Azure development

Azure/Ansible/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+inventory = inventory.yml
+host_key_checking = False

Azure/Ansible/detectionlab.yml

@@ -0,0 +1,18 @@
+---
+- hosts: dc
+  roles:
+    - dc
+    - common
+  tags: dc
+
+- hosts: wef
+  roles:
+    - wef
+    - common
+  tags: wef
+
+- hosts: win10
+  roles:
+    - win10
+    - common
+  tags: win10

Azure/Ansible/group_vars/all.yml

@@ -0,0 +1,6 @@
+ansible_user: vagrant
+ansible_password: Vagrant123
+ansible_port: 5985
+ansible_connection: winrm
+ansible_winrm_transport: basic
+ansible_winrm_server_cert_validation: ignore

Azure/Ansible/group_vars/linux.yml

@@ -0,0 +1,4 @@
+ansible_user: vagrant
+ansible_password: vagrant
+ansible_port: 22
+ansible_connection: ssh

Azure/Ansible/inventory.yml

@@ -0,0 +1,14 @@
+---
+# Replace the x's with the IP addresses from "terrafrom output"
+dc:
+  hosts:
+    x.x.x.x:
+
+wef:
+  hosts:
+    x.x.x.x:
+
+win10:
+  hosts:
+    x.x.x.x:
+

Azure/Ansible/roles/common/tasks/main.yml

@@ -0,0 +1,76 @@
+---
+
+- name: Downloading the Palantir WEF Configuration
+  win_shell: ".\\download_palantir_wef.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: palantir_wef
+  failed_when: "'Exception' in palantir_wef.stdout"
+
+- debug: msg="{{ palantir_wef.stdout_lines }}"
+  
+- name: Downloading the Palantir osquery Configuration
+  win_shell: ".\\download_palantir_osquery.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: palantir_osquery
+  failed_when: "'Exception' in palantir_osquery.stdout"
+
+- debug: msg="{{ palantir_osquery.stdout_lines }}"
+  
+- name: Installing osquery
+  win_shell: ".\\install-osquery.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: install_osquery
+  failed_when: "'Exception' in install_osquery.stdout"
+
+- debug: msg="{{ install_osquery.stdout_lines }}"
+
+- name: Installing SysInternals Tools
+  win_shell: ".\\install-sysinternals.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: sysinternals
+  failed_when: "'Exception' in sysinternals.stdout"
+
+- debug: msg="{{ sysinternals.stdout_lines }}"
+
+- name: Installing AutorunsToWineventlog
+  win_shell: ".\\install-autorunstowineventlog.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: autorunstowineventlog
+  failed_when: "'Exception' in autorunstowineventlog.stdout"
+
+- debug: msg="{{ autorunstowineventlog.stdout_lines }}"
+
+- name: Installing Red Team Tooling
+  win_shell: ".\\install-redteam.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: redteam
+  failed_when: "'Exception' in redteam.stdout"
+
+- debug: msg="{{ redteam.stdout_lines }}"
+
+- name: Install Utilities 
+  win_chocolatey:
+    name:
+    - NotepadPlusPlus
+    - GoogleChrome
+    - WinRar
+    - wireshark
+    - winpcap
+    state: present
+
+- name: Install classic-shell with chocolatey
+  win_chocolatey:
+    name:
+      - classic-shell
+    state: present
+    install_args: "ADDLOCAL=ClassicStartMenu"
+
+
+
+

