Updating Powershell web calls to use TLS1.2

Packer/scripts/debloat-windows.ps1

@@ -2,6 +2,8 @@ if ($env:PACKER_BUILDER_TYPE -And $($env:PACKER_BUILDER_TYPE).startsWith("hyperv
   Write-Host Skip debloat steps in Hyper-V build.
 } else {
   Write-Host Downloading debloat zip
+  # GitHub requires TLS 1.2 as of 2/1/2018
+  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
   $url="https://github.com/StefanScherer/Debloat-Windows-10/archive/master.zip"
   (New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\debloat.zip")
   Expand-Archive -Path $env:TEMP\debloat.zip -DestinationPath $env:TEMP -Force

Vagrant/scripts/download_palantir_osquery.ps1

@@ -3,5 +3,7 @@ Write-Host "Downloading and unzipping the Palantir osquery Repo from Github..."
 
 $osqueryRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\osquery-Master.zip'
 
+# GitHub requires TLS 1.2 as of 2/1/2018
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 Invoke-WebRequest -Uri "https://github.com/palantir/osquery-configuration/archive/master.zip" -OutFile $osqueryRepoPath
 Expand-Archive -path "$osqueryRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force

Vagrant/scripts/download_palantir_wef.ps1

@@ -1,7 +1,13 @@
 # Purpose: Downloads and unzips a copy of the Palantir WEF Github Repo. This includes WEF subscriptions and custom WEF channels.
+
+# GitHub requires TLS 1.2
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
 Write-Host "Downloading and unzipping the Palantir Windows Event Forwarding Repo from Github..."
 
 $wefRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\wef-Master.zip'
 
+# GitHub requires TLS 1.2 as of 2/1/2018
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 Invoke-WebRequest -Uri "https://github.com/palantir/windows-event-forwarding/archive/master.zip" -OutFile $wefRepoPath
 Expand-Archive -path "$wefRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force

Vagrant/scripts/install-caldera-agent.ps1

@@ -14,6 +14,8 @@ If (-not (Test-Path "C:\Program Files\cagent\cagent.exe")) {
   Write-Host "Downloading Caldera Agent (cagent.exe)"
   $cagentPath = "C:\Program Files\cagent\cagent.exe"
   $cagentConfPath = "C:\Program Files\cagent\conf.yml"
+  # GitHub requires TLS 1.2 as of 2/1/2018
+  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
   (New-Object System.Net.WebClient).DownloadFile('https://github.com/mitre/caldera-agent/releases/download/v0.1.0/cagent.exe', $cagentPath)
   # Ignore SSL warning for conf file download
   # https://stackoverflow.com/questions/34331206/ignore-ssl-warning-with-powershell-downloadstring

Vagrant/scripts/install-utilities.ps1

@@ -27,6 +27,8 @@ If ($env:computername -eq "WIN10") {
 
 # Purpose: Downloads and unzips a copy of the latest Mimikatz trunk
 Write-Host "Determining latest release of Mimikatz..."
+# GitHub requires TLS 1.2 as of 2/27
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 $tag = (Invoke-WebRequest "https://api.github.com/repos/gentilkiwi/mimikatz/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
 $mimikatzDownloadUrl = "https://github.com/gentilkiwi/mimikatz/releases/download/$tag/mimikatz_trunk.zip"
 $mimikatzRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\mimikatz_trunk.zip'

ci/automated_install.sh

@@ -11,7 +11,7 @@
 echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list
 wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
 apt-get update
-apt-get install -y virtualbox-5.2 build-essential unzip git ufw apache2
+apt-get install -y linux-headers-"$(uname -r)" virtualbox-5.2 build-essential unzip git ufw apache2
 
 echo "building" > /var/www/html/index.html
 
@@ -23,14 +23,14 @@ ufw --force enable
 
 # Install Vagrant
 mkdir /opt/vagrant
-cd /opt/vagrant
+cd /opt/vagrant || exit 1
 wget https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_x86_64.deb
 dpkg -i vagrant_2.0.1_x86_64.deb
 vagrant plugin install vagrant-reload
 
 # Install Packer
 mkdir /opt/packer
-cd /opt/packer
+cd /opt/packer || exit 1
 wget https://releases.hashicorp.com/packer/1.1.3/packer_1.1.3_linux_amd64.zip
 unzip packer_1.1.3_linux_amd64.zip
 cp packer /usr/local/bin/packer
@@ -41,12 +41,12 @@ for file in $(ls *.json); do
 done
 
 # Make the Vagrant instances headless
-cd /opt/DetectionLab/Vagrant
+cd /opt/DetectionLab/Vagrant || exit 1
 sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile
 
 # Ensure the script is executable
 chmod +x /opt/DetectionLab/build.sh
-cd /opt/DetectionLab
+cd /opt/DetectionLab || exit 1
 
 # Start the build in a tmux session
 sn=tmuxsession

ci/automated_install_vagrant_only.sh

@@ -11,7 +11,7 @@
 echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list
 wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
 apt-get update
-apt-get install -y virtualbox-5.2 build-essential unzip git ufw apache2
+apt-get install -y linux-headers-"$(uname -r)" virtualbox-5.2 build-essential unzip git ufw apache2
 
 echo "building" > /var/www/html/index.html
 
@@ -23,18 +23,18 @@ ufw --force enable
 
 # Install Vagrant
 mkdir /opt/vagrant
-cd /opt/vagrant
+cd /opt/vagrant || exit 1
 wget https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_x86_64.deb
 dpkg -i vagrant_2.0.1_x86_64.deb
 vagrant plugin install vagrant-reload
 
 # Make the Vagrant instances headless
-cd /opt/DetectionLab/Vagrant
+cd /opt/DetectionLab/Vagrant || exit 1
 sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile
 
 # Ensure the script is executable
 chmod +x /opt/DetectionLab/build_vagrant_only.sh
-cd /opt/DetectionLab
+cd /opt/DetectionLab || exit 1
 
 # Start the build in a tmux session
 sn=tmuxsession