysis
Multi-framework compliance mapping (15+ frameworks)

Endpoint Security Assessment

MITRE ATT&CK-aligned internal scan

Registry autostart enumeration (Run keys, startup folder, WMI)
Local account and password policy audit
Network service and listener discovery (TCP/UDP)
Windows Defender status and exclusion review
Scheduled task privilege analysis
PowerShell logging configuration
Service path vulnerability scanning
Credential protection assessment (LSA, VBS, Credential Guard)
C2 indicator detection (outbound connections, DNS cache)
File obfuscation checks (ADS, hidden executables)

Architecture

Scanner

PowerShell / Node.js

→

JSON

Structured Data

→

Claude Analysis

AI-Powered Grading

→

HTML Report

Self-Contained

→

PostgreSQL

Backend Storage

Domain Security Assessment

External security posture of houstons.tech — deep scan with crawl analysis.

Grade Breakdown

Email

Web

MITM

DNS

Compliance

OSINT

Top Findings

HST-001

Critical

No Security Headers Configured (0/9)

Zero security headers present. None of the nine standard security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-XSS-Protection, COOP, CORP) are configured.

HST-002

High

HTTP to HTTPS Redirect Not Enforced

Visitors accessing via HTTP receive no redirect to HTTPS, enabling man-in-the-middle attacks and content injection.

HST-003

High

No DKIM Records Found

No DKIM DNS records found after checking 20 common selectors. Recipients cannot verify email integrity.

HST-004

High

SMTP STARTTLS Not Available on MX

Primary MX server did not offer STARTTLS during SMTP handshake, allowing email interception in transit.

HST-005

High

No HSTS Header — First-Visit MITM Vulnerability

HTTP Strict Transport Security not configured. Browsers will not automatically upgrade to HTTPS, enabling SSL stripping.

HST-006

High

No Content Security Policy (CSP)

No CSP header configured. Primary defense against XSS and data injection attacks is absent.

HST-007

Medium

MTA-STS Record Exists But Policy Not Enforced

MTA-STS DNS record exists but policy mode could not be verified as enforced, allowing TLS downgrade attacks.

HST-008

Medium

No CAA Records Configured

No Certificate Authority Authorization records, allowing any CA to issue certificates for the domain.

NIST Cybersecurity Framework

Essential Eight Maturity Levels

Application Control ML0

Patch Applications ML1

User App Hardening ML0

Restrict Admin N/A

Patch OS ML1

MS Office Macros N/A

Multi-Factor Auth N/A

Regular Backups N/A

ISM Control Assessment

40 controls tested 57% pass rate

17 Pass

15 Fail

3

5 N/A

Quick Wins

Enable 'Always Use HTTPS' in Cloudflare (1 click, fixes HST-002)
Add security headers via Cloudflare Transform Rules (fixes HST-001, HST-005, HST-006)
Enable HSTS in Cloudflare SSL/TLS settings (1 click, fixes HST-005)
Add CAA DNS records restricting cert issuance (fixes HST-008)
Configure DKIM with Forward Email (fixes HST-003)

Compliance Framework Coverage

ISM (ASD)40 controls

Essential Eight8 controls

PSPF10 controls

IS18 (QLD)10 controls

ISO 2700115 controls

SOC 210 controls

CPS 234 (APRA)10 controls

NIS2 (EU)11 controls

DORA (EU)8 controls

Privacy Act (AU)4 controls

GDPR (EU)5 controls

CIS Controls7 controls

PCI DSS7 controls

OWASP Top 106 controls

UK Cyber Essentials5 controls

Endpoint Security Assessment

MITRE ATT&CK-aligned security posture of ENDPOINT-01 — Windows 11 Pro (Build 26100).

Tactic Grade Breakdown

Persistence

Defense Evasion

Discovery

Credential Access

Execution

MITRE ATT&CK Tactic Radar

Findings

ADD-001

Critical

No Password Required on Primary Account

Primary user '[USER]' (administrator) does not require a password. Combined with RDP on all interfaces, this allows unrestricted access.

ADD-002

High

Windows Defender Tamper Protection Disabled

Any process can modify or disable Defender settings without administrator consent. All other protections can be silently turned off.