Azure/Ansible/roles/dc/tasks/main.yml

@@ -0,0 +1,144 @@
+---
+
+- name: Set DNS Address
+  win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 127.0.0.1,8.8.8.8"
+
+- name: Install git
+  win_chocolatey:
+    name: git
+    state: present
+
+- name: Check if existing DetectionLab directory
+  win_stat:
+    path: 'c:\DetectionLab'
+  register: dir
+
+- name: Git clone Detectionlab
+  win_shell: git clone https://github.com/clong/DetectionLab.git
+  args:
+    chdir: 'c:\'
+  when: not dir.stat.exists
+
+- name: Copy scripts to c:\vagrant
+  win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+
+- name: Create an Administrator user
+  win_user:
+    name: Administrator
+    password: Vagrant123
+    state: present
+    groups:
+      - Users,Administrators
+    password_never_expires: yes
+  
+- name: Create the Domain
+  win_shell: .\\provision.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: domain_creation
+  changed_when: "'Status         : Success' in domain_creation.stdout"
+
+- name: Reboot Afer Domain Creation
+  win_reboot:
+    msg: "Installing AD. Rebooting..."
+    pre_reboot_delay: 15
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Configure OU
+  win_shell: .\\configure-ou.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: ou_creation
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: windomain.local\vagrant
+    ansible_become_password: vagrant
+    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+  failed_when: "'Exception' in ou_creation.stderr"
+
+- debug: msg="{{ ou_creation.stdout_lines }}"
+
+- name: Configure WEF GPO
+  win_shell: .\\configure-wef-gpo.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: wef_gpo
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: windomain.local\vagrant
+    ansible_become_password: vagrant
+    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+  failed_when: "'Exception' in wef_gpo.stderr"
+
+- debug: msg="{{ wef_gpo.stdout_lines }}"
+
+- name: Configure Powershell Logging GPO
+  win_shell: .\\configure-powershelllogging.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: powershell_gpo
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: windomain.local\vagrant
+    ansible_become_password: vagrant
+    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+  failed_when: "'Exception' in powershell_gpo.stderr"
+
+- debug: msg="{{ powershell_gpo.stdout_lines }}"
+
+- name: Configure Auditing Policy GPO
+  win_shell: .\\configure-AuditingPolicyGPOs.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: audit_policy
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: windomain.local\vagrant
+    ansible_become_password: vagrant
+    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+  failed_when: "'Exception' in audit_policy.stderr"
+
+- debug: msg="{{ audit_policy.stdout_lines }}"
+
+- name: Disable Windows Defender GPO
+  win_shell: .\\configure-disable-windows-defender-gpo.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: disable_win_def
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: windomain.local\vagrant
+    ansible_become_password: vagrant
+    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+  failed_when: "'Exception' in disable_win_def.stderr"
+
+- debug: msg="{{ disable_win_def.stdout_lines }}"
+
+- name: Configure RDP Permissions GPO
+  win_shell: .\\configure-rdp-user-gpo.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: rdp_gpo
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: windomain.local\vagrant
+    ansible_become_password: vagrant
+    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+  failed_when: "'Exception' in rdp_gpo.stderr"
+
+- debug: msg="{{ rdp_gpo.stdout_lines }}"
+
+- name: Configure DC with raw Commands
+  win_shell: "{{ item }}"
+  with_items:
+    - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+    - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
+
+

