Skip to content

Content(add): Zoom hardening guide for opsec/endpoint#375

Open
artemisclaw82 wants to merge 9 commits intosecurity-alliance:developfrom
artemisclaw82:content/zoom-hardening
Open

Content(add): Zoom hardening guide for opsec/endpoint#375
artemisclaw82 wants to merge 9 commits intosecurity-alliance:developfrom
artemisclaw82:content/zoom-hardening

Conversation

@artemisclaw82
Copy link

@artemisclaw82 artemisclaw82 commented Feb 15, 2026
edited
Loading

Summary

Adds a new Zoom hardening guide at docs/pages/opsec/endpoint/zoom-hardening.mdx and updates sidebar navigation.

Closes #135

What's included

  • Why Zoom is a target — ELUSIVE COMET attack pattern overview with link to the existing incident response playbook
  • Immediate hardening steps — Actionable checklist: disable remote control, restrict screen sharing, enable waiting rooms/passcodes, prefer browser-based Zoom
  • macOS-specific mitigations — tccutil commands, PPPC profiles for MDM/Jamf, uninstallation guidance. References Trail of Bits mitigation scripts
  • Organizational policies — Alternative platforms, browser-based Zoom enforcement, social engineering awareness training
  • Detection signals — Table of red flags during Zoom calls
  • Quick reference table — All settings with locations and recommended values

Files changed

  • docs/pages/opsec/endpoint/zoom-hardening.mdx — New page
  • vocs.config.ts — Added Zoom Hardening to Endpoint Security sidebar section (dev: true)

Template compliance

  • YAML frontmatter (title, description 140-160 chars, tags, contributors)
  • Key Takeaway (≤40 words)
  • Import paths correct
  • TagProvider/ContributeFooter structure
  • Sidebar entry with dev: true
  • Signed commit (GPG)

@vercel
Copy link

vercel bot commented Feb 15, 2026

@artemisclaw82 is attempting to deploy a commit to the Security Alliance Team on Vercel.

A member of the Team first needs to authorize it.

@artemisclaw82 artemisclaw82 marked this pull request as draft February 15, 2026 11:40
@artemisclaw82
Copy link
Author

artemisclaw82 commented Feb 15, 2026

Disclosure: This content was written by Artemis, an AI assistant operated by @DicksonWu654. It has not yet been reviewed by a human. Dickson will review and revise before marking as ready for review.

Keeping as draft until that review is complete.

@scode2277 scode2277 added the content:add This issue or PR adds content or suggests to label Feb 16, 2026
DicksonWu654
DicksonWu654 suggested changes Feb 24, 2026
View reviewed changes
artemisclaw82 added a commit to artemisclaw82/frameworks that referenced this pull request Feb 24, 2026
@artemisclaw82
refactor: move Zoom hardening to guides, fix web portal settings paths
740a865 
- Move zoom-hardening.mdx from opsec/endpoint/ to guides/endpoint_security/
- Update all settings paths to use Zoom web portal (zoom.us/profile/setting):
  - Remote control: Settings > Meeting > In Meeting (Basic) > Remote control
  - Screen sharing: Settings > Meeting > In Meeting (Basic) > Screen sharing
  - Waiting room: Settings > Meeting > Security > Waiting Room
  - Passcode: Settings > Meeting > Security > Require a passcode
  - Recording: Settings > Meeting > Recording > Automatic recording
  - Join before host: Settings > Meeting > Security
- Update vocs.config.ts sidebar (guides section)
- Revert opsec/endpoint to single Overview link

Addresses review feedback on PR security-alliance#375.
@github-actions
Copy link

github-actions bot commented Feb 24, 2026

Sidebar Configuration Reminder

Documentation files update:

New in this push:

  • docs/pages/guides/endpoint\_security/index.mdx (added) ← NEW
  • docs/pages/guides/endpoint\_security/zoom-hardening.mdx (added) ← NEW

Please ensure that:

  • The sidebar in vocs.config.tsx has been updated to include these files
  • New content has the dev: true parameter so it's marked as under development
  • Sidebar links match the file paths - use the preview deployment to verify

See Contributing Guide – Sidebar & Navigation for more details.

This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message.

@artemisclaw82 artemisclaw82 mentioned this pull request Feb 24, 2026
Closed
artemisclaw82 added a commit to artemisclaw82/frameworks that referenced this pull request Feb 24, 2026
@artemisclaw82
content(zoom-hardening): split hardening checklist into Required and …
78a4dff 
…Optional sections

Required: Trail of Bits ELUSIVE COMET mitigations (disable remote control,
host-only screen sharing, deny accessibility permissions, browser-based Zoom,
SSO/OAuth, PPPC profiles/tccutil, remove desktop client).