ADD-003

High

Extensive Defender Exclusions (10 Paths + 12 Processes)

Broad Defender exclusions create significant blind spots, particularly in C:\GIT, Temp directory, and npm/node directories.

ADD-004

High

PowerShell Script Block Logging Disabled

No PowerShell execution is recorded in event logs, creating a complete forensic blind spot for the most commonly abused attack tool.

ADD-005

High

RDP and PostgreSQL Exposed on All Interfaces

RDP (3389) and PostgreSQL (5432) listening on 0.0.0.0. Combined with passwordless account, RDP exposure is critically dangerous.

ADD-006

Medium

Minimum Password Length Set to Zero

Local password policy allows zero-length passwords. Accounts can be created or maintained without any password.

ADD-007

Medium

Windows Update Service Stopped

Windows Update service stopped with Manual start type. Security patches may not be automatically applied.

ADD-008

Medium

Credential Guard Not Active Despite VBS Running

VBS is running but Credential Guard is not active. NTLM hashes and Kerberos tickets remain accessible in LSASS memory.

ADD-009

Medium

Suspicious Outbound Connection — [Remote-Access-Tool] to External IP

[Remote-Access-Tool] detected with outbound connection to [EXT-RELAY-IP]:21117 on non-standard port. Relay server also running locally.

ADD-010

Medium

19 Non-Standard Autostart Entries

19 autostart entries across registry Run keys, startup folders, and WMI subscriptions expand the persistence attack surface.

ADD-011

Medium

Unquoted Service Path — ASUS System Control

Unquoted binary path with spaces could allow path-based hijacking. Service is currently disabled.

ADD-012

Low

Cloudflared Running from User Directory

Cloudflare Tunnel agent running from C:\Users\[USER]\ instead of Program Files. User-level compromise could replace the binary.

ADD-013

Low

3 SYSTEM-Privilege Scheduled Tasks

Three scheduled tasks run with SYSTEM-level privileges. All appear legitimate but are high-value persistence mechanisms.

ADD-014

Low

Firewall Default Actions Not Configured

All firewall profiles enabled but defaults set to NotConfigured. Explicit configuration recommended for defense-in-depth.

ADD-015

Positive

LSA Protection (RunAsPPL) Enabled

LSASS runs as Protected Process Light, preventing credential dumping tools like Mimikatz. WDigest plaintext storage disabled.

ADD-016

Positive

Windows Defender Fully Operational

Real-time protection, behavior monitoring, IOAV, NIS, and antispyware all enabled. Signatures current (0 days old).

ADD-017

Positive

No Alternate Data Streams or Hidden Executables

Clean scan result. No file-system-level obfuscation techniques detected.

Positive Security Controls

LSA Protection (RunAsPPL) enabled — blocks credential dumping tools
WDigest plaintext password storage disabled
Windows Defender operational with 0-day-old signatures
Virtualization Based Security (VBS) running
UAC enabled with Secure Desktop prompts
No Alternate Data Streams or hidden executables found
No proxy configuration (reduces C2 relay risk)
No DNS TXT cache anomalies

Technique Coverage Heatmap

T1078

Valid Accounts

T1562.001

Disable Tools

T1059.001

PowerShell

T1046

Network Scan

T1003

Cred Dumping

T1071

App Protocol

T1547

Autostart

T1036

Masquerading

T1053

Sched Tasks

T1027

Obfuscation

Quick Wins

Set a password on the Tom account — eliminates the #1 critical finding
Enable Tamper Protection via Windows Security UI (cannot be done via GPO/registry)
Enable PowerShell Script Block Logging — single registry key
Restrict RDP to specific IPs via Windows Firewall
Remove C:\Users\[USER]\AppData\Local\Temp from Defender exclusions

Combined Risk Matrix

Likelihood vs. Impact assessment across all 37 findings from both assessments.

LIKELIHOOD

5

HST-001

ADD-001

4

HST-002

ADD-004

ADD-005

ADD-002

3

HST-011

HST-003

HST-004

HST-005

ADD-003

ADD-006

HST-006

2

HST-010

HST-015

ADD-009

ADD-010

ADD-012

HST-007

HST-008

ADD-007

ADD-008

1

HST-014

HST-009

HST-013

ADD-014

HST-012

ADD-011

ADD-013

1

2

3

4

5

IMPACT

Critical

High

Medium

Low

Info

Hover any finding ID for full description. HST = Domain • ADD = Endpoint

Combined Remediation Roadmap

Prioritised action items from both assessments, merged into a unified remediation timeline.