Azure/Ansible/roles/wef/tasks/main.yml

@@ -0,0 +1,136 @@
+---
+
+# This needs to be made idempodent
+- name: Set HostOnly DNS Address
+  win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8"
+
+- name: Install git
+  win_chocolatey:
+    name: git
+    state: present
+
+- name: Check if existing DetectionLab directory
+  win_stat:
+    path: 'c:\DetectionLab'
+  register: dir
+
+- name: Git clone Detectionlab
+  win_shell: git clone https://github.com/clong/DetectionLab.git
+  args:
+    chdir: 'c:\'
+  when: not dir.stat.exists
+
+- name: Copy scripts to c:\vagrant
+  win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+
+- name: Join the Domain
+  win_shell: .\\provision.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: wef_join_domain
+  changed_when: "'HasSucceeded : True' in wef_join_domain.stdout"
+
+- debug: msg="{{ wef_join_domain.stdout_lines }}"
+
+- name: Reboot After Joining the Domain
+  win_reboot:
+    msg: "Joining the domain. Rebooting..."
+    pre_reboot_delay: 15
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Download Microsoft ATA
+  win_get_url:
+    url: http://download.microsoft.com/download/4/9/1/491394D1-3F28-4261-ABC6-C836A301290E/ATA1.9.iso
+    dest: "C:\\Users\\vagrant\\AppData\\Local\\Temp\\Microsoft ATA 1.9.iso"
+    timeout: 3600
+
+- name: Clear Event Logs
+  win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+
+- name: Downloading the Palantir WEF Configuration
+  win_shell: ".\\download_palantir_wef.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: palantir_wef
+  failed_when: "'Exception' in palantir_wef.stdout"
+
+- debug: msg="{{ palantir_wef.stdout_lines }}"
+
+- name: Installing WEF Subscriptions
+  win_shell: ".\\install-wefsubscriptions.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: wef_subscriptions
+  failed_when: "'Exception' in wef_subscriptions.stdout"
+
+- debug: msg="{{ wef_subscriptions.stdout_lines }}"
+
+- name: Installing the Splunk Universal Forwarder
+  win_shell: ".\\install-splunkuf.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: splunkuf
+  failed_when: "'Exception' in splunkuf.stdout"
+
+- debug: msg="{{ splunkuf.stdout_lines }}"
+
+- name: Install Splunk Windows TA
+  win_shell: ".\\install-windows_ta.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: windowsta
+  failed_when: "'Exception' in windowsta.stdout"
+
+- debug: msg="{{ windowsta.stdout_lines }}"
+
+- name: Installing the Powershell Log Transcription Share
+  win_shell: ".\\configure-pslogstranscriptsshare.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: pstranscriptshare
+  failed_when: "'Exception' in pstranscriptshare.stdout"
+
+- debug: msg="{{ pstranscriptshare.stdout_lines }}"
+
+- name: Installing Microsoft Advanced Threat Analytics
+  win_shell: ".\\install-microsoft-ata.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: windowsata
+  failed_when: "'Exception' in windowsata.stdout"
+
+- debug: msg="{{ windowsata.stdout_lines }}"
+
+- name: Configure WEF with raw Commands
+  win_shell: "{{ item }}"
+  with_items:
+    - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+    - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
+
+- name: Disable password complexity policy
+  win_shell: |
+      secedit /export /cfg C:\secpol.cfg
+      (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
+      secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
+      rm -force C:\secpol.cfg -confirm:$false
+  become: yes
+  become_method: enable
+
+- name: Add Ansible user
+  win_user:
+    name: ansible
+    password: Ansible123
+    groups:
+      - Administrators
+
+- name: Switch to Ansible user
+  set_fact:
+    ansible_user: ansible
+    ansible_password: Ansible123
+
+- name: Change password for vagrant account back to vagrant
+  win_user:
+    name: vagrant
+    password: vagrant
+

Azure/Ansible/roles/win10/tasks/main.yml

@@ -0,0 +1,80 @@
+---
+- name: Set HostOnly DNS Address
+  win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8"
+
+- name: Install git
+  win_chocolatey:
+    name: git
+    state: present
+
+- name: Check if existing DetectionLab directory
+  win_stat:
+    path: 'c:\DetectionLab'
+  register: dir
+
+- name: Git clone Detectionlab
+  win_shell: git clone https://github.com/clong/DetectionLab.git
+  args:
+    chdir: 'c:\'
+  when: not dir.stat.exists
+
+- name: Copy scripts to c:\vagrant
+  win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+
+- name: Making Windows10 Great Again
+  win_shell:  .\\MakeWindows10GreatAgain.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+
+- name: Join the Domain
+  win_shell: .\\provision.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+
+- name: Update group policy
+  win_shell: "gpupdate /force"
+
+- name: Reboot Server
+  win_reboot:
+    msg: "Joined the domain. Rebooting..."
+    pre_reboot_delay: 15
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Clear Event Logs
+  win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+
+- name: DetectionLab Menu
+  win_shell: |
+      "\"C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe -xml c:\\vagrant\\resources\\windows\\MenuSettings.xml\""
+      regedit /s c:\vagrant\resources\windows\MenuStyle_Default_Win7.reg
+
+- name: Disable password complexity policy
+  win_shell: |
+      secedit /export /cfg C:\secpol.cfg
+      (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
+      secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
+      rm -force C:\secpol.cfg -confirm:$false
+  become: yes
+  become_method: enable
+
+- name: Add Ansible user
+  win_user:
+    name: ansible
+    password: Ansible123
+    groups:
+      - Administrators
+
+- name: Switch to Ansible user
+  set_fact:
+    ansible_user: ansible
+    ansible_password: Ansible123
+
+- name: Change password for vagrant account back to vagrant
+  win_user:
+    name: vagrant
+    password: vagrant
+
+
+
+