trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/clong/detectionlab

Browse Source
This commit is contained in:
Chris Long
2021-07-11 09:45:22 -07:00
parent 4f1d381e20 d15022e130
commit 6a66e23c6a
4 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Packer/scripts/compact.bat
View File

@@ -1,7 +1,7 @@
if not exist "C:\Windows\Temp\7z1900-x64.msi" ( if not exist "C:\Windows\Temp\7z2102-x64.msi" (
powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')" <NUL powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z2102-x64.msi', 'C:\Windows\Temp\7z2102-x64.msi')" <NUL
) )
msiexec /qb /i C:\Windows\Temp\7z1900-x64.msi msiexec /qb /i C:\Windows\Temp\7z2102-x64.msi
if not exist "C:\Windows\Temp\SDelete.zip" ( if not exist "C:\Windows\Temp\SDelete.zip" (
powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://download.sysinternals.com/files/SDelete.zip', 'C:\Windows\Temp\SDelete.zip')" <NUL powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://download.sysinternals.com/files/SDelete.zip', 'C:\Windows\Temp\SDelete.zip')" <NUL
@@ -12,7 +12,7 @@ if not exist "C:\Windows\Temp\sdelete.exe" (
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\SDelete.zip -oC:\Windows\Temp" cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\SDelete.zip -oC:\Windows\Temp"
) )
msiexec /qb /x C:\Windows\Temp\7z1900-x64.msi msiexec /qb /x C:\Windows\Temp\7z2102-x64.msi
net stop wuauserv 1> nul 2>&1 net stop wuauserv 1> nul 2>&1
rmdir /S /Q C:\Windows\SoftwareDistribution\Download rmdir /S /Q C:\Windows\SoftwareDistribution\Download

12
Packer/scripts/vm-guest-tools.bat
View File

@@ -1,10 +1,10 @@
if not exist "C:\Windows\Temp\7z1900-x64.msi" ( if not exist "C:\Windows\Temp\7z2102-x64.msi" (
powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')" <NUL powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z2102-x64.msi', 'C:\Windows\Temp\7z2102-x64.msi')" <NUL
) )
if not exist "C:\Windows\Temp\7z1900-x64.msi" ( if not exist "C:\Windows\Temp\7z2102-x64.msi" (
powershell -Command "Start-Sleep 5; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')" <NUL powershell -Command "Start-Sleep 5; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z2102-x64.msi', 'C:\Windows\Temp\7z2102-x64.msi')" <NUL
) )
msiexec /qb /i C:\Windows\Temp\7z1900-x64.msi msiexec /qb /i C:\Windows\Temp\7z2102-x64.msi
if "%PACKER_BUILDER_TYPE%" equ "vmware-iso" goto :vmware if "%PACKER_BUILDER_TYPE%" equ "vmware-iso" goto :vmware
if "%PACKER_BUILDER_TYPE%" equ "virtualbox-iso" goto :virtualbox if "%PACKER_BUILDER_TYPE%" equ "virtualbox-iso" goto :virtualbox
@@ -48,4 +48,4 @@ rd /S /Q "C:\Windows\Temp\virtualbox"
goto :done goto :done
:done :done
msiexec /qb /x C:\Windows\Temp\7z1900-x64.msi msiexec /qb /x C:\Windows\Temp\7z2102-x64.msi

12
Packer/scripts/vm-guest-tools.ps1
View File

@@ -1,10 +1,10 @@
if (!( Test-Path "C:\Windows\Temp\7z1900-x64.msi")) { if (!( Test-Path "C:\Windows\Temp\7z2102-x64.msi")) {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi') [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z2102-x64.msi', 'C:\Windows\Temp\7z2102-x64.msi')
} }
if (!(Test-Path "C:\Windows\Temp\7z1900-x64.msi")) { if (!(Test-Path "C:\Windows\Temp\7z2102-x64.msi")) {
Start-Sleep 5; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi') Start-Sleep 5; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z2102-x64.msi', 'C:\Windows\Temp\7z2102-x64.msi')
} }
cmd /c msiexec /qb /i C:\Windows\Temp\7z1900-x64.msi cmd /c msiexec /qb /i C:\Windows\Temp\7z2102-x64.msi
if ("$env:PACKER_BUILDER_TYPE" -eq "vmware-iso") { if ("$env:PACKER_BUILDER_TYPE" -eq "vmware-iso") {
@@ -85,4 +85,4 @@ if ("$env:PACKER_BUILDER_TYPE" -eq "virtualbox-iso") {
cmd /c rd /S /Q "C:\Windows\Temp\virtualbox" cmd /c rd /S /Q "C:\Windows\Temp\virtualbox"
} }
cmd /c msiexec /qb /x C:\Windows\Temp\7z1900-x64.msi cmd /c msiexec /qb /x C:\Windows\Temp\7z2102-x64.msi

8
README.md
View File

@@ -107,17 +107,18 @@ A sizable percentage of this code was borrowed and adapted from [Stefan Scherer]
* [EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES) * [EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES)
# DetectionLab Sponsors # DetectionLab Sponsors
#### Lated updated: 04/10/2021 #### Lated updated: 07/09/2021
I would like to extend thanks to the following sponsors for funding DetectionLab development. If you are interested in becoming a sponsor, please visit the [sponsors page](https://github.com/sponsors/clong). I would like to extend thanks to the following sponsors for funding DetectionLab development. If you are interested in becoming a sponsor, please visit the [sponsors page](https://github.com/sponsors/clong).
### Diamond Sponsors: ### Diamond Sponsors:
* [Veramine](https://github.com/veramine) * [Veramine](https://github.com/veramine)
* [Thinkst](https://github.com/ThinkstAppliedResearch) * [Thinkst](https://github.com/ThinkstAppliedResearch)
* [kungskal](https://github.com/kungskal) * [kungskal](https://github.com/kungskal)
* [swizzlez](https://github.com/swizzlez)
* [CyDefUnicorn](https://github.com/CyDefUnicorn) * [CyDefUnicorn](https://github.com/CyDefUnicorn)
* [olliencc](https://github.com/olliencc) * [olliencc](https://github.com/olliencc)
* [snaplabsio](https://github.com/snaplabsio) * [snaplabsio](https://github.com/snaplabsio)
* [0x0lolbin](https://github.com/0x0lolbin)
* [materaj2](https://github.com/materaj2)
### Premium Sponsors: ### Premium Sponsors:
* [mikeesparza](https://github.com/mikeesparza) * [mikeesparza](https://github.com/mikeesparza)
@@ -127,7 +128,6 @@ I would like to extend thanks to the following sponsors for funding DetectionLab
* [iamfuntime](https://github.com/iamfuntime) * [iamfuntime](https://github.com/iamfuntime)
* [Luct0r](https://github.com/Luct0r) * [Luct0r](https://github.com/Luct0r)
* [secdev-01](https://github.com/secdev-01) * [secdev-01](https://github.com/secdev-01)
* +1 private sponsor
### Standard Sponsors: ### Standard Sponsors:
* [braimee](https://github.com/braimee) * [braimee](https://github.com/braimee)
@@ -137,4 +137,4 @@ I would like to extend thanks to the following sponsors for funding DetectionLab
* [ealaney](https://github.com/ealaney) * [ealaney](https://github.com/ealaney)
* [elreydetoda](https://github.com/elreydetoda) * [elreydetoda](https://github.com/elreydetoda)
* [DevBits1702](https://github.com/DevBits1702) * [DevBits1702](https://github.com/DevBits1702)
* +2 private sponsors * +1 private sponsor