Immediate (Today)

Endpoint Set strong password on Tom account ~1 min

Endpoint Enable minimum password length (14 chars) ~1 min

Endpoint Enable Tamper Protection via Windows Security UI ~2 min

Domain Enable 'Always Use HTTPS' in Cloudflare ~1 min

Domain Enable HSTS via Cloudflare SSL/TLS dashboard ~2 min

Short-term (This Week)

Domain Deploy full security headers via Cloudflare Transform Rules ~15 min

Domain Implement Content Security Policy with strict directives ~15 min

Domain Configure DKIM records with Forward Email ~10 min

Domain Add CAA DNS records restricting cert issuance ~5 min

Endpoint Enable PowerShell Script Block + Module Logging ~5 min

Endpoint Restrict RDP/PostgreSQL firewall rules ~15 min

Endpoint Audit and reduce Defender exclusions ~20 min

Endpoint Move cloudflared.exe to Program Files ~10 min

Medium-term (This Month)

Domain Enforce MTA-STS policy with subdomain + policy file ~30 min

Domain Investigate SMTP STARTTLS with Forward Email ~20 min

Domain Create security.txt (RFC 9116) and sitemap.xml ~5 min

Domain Audit 18 subdomains for stale/exposed services ~1 hr

Domain Investigate Cloudflare 525 SSL handshake error ~15 min

Endpoint Enable Credential Guard via VBS ~30 min

Endpoint Review and reduce 19 autostart entries ~20 min

Endpoint Evaluate [Remote-Access-Tool] necessity and restrict relay ~15 min

Endpoint Explicitly configure firewall profile defaults ~5 min

Capabilities Summary

A comprehensive overview of the security assessment platform's scanning, analysis, and reporting capabilities.

Domain Security Scanning

DNS record enumeration (A, AAAA, MX, NS, TXT, CAA, DNSSEC)
TLS/SSL certificate and cipher suite analysis
Email authentication (SPF, DKIM, DMARC, MTA-STS, BIMI)
HTTP security headers (9-header framework)
HSTS preload list verification
IP and domain blacklist/reputation checks (9 lists)
Certificate Transparency log monitoring
OSINT exposure analysis
Automated site crawl with link validation
DANE/TLSA record verification

Endpoint Security Scanning

Registry autostart enumeration (Run keys, startup, WMI)
Local account and password policy audit
Network listener discovery (TCP/UDP full scan)
Windows Defender status and exclusion review
Scheduled task privilege analysis
PowerShell logging configuration check
Unquoted service path detection
Credential protection (LSA, VBS, Credential Guard)
C2 indicator detection (outbound connections, DNS cache)
Alternate Data Streams and hidden executable scanning

Compliance Frameworks

Australian ISM (Information Security Manual) — 40+ controls
ACSC Essential Eight — 8 strategies with maturity levels
PSPF (Protective Security Policy Framework)
IS18 (Queensland Government)
ISO 27001:2022 Annex A controls
SOC 2 Trust Services Criteria
APRA CPS 234 (Information Security)
EU NIS2 Directive
EU DORA (Digital Operational Resilience Act)
Australian Privacy Act / APPs
GDPR (EU General Data Protection Regulation)
CIS Controls v8
PCI DSS v4.0
OWASP Top 10 (2021)
UK Cyber Essentials
MITRE ATT&CK Framework (14 tactics, 200+ techniques)
NIST Cybersecurity Framework 2.0

Output & Architecture

Self-contained HTML reports (zero dependencies)
Structured JSON analysis data
PostgreSQL backend for historical tracking
Grade system: A/B/C/D/F with percentage scores
NIST CSF radar visualisation
MITRE ATT&CK tactic radar
Risk matrix (Likelihood x Impact)
Prioritised remediation roadmaps
ISM control pass/fail tracking
Fully offline-capable — no external API calls at report time