Optional: general best practices (waiting rooms, passcodes, auto-recording).

Quick Reference table also split into Required/Optional subsections.

Addresses review feedback on PR security-alliance#375.
DicksonWu654
DicksonWu654 reviewed Feb 24, 2026
View reviewed changes
artemisclaw82 and others added 4 commits February 24, 2026 05:23
@artemisclaw82 @claude
content(add): Zoom hardening guide for opsec/endpoint (closes securit…
fa5e19b 
…y-alliance#135)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@artemisclaw82
refactor: move Zoom hardening to guides, fix web portal settings paths
40a079e 
- Move zoom-hardening.mdx from opsec/endpoint/ to guides/endpoint_security/
- Update all settings paths to use Zoom web portal (zoom.us/profile/setting):
  - Remote control: Settings > Meeting > In Meeting (Basic) > Remote control
  - Screen sharing: Settings > Meeting > In Meeting (Basic) > Screen sharing
  - Waiting room: Settings > Meeting > Security > Waiting Room
  - Passcode: Settings > Meeting > Security > Require a passcode
  - Recording: Settings > Meeting > Recording > Automatic recording
  - Join before host: Settings > Meeting > Security
- Update vocs.config.ts sidebar (guides section)
- Revert opsec/endpoint to single Overview link

Addresses review feedback on PR security-alliance#375.
@artemisclaw82
content(zoom-hardening): split hardening checklist into Required and …
57dffe4 
…Optional sections

Required: Trail of Bits ELUSIVE COMET mitigations (disable remote control,
host-only screen sharing, deny accessibility permissions, browser-based Zoom,
SSO/OAuth, PPPC profiles/tccutil, remove desktop client).

Optional: general best practices (waiting rooms, passcodes, auto-recording).

Quick Reference table also split into Required/Optional subsections.

Addresses review feedback on PR security-alliance#375.
@artemisclaw82
docs(zoom-hardening): remove join-before-host + tighten language
2a7eeb2
@scode2277
Copy link
Collaborator

scode2277 commented Feb 24, 2026

Hey @DicksonWu654, please do not use underscores to name files or folders, as they would cause troubles with many configs we have. Let's make our standard using dashes 🙏🏻

@github-actions
Copy link

github-actions bot commented Feb 24, 2026

Sidebar Configuration Reminder

Documentation files update:

New in this push:

  • docs/pages/config/index.mdx (added) ← NEW
  • docs/pages/guides/endpoint-security/index.mdx (added) ← NEW
  • docs/pages/guides/endpoint-security/zoom-hardening.mdx (added) ← NEW

Please ensure that:

  • The sidebar in vocs.config.tsx has been updated to include these files
  • New content has the dev: true parameter so it's marked as under development
  • Sidebar links match the file paths - use the preview deployment to verify

See Contributing Guide – Sidebar & Navigation for more details.

This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message.

DicksonWu654
DicksonWu654 suggested changes Mar 1, 2026
View reviewed changes
artemisclaw82
artemisclaw82 commented Mar 1, 2026
View reviewed changes
Copy link
Author

@artemisclaw82 artemisclaw82 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleted the Quick reference section (redundant tables that repeated settings already listed in the main content above). Further reading links preserved.

artemisclaw82
artemisclaw82 commented Mar 1, 2026
View reviewed changes
Copy link
Author

@artemisclaw82 artemisclaw82 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

DicksonWu654
DicksonWu654 approved these changes Mar 1, 2026
View reviewed changes
Copy link
Collaborator

@DicksonWu654 DicksonWu654 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! Please undraft it now!

@artemisclaw82 artemisclaw82 marked this pull request as ready for review March 1, 2026 23:59
scode2277
scode2277 reviewed Mar 2, 2026
View reviewed changes
@scode2277
Copy link
Collaborator

scode2277 commented Mar 2, 2026

Hey @DicksonWu654, left a little indication for the index file of the guides.
Also, in order to be able to merge this, if conversations are resolved, then mark them as is, as we can't merge if they are still open🙏🏻

@artemisclaw82
fix: revert auto-generated guides/index.mdx to develop state
a01069f 
Reverts manual modification to auto-generated file per reviewer feedback.
The endpoint-security entry will be added by the index generator.
@artemisclaw82
fix: use account-management (dashes) in guides/index.mdx to match ups…
88ce357 
…tream

The auto-generated index.mdx was regressing account-management back to
account_management (underscores). Upstream already standardized on dashes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scode2277 scode2277 scode2277 left review comments

+1 more reviewer

@DicksonWu654 DicksonWu654 DicksonWu654 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

content:add This issue or PR adds content or suggests to

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Content(add): new Zoom-related hardening or advice section

3 participants

@artemisclaw82 @scode2277 @DicksonWu654