trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updating Powershell web calls to use TLS1.2

Browse Source
This commit is contained in:
Chris Long
2018-02-28 23:04:16 -08:00
parent fbb5a0dece
commit 3d1ba91ad9
7 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Vagrant/scripts/download_palantir_osquery.ps1
View File

@@ -3,5 +3,7 @@ Write-Host "Downloading and unzipping the Palantir osquery Repo from Github..."
$osqueryRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\osquery-Master.zip'
# GitHub requires TLS 1.2 as of 2/1/2018
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri "https://github.com/palantir/osquery-configuration/archive/master.zip" -OutFile $osqueryRepoPath
Expand-Archive -path "$osqueryRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force

6
Vagrant/scripts/download_palantir_wef.ps1
View File

@@ -1,7 +1,13 @@
# Purpose: Downloads and unzips a copy of the Palantir WEF Github Repo. This includes WEF subscriptions and custom WEF channels.
# GitHub requires TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Write-Host "Downloading and unzipping the Palantir Windows Event Forwarding Repo from Github..."
$wefRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\wef-Master.zip'
# GitHub requires TLS 1.2 as of 2/1/2018
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri "https://github.com/palantir/windows-event-forwarding/archive/master.zip" -OutFile $wefRepoPath
Expand-Archive -path "$wefRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force

2
Vagrant/scripts/install-caldera-agent.ps1
View File

@@ -14,6 +14,8 @@ If (-not (Test-Path "C:\Program Files\cagent\cagent.exe")) {
Write-Host "Downloading Caldera Agent (cagent.exe)"
$cagentPath = "C:\Program Files\cagent\cagent.exe"
$cagentConfPath = "C:\Program Files\cagent\conf.yml"
# GitHub requires TLS 1.2 as of 2/1/2018
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile('https://github.com/mitre/caldera-agent/releases/download/v0.1.0/cagent.exe', $cagentPath)
# Ignore SSL warning for conf file download
# https://stackoverflow.com/questions/34331206/ignore-ssl-warning-with-powershell-downloadstring

2
Vagrant/scripts/install-utilities.ps1
View File

@@ -27,6 +27,8 @@ If ($env:computername -eq "WIN10") {
# Purpose: Downloads and unzips a copy of the latest Mimikatz trunk
Write-Host "Determining latest release of Mimikatz..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$tag = (Invoke-WebRequest "https://api.github.com/repos/gentilkiwi/mimikatz/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
$mimikatzDownloadUrl = "https://github.com/gentilkiwi/mimikatz/releases/download/$tag/mimikatz_trunk.zip"
$mimikatzRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\mimikatz_trunk.zip'