trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix sysmon sourcetype, update ThreatHunting app

Browse Source
This commit is contained in:
Chris Long
2020-08-04 21:58:18 -07:00
parent 3fc3119be2
commit 84c29f6739
31 changed files with 124 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Vagrant/scripts/join-domain.ps1
View File

@@ -19,7 +19,7 @@ $DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass
If ($hostname -eq "wef") {
Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Servers,dc=windomain,dc=local" -PassThru
} ElseIf ($hostname -eq "win10") {
Write-Host "Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug
Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Workstations,dc=windomain,dc=local"
} Else {
Add-Computer -DomainName "windomain.local" -credential $DomainCred -PassThru
@@ -30,8 +30,24 @@ Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Value "vagrant"
# Stop Windows Update
Write-Host "Disabling Windows Updates and Windows Module Services"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling Windows Updates and Windows Module Services"
Set-Service wuauserv -StartupType Disabled
Stop-Service wuauserv
Set-Service TrustedInstaller -StartupType Disabled
Stop-Service TrustedInstaller
# Uninstall Windows Defender from WEF
# This command isn't supported on WIN10
If ($hostname -ne "win10" -And (Get-Service -Name WinDefend -ErrorAction SilentlyContinue).status -eq 'Running') {
# Uninstalling Windows Defender (https://github.com/StefanScherer/packer-windows/issues/201)
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Uninstalling Windows Defender..."
Try {
Uninstall-WindowsFeature Windows-Defender -ErrorAction Stop
Uninstall-WindowsFeature Windows-Defender-Features -ErrorAction Stop
} Catch {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender did not uninstall successfully..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) We'll try again during install-red-team.ps1"
}
}