| # ============================================================ | |
| # REMOVE SUSPICIOUS/HACK-PRONE DEVICES | |
| # ลบอุปกรณ์ที่เสี่ยงถูก hack | |
| # ============================================================ | |
| $isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) | |
| if (-not $isAdmin) { | |
| Write-Host "[ERROR] Run as Administrator!" -ForegroundColor Red | |
| exit 1 | |
| } | |
| Write-Host "`n========================================" -ForegroundColor Red | |
| Write-Host " REMOVING SUSPICIOUS DEVICES" -ForegroundColor Red | |
| Write-Host "========================================`n" -ForegroundColor Red | |
| # ============================================================ | |
| # 1. DISABLE USB Wi-Fi ADAPTER (network attack vector) | |
| # ============================================================ | |
| Write-Host "[1] Disabling USB Wi-Fi Adapter..." -ForegroundColor Yellow | |
| $usbWifi = Get-NetAdapter | Where-Object { $_.InterfaceDescription -match "RTL8188ETV" -or $_.InterfaceDescription -match "USB.*Wireless" -or $_.InterfaceDescription -match "USB.*Wi-Fi" } | |
| foreach ($adapter in $usbWifi) { | |
| Disable-NetAdapter -Name $adapter.Name -Confirm:$false | |
| Write-Host " [OK] Disabled USB Wi-Fi: $($adapter.Name)" -ForegroundColor Green | |
| } | |
| # Also disable via PnP | |
| $usbWifiPnP = Get-PnpDevice | Where-Object { $_.InstanceId -match "VID_0BDA&PID_0179" -and $_.Status -eq "OK" } | |
| foreach ($dev in $usbWifiPnP) { | |
| Disable-PnpDevice -InstanceId $dev.InstanceId -Confirm:$false -ErrorAction SilentlyContinue | |
| Write-Host " [OK] Disabled PnP device: $($dev.FriendlyName)" -ForegroundColor Green | |
| } | |
| # ============================================================ | |
| # 2. DISABLE USB EXTERNAL STORAGE (malware vector) | |
| # ============================================================ | |
| Write-Host "`n[2] Disabling USB External Storage..." -ForegroundColor Yellow | |
| $usbStorage = Get-PnpDevice | Where-Object { $_.FriendlyName -match "USB.*Mass Storage" -or $_.FriendlyName -match "USB.*Storage" -or $_.Class -eq "USBSTOR" } | |
| foreach ($dev in $usbStorage) { | |
| Disable-PnpDevice -InstanceId $dev.InstanceId -Confirm:$false -ErrorAction SilentlyContinue | |
| Write-Host " [OK] Disabled USB storage: $($dev.FriendlyName)" -ForegroundColor Green | |
| } | |
| # Block USBSTOR driver | |
| $usbPath = "HKLM:\SYSTEM\CurrentControlSet\Services\USBSTOR" | |
| if (Test-Path $usbPath) { | |
| Set-ItemProperty -Path $usbPath -Name "Start" -Value 4 -Force | |
| Write-Host " [OK] USBSTOR driver blocked in registry" -ForegroundColor Green | |
| } | |
| # ============================================================ | |
| # 3. DISABLE Wi-Fi Direct (unauthorized P2P connections) | |
| # ============================================================ | |
| Write-Host "`n[3] Disabling Wi-Fi Direct adapters..." -ForegroundColor Yellow | |
| $wifiDirect = Get-NetAdapter | Where-Object { $_.InterfaceDescription -match "Wi-Fi Direct" } | |
| foreach ($adapter in $wifiDirect) { | |
| Disable-NetAdapter -Name $adapter.Name -Confirm:$false | |
| Write-Host " [OK] Disabled Wi-Fi Direct: $($adapter.Name)" -ForegroundColor Green | |
| } | |
| # ============================================================ | |
| # 4. DISABLE Hyper-V Virtual Switch (network isolation bypass) | |
| # ============================================================ | |
| Write-Host "`n[4] Disabling Hyper-V Virtual Switch..." -ForegroundColor Yellow | |
| $hyperV = Get-NetAdapter | Where-Object { $_.InterfaceDescription -match "Hyper-V" } | |
| foreach ($adapter in $hyperV) { | |
| Disable-NetAdapter -Name $adapter.Name -Confirm:$false | |
| Write-Host " [OK] Disabled Hyper-V adapter: $($adapter.Name)" -ForegroundColor Green | |
| } | |
| # ============================================================ | |
| # 5. DISABLE Remote Desktop Device Redirector Bus | |
| # ============================================================ | |
