diff --git a/Packer/scripts/debloat-windows.ps1 b/Packer/scripts/debloat-windows.ps1 index 530ee25..686943c 100755 --- a/Packer/scripts/debloat-windows.ps1 +++ b/Packer/scripts/debloat-windows.ps1 @@ -2,6 +2,8 @@ if ($env:PACKER_BUILDER_TYPE -And $($env:PACKER_BUILDER_TYPE).startsWith("hyperv Write-Host Skip debloat steps in Hyper-V build. } else { Write-Host Downloading debloat zip + # GitHub requires TLS 1.2 as of 2/1/2018 + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $url="https://github.com/StefanScherer/Debloat-Windows-10/archive/master.zip" (New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\debloat.zip") Expand-Archive -Path $env:TEMP\debloat.zip -DestinationPath $env:TEMP -Force diff --git a/Vagrant/scripts/download_palantir_osquery.ps1 b/Vagrant/scripts/download_palantir_osquery.ps1 index 4daaac3..1d03e1f 100644 --- a/Vagrant/scripts/download_palantir_osquery.ps1 +++ b/Vagrant/scripts/download_palantir_osquery.ps1 @@ -3,5 +3,7 @@ Write-Host "Downloading and unzipping the Palantir osquery Repo from Github..." $osqueryRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\osquery-Master.zip' +# GitHub requires TLS 1.2 as of 2/1/2018 +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Invoke-WebRequest -Uri "https://github.com/palantir/osquery-configuration/archive/master.zip" -OutFile $osqueryRepoPath Expand-Archive -path "$osqueryRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force diff --git a/Vagrant/scripts/download_palantir_wef.ps1 b/Vagrant/scripts/download_palantir_wef.ps1 index 263fe4c..2fa766e 100644 --- a/Vagrant/scripts/download_palantir_wef.ps1 +++ b/Vagrant/scripts/download_palantir_wef.ps1 @@ -1,7 +1,13 @@ # Purpose: Downloads and unzips a copy of the Palantir WEF Github Repo. This includes WEF subscriptions and custom WEF channels. + +# GitHub requires TLS 1.2 +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Write-Host "Downloading and unzipping the Palantir Windows Event Forwarding Repo from Github..." $wefRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\wef-Master.zip' +# GitHub requires TLS 1.2 as of 2/1/2018 +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Invoke-WebRequest -Uri "https://github.com/palantir/windows-event-forwarding/archive/master.zip" -OutFile $wefRepoPath Expand-Archive -path "$wefRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force diff --git a/Vagrant/scripts/install-caldera-agent.ps1 b/Vagrant/scripts/install-caldera-agent.ps1 index 9ab10f2..f59133b 100644 --- a/Vagrant/scripts/install-caldera-agent.ps1 +++ b/Vagrant/scripts/install-caldera-agent.ps1 @@ -14,6 +14,8 @@ If (-not (Test-Path "C:\Program Files\cagent\cagent.exe")) { Write-Host "Downloading Caldera Agent (cagent.exe)" $cagentPath = "C:\Program Files\cagent\cagent.exe" $cagentConfPath = "C:\Program Files\cagent\conf.yml" + # GitHub requires TLS 1.2 as of 2/1/2018 + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 (New-Object System.Net.WebClient).DownloadFile('https://github.com/mitre/caldera-agent/releases/download/v0.1.0/cagent.exe', $cagentPath) # Ignore SSL warning for conf file download # https://stackoverflow.com/questions/34331206/ignore-ssl-warning-with-powershell-downloadstring diff --git a/Vagrant/scripts/install-utilities.ps1 b/Vagrant/scripts/install-utilities.ps1 index 6272a19..e5d8414 100755 --- a/Vagrant/scripts/install-utilities.ps1 +++ b/Vagrant/scripts/install-utilities.ps1 @@ -27,6 +27,8 @@ If ($env:computername -eq "WIN10") { # Purpose: Downloads and unzips a copy of the latest Mimikatz trunk Write-Host "Determining latest release of Mimikatz..." +# GitHub requires TLS 1.2 as of 2/27 +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $tag = (Invoke-WebRequest "https://api.github.com/repos/gentilkiwi/mimikatz/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name $mimikatzDownloadUrl = "https://github.com/gentilkiwi/mimikatz/releases/download/$tag/mimikatz_trunk.zip" $mimikatzRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\mimikatz_trunk.zip' diff --git a/ci/automated_install.sh b/ci/automated_install.sh index ba7ab4a..3a3f447 100644 --- a/ci/automated_install.sh +++ b/ci/automated_install.sh @@ -11,7 +11,7 @@ echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add - apt-get update -apt-get install -y virtualbox-5.2 build-essential unzip git ufw apache2 +apt-get install -y linux-headers-"$(uname -r)" virtualbox-5.2 build-essential unzip git ufw apache2 echo "building" > /var/www/html/index.html @@ -23,14 +23,14 @@ ufw --force enable # Install Vagrant mkdir /opt/vagrant -cd /opt/vagrant +cd /opt/vagrant || exit 1 wget https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_x86_64.deb dpkg -i vagrant_2.0.1_x86_64.deb vagrant plugin install vagrant-reload # Install Packer mkdir /opt/packer -cd /opt/packer +cd /opt/packer || exit 1 wget https://releases.hashicorp.com/packer/1.1.3/packer_1.1.3_linux_amd64.zip unzip packer_1.1.3_linux_amd64.zip cp packer /usr/local/bin/packer @@ -41,12 +41,12 @@ for file in $(ls *.json); do done # Make the Vagrant instances headless -cd /opt/DetectionLab/Vagrant +cd /opt/DetectionLab/Vagrant || exit 1 sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile # Ensure the script is executable chmod +x /opt/DetectionLab/build.sh -cd /opt/DetectionLab +cd /opt/DetectionLab || exit 1 # Start the build in a tmux session sn=tmuxsession diff --git a/ci/automated_install_vagrant_only.sh b/ci/automated_install_vagrant_only.sh index db7eff3..8569b79 100644 --- a/ci/automated_install_vagrant_only.sh +++ b/ci/automated_install_vagrant_only.sh @@ -11,7 +11,7 @@ echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add - apt-get update -apt-get install -y virtualbox-5.2 build-essential unzip git ufw apache2 +apt-get install -y linux-headers-"$(uname -r)" virtualbox-5.2 build-essential unzip git ufw apache2 echo "building" > /var/www/html/index.html @@ -23,18 +23,18 @@ ufw --force enable # Install Vagrant mkdir /opt/vagrant -cd /opt/vagrant +cd /opt/vagrant || exit 1 wget https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_x86_64.deb dpkg -i vagrant_2.0.1_x86_64.deb vagrant plugin install vagrant-reload # Make the Vagrant instances headless -cd /opt/DetectionLab/Vagrant +cd /opt/DetectionLab/Vagrant || exit 1 sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile # Ensure the script is executable chmod +x /opt/DetectionLab/build_vagrant_only.sh -cd /opt/DetectionLab +cd /opt/DetectionLab || exit 1 # Start the build in a tmux session sn=tmuxsession