Adding Caldera to DetectionLab

Vagrant/scripts/install-caldera-agent.ps1

@@ -0,0 +1,26 @@
+# Purpose: Installs the Caldera agent on the host
+
+# Add /etc/hosts entry
+Add-Content "c:\windows\system32\drivers\etc\hosts" "        192.168.38.5    logger"
+
+# Make the directory
+New-Item "c:\Program Files\cagent" -type directory
+
+# Install Visual Studio 2015 C++ Redistributable
+choco install -y vcredist2015
+
+# Download cagent and start the service
+If (-not (Test-Path "C:\Program Files\cagent\cagent.exe")) {
+  Write-Host "Downloading Caldera Agent (cagent.exe)"
+  $cagentPath = "C:\Program Files\cagent\cagent.exe"
+  $cagentConfPath = "C:\Program Files\cagent\conf.yml"
+  (New-Object System.Net.WebClient).DownloadFile('https://github.com/mitre/caldera-agent/releases/download/v0.1.0/cagent.exe', $cagentPath)
+  # Ignore SSL warning for conf file download
+  # https://stackoverflow.com/questions/34331206/ignore-ssl-warning-with-powershell-downloadstring
+  [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;(New-Object System.Net.WebClient).DownloadFile('https://logger:8888/conf.yml', $cagentConfPath)
+  Start-Process -FilePath $cagentPath -ArgumentList '--startup', 'auto', 'install' -Wait
+  Start-Process -FilePath $cagentPath -ArgumentList 'start' -Wait
+} Else {
+  Write-Host "Caldera Agent is already installed. Moving on."
+}
+Write-Host "Cagent installation complete!"

Vagrant/scripts/install-sysinternals.ps1

@@ -38,6 +38,9 @@ Invoke-WebRequest -Uri "https://raw.githubusercontent.com/SwiftOnSecurity/sysmon
 # Convert Sysmon config schema from 3.30 to 4.0 per GitHub Issue #38
 (Get-Content $sysmonConfigPath) -replace 'schemaversion="3.30"', 'schemaversion="4.00"' | Set-Content $sysmonConfigPath
 
+# Convert Schema from 3.30 to 4.0 per GitHub Issue #38
+(Get-Content $sysmonConfigPath) -replace 'schemaversion="3.30"', 'schemaversion="4.00"' | Set-Content $sysmonConfigPath
+
 # Startup Sysmon
 Write-Host "Starting Sysmon..."
 Start-Process -FilePath "$sysmonDir\Sysmon64.exe" -ArgumentList "-accepteula -i $sysmonConfigPath"

Vagrant/scripts/join-domain.ps1

@@ -18,7 +18,7 @@ $DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass
 If ($hostname -eq "wef") {
   Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Servers,dc=windomain,dc=local" -PassThru
 } ElseIf ($hostname -eq "win10") {
-  Write-Host "Adding Win10 to the domain. Sometimes this step times out when using VMWare. If that happens, just run 'vagrant reload win10 --provision'" #debug
+  Write-Host "Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug
   Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Workstations,dc=windomain,dc=local"
 } Else {
   Add-Computer -DomainName "windomain.local" -credential $DomainCred -PassThru