| Write-Host "`n[5] Disabling Remote Desktop Redirector..." -ForegroundColor Yellow | |
| $rdpBus = Get-PnpDevice | Where-Object { $_.FriendlyName -match "Remote Desktop.*Redirector" } | |
| foreach ($dev in $rdpBus) { | |
| Disable-PnpDevice -InstanceId $dev.InstanceId -Confirm:$false -ErrorAction SilentlyContinue | |
| Write-Host " [OK] Disabled: $($dev.FriendlyName)" -ForegroundColor Green | |
| } | |
| # Disable RDP service | |
| $rdpSvc = Get-Service -Name "TermService" -ErrorAction SilentlyContinue | |
| if ($rdpSvc) { | |
| Stop-Service -Name "TermService" -Force -ErrorAction SilentlyContinue | |
| Set-Service -Name "TermService" -StartupType Disabled -ErrorAction SilentlyContinue | |
| Write-Host " [OK] Remote Desktop service disabled" -ForegroundColor Green | |
| } | |
| $rdpReg = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" | |
| if (Test-Path $rdpReg) { | |
| Set-ItemProperty -Path $rdpReg -Name "fDenyTSConnections" -Value 1 -Force | |
| Write-Host " [OK] RDP disabled in registry" -ForegroundColor Green | |
| } | |
| # ============================================================ | |
| # 6. DISABLE Bluetooth (proximity attack vector) | |
| # ============================================================ | |
| Write-Host "`n[6] Disabling Bluetooth..." -ForegroundColor Yellow | |
| $btSvc = Get-Service -Name "bthserv" -ErrorAction SilentlyContinue | |
| if ($btSvc) { | |
| Stop-Service -Name "bthserv" -Force -ErrorAction SilentlyContinue | |
| Set-Service -Name "bthserv" -StartupType Disabled -ErrorAction SilentlyContinue | |
| Write-Host " [OK] Bluetooth service disabled" -ForegroundColor Green | |
| } | |
| $btReg = "HKLM:\SYSTEM\CurrentControlSet\Services\BTHUSB" | |
| if (Test-Path $btReg) { | |
| Set-ItemProperty -Path $btReg -Name "Start" -Value 4 -Force | |
| Write-Host " [OK] Bluetooth driver blocked" -ForegroundColor Green | |
| } | |
| # ============================================================ | |
| # 7. DISABLE Intel Management Engine (remote management backdoor) | |
| # ============================================================ | |
| Write-Host "`n[7] Disabling Intel Management Engine..." -ForegroundColor Yellow | |
| $ime = Get-PnpDevice | Where-Object { $_.FriendlyName -match "Management Engine" -and $_.Status -eq "OK" } | |
| foreach ($dev in $ime) { | |
| Disable-PnpDevice -InstanceId $dev.InstanceId -Confirm:$false -ErrorAction SilentlyContinue | |
| Write-Host " [OK] Disabled: $($dev.FriendlyName)" -ForegroundColor Green | |
| } | |
| $imeSvc = Get-Service -Name "LMS" -ErrorAction SilentlyContinue | |
| if ($imeSvc) { | |
| Stop-Service -Name "LMS" -Force -ErrorAction SilentlyContinue | |
| Set-Service -Name "LMS" -StartupType Disabled -ErrorAction SilentlyContinue | |
| Write-Host " [OK] LMS service disabled" -ForegroundColor Green | |
| } | |
| $imeSvc2 = Get-Service -Name "jhi_service" -ErrorAction SilentlyContinue | |
| if ($imeSvc2) { | |
| Stop-Service -Name "jhi_service" -Force -ErrorAction SilentlyContinue | |
| Set-Service -Name "jhi_service" -StartupType Disabled -ErrorAction SilentlyContinue | |
| Write-Host " [OK] jhi_service disabled" -ForegroundColor Green | |
| } | |
| # ============================================================ | |
| # 8. DISABLE Kernel Debug Network Adapter (debug backdoor) | |
| # ============================================================ | |
| Write-Host "`n[8] Disabling Kernel Debug Network Adapter..." -ForegroundColor Yellow | |
| $kdnic = Get-NetAdapter | Where-Object { $_.InterfaceDescription -match "Kernel Debug" } | |
| foreach ($adapter in $kdnic) { | |
| Disable-NetAdapter -Name $adapter.Name -Confirm:$false | |
| Write-Host " [OK] Disabled: $($adapter.Name)" -ForegroundColor Green | |
| } | |
| # ============================================================ | |
| # 9. BLOCK ALL EXTERNAL SERVERS VIA FIREWALL | |
| # ============================================================ | |
| Write-Host "`n[9] Blocking all external server connections..." -ForegroundColor Yellow | |
| Set-NetFirewallProfile -Profile Domain,Public,Private ` | |
| -Enabled True ` | |
| -DefaultInboundAction Block ` | |
| -DefaultOutboundAction Block ` | |
| -AllowUnicastResponseToMulticast False ` | |
| -AllowInboundRules False ` | |
| -AllowOutboundRules False | |
| Write-Host " [OK] ALL inbound = BLOCK" -ForegroundColor Green | |
| Write-Host " [OK] ALL outbound = BLOCK" -ForegroundColor Green | |
| # Allow only localhost | |
| New-NetFirewallRule -DisplayName "Allow-Localhost" ` | |
| -Direction Both -RemoteAddress 127.0.0.1 -LocalAddress 127.0.0.1 ` | |
| -Action Allow -Profile Any -ErrorAction SilentlyContinue | Out-Null | |
| New-NetFirewallRule -DisplayName "Allow-Localhost-v6" ` | |
| -Direction Both -RemoteAddress "::1" -LocalAddress "::1" ` | |
| -Action Allow -Profile Any -ErrorAction SilentlyContinue | Out-Null | |
| # Allow only LAN | |
| $lanSubnets = @("192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12") | |
| foreach ($subnet in $lanSubnets) { | |
| New-NetFirewallRule -DisplayName "Allow-LAN-$subnet" ` | |
| -Direction Both -RemoteAddress $subnet ` | |
| -Action Allow -Profile Any -ErrorAction SilentlyContinue | Out-Null | |
| } | |
| Write-Host " [OK] Only localhost + LAN allowed" -ForegroundColor Green | |
| # ============================================================ | |
| # 10. DISABLE DANGEROUS SERVICES | |
| # ============================================================ | |
| Write-Host "`n[10] Disabling dangerous services..." -ForegroundColor Yellow | |
| $dangerousSvcs = @( | |
| "RemoteRegistry", | |
| "SSDPSRV", | |
| "upnphost", | |
| "lmhosts", | |
| "Fax", | |
| "WMPNetworkSvc", | |
| "RemoteAccess", | |
| "Routing", | |
| "SharedAccess", | |
| "icssvc", | |
| "WlanSvc" | |
| ) | |
| foreach ($s in $dangerousSvcs) { | |
| $svc = Get-Service -Name $s -ErrorAction SilentlyContinue | |
| if ($svc) { | |
| Stop-Service -Name $s -Force -ErrorAction SilentlyContinue | |
| Set-Service -Name $s -StartupType Disabled -ErrorAction SilentlyContinue | |
| Write-Host " [OK] Disabled service: $s" -ForegroundColor Green | |
| } | |
| } | |
| # ============================================================ | |
| # DONE | |
| # ============================================================ | |
| Write-Host "`n========================================" -ForegroundColor Red | |
| Write-Host " ALL SUSPICIOUS DEVICES REMOVED!" -ForegroundColor Red | |
| Write-Host "========================================`n" -ForegroundColor Red | |
| Write-Host "Summary:" -ForegroundColor White | |
| Write-Host " [OK] USB Wi-Fi Adapter = DISABLED" -ForegroundColor Red | |
| Write-Host " [OK] USB External Storage = DISABLED + BLOCKED" -ForegroundColor Red | |
| Write-Host " [OK] Wi-Fi Direct = DISABLED" -ForegroundColor Red | |
| Write-Host " [OK] Hyper-V Virtual Switch= DISABLED" -ForegroundColor Red | |
| Write-Host " [OK] Remote Desktop = DISABLED" -ForegroundColor Red | |
| Write-Host " [OK] Bluetooth = DISABLED" -ForegroundColor Red | |
| Write-Host " [OK] Intel ME (backdoor) = DISABLED" -ForegroundColor Red | |
| Write-Host " [OK] Kernel Debug Adapter = DISABLED" -ForegroundColor Red | |
| Write-Host " [OK] External servers = BLOCKED" -ForegroundColor Red | |
| Write-Host " [OK] Dangerous services = DISABLED" -ForegroundColor Red | |
| Write-Host "" | |
| Write-Host "YOUR COMPUTER IS NOW ISOLATED AND SECURE." -ForegroundColor Green | |
| Write-Host "Only LAN + localhost connections allowed." -ForegroundColor Yellow | |
| Write-Host "" | |
| $resp = Read-Host "Restart now? (Y/N)" | |
| if ($resp -eq "Y" -or $resp -eq "y") { | |
| Write-Host "Restarting in 5 seconds..." -ForegroundColor Yellow | |
| Start-Sleep -Seconds 5 | |
| Restart-Computer | |
| } else { | |
| Write-Host "Please restart manually." -ForegroundColor Cyan | |
| } | |
Xet Storage Details
- Size:
- 11.2 kB
- Xet hash:
- fcde91cb261c20bf604fb93a1c9528211fe424c296e02f922e357d8d5152efea
·
Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.