From be28a4aa26a1d4ea68f5e2716f5960a181b24ed5 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Thu, 31 Dec 2020 10:17:16 -0800 Subject: [PATCH 1/6] Updating sponsors --- README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 908e6a5..95a01f0 100644 --- a/README.md +++ b/README.md @@ -103,13 +103,13 @@ A sizable percentage of this code was borrowed and adapted from [Stefan Scherer] * [EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES) # DetectionLab Sponsors -#### Lated updated: 9/16/2020 +#### Lated updated: 12/31/2020 I would like to extend thanks to the following sponsors for funding DetectionLab development. If you are interested in becoming a sponsor, please visit the [sponsors page](https://github.com/sponsors/clong). ### Diamond Sponsors: * [Veramine](https://github.com/veramine) * [Thinkst](https://github.com/ThinkstAppliedResearch) -* [csterner82](https://github.com/csterner82) +* [kungskal](https://github.com/kungskal) * [swizzlez](https://github.com/swizzlez) * [CyDefUnicorn](https://github.com/CyDefUnicorn) * [olliencc](https://github.com/olliencc) @@ -118,17 +118,18 @@ I would like to extend thanks to the following sponsors for funding DetectionLab * [mikeesparza](https://github.com/mikeesparza) * [dlee35](https://github.com/dlee35) * [chrissanders](https://github.com/chrissanders) -* [punchdrunktux](https://github.com/punchdrunktux) * [jaredhaight](https://github.com/jaredhaight) * [iamfuntime](https://github.com/iamfuntime) * [Luct0r](https://github.com/Luct0r) +* [zhuma549](https://github.com/zhuma549) +* +1 private sponsor ### Standard Sponsors: -* [dtonomy](https://github.com/dtonomy) * [braimee](https://github.com/braimee) -* [iLoC0dez](https://github.com/iLoC0dez) * [defensivedepth](https://github.com/defensivedepth) -* [elreydetoda](https://github.com/elreydetoda) * [kafkaesqu3](https://github.com/kafkaesqu3) * [anthonysecurity](https://github.com/anthonysecurity) +* [ealaney](https://github.com/ealaney) +* [elreydetoda](https://github.com/elreydetoda) +* [DevBits1702](https://github.com/DevBits1702) * +2 private sponsors From 7aa5dd5c543ecb44378b36dd39b320474cc13853 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Mon, 4 Jan 2021 10:40:34 -0800 Subject: [PATCH 2/6] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 95a01f0..6e963f5 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,10 @@ DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to [![CircleCI](https://circleci.com/gh/clong/DetectionLab/tree/master.svg?style=shield)](https://circleci.com/gh/clong/DetectionLab/tree/master) ![Lint Code Base](https://github.com/clong/DetectionLab/workflows/Lint%20Code%20Base/badge.svg) [![license](https://img.shields.io/github/license/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/blob/master/license.md) -![Maintenance](https://img.shields.io/maintenance/yes/2020.svg?style=flat-square) +![Maintenance](https://img.shields.io/maintenance/yes/2021.svg?style=flat-square) [![GitHub last commit](https://img.shields.io/github/last-commit/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/commit/master) [![Twitter](https://img.shields.io/twitter/follow/DetectionLab.svg?style=social)](https://twitter.com/DetectionLab) +[![Slack][https://img.shields.io/badge/Slack-DetectionLab-blue](https://join.slack.com/t/cl0ng/shared_invite/zt-kjwgkldg-BqB1TyrUX0dSjDPe44tKRg) #### Donate to the project: From 46d487a05cbcdb2d74c1a0c9b2d45d5a682e16a3 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Mon, 4 Jan 2021 10:41:12 -0800 Subject: [PATCH 3/6] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6e963f5..7a33b73 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ![Maintenance](https://img.shields.io/maintenance/yes/2021.svg?style=flat-square) [![GitHub last commit](https://img.shields.io/github/last-commit/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/commit/master) [![Twitter](https://img.shields.io/twitter/follow/DetectionLab.svg?style=social)](https://twitter.com/DetectionLab) -[![Slack][https://img.shields.io/badge/Slack-DetectionLab-blue](https://join.slack.com/t/cl0ng/shared_invite/zt-kjwgkldg-BqB1TyrUX0dSjDPe44tKRg) +[![Slack](https://img.shields.io/badge/Slack-DetectionLab-blue)](https://join.slack.com/t/cl0ng/shared_invite/zt-kjwgkldg-BqB1TyrUX0dSjDPe44tKRg) #### Donate to the project: From cdf2097a61de78f32fddb17d42bd8e8acb558ddc Mon Sep 17 00:00:00 2001 From: Spencer Walden Date: Tue, 5 Jan 2021 16:29:55 -0800 Subject: [PATCH 4/6] Updates else clause logged output and uses variables in script rather than hard code --- HyperV/hyperv-create-nat-switch.ps1 | 49 +++++++++++++++++------------ 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/HyperV/hyperv-create-nat-switch.ps1 b/HyperV/hyperv-create-nat-switch.ps1 index 94650da..bd6c0fa 100644 --- a/HyperV/hyperv-create-nat-switch.ps1 +++ b/HyperV/hyperv-create-nat-switch.ps1 @@ -1,32 +1,41 @@ # See: https://www.petri.com/using-nat-virtual-switch-hyper-v -If ("NATSwitch" -in (Get-VMSwitch | Select-Object -ExpandProperty Name) -eq $FALSE) { - 'Creating Internal-only switch named "NATSwitch" on Windows Hyper-V host...' +$NATHostIP = "192.168.38.1" +$NATNetPrefixLength = 24 +$NATNet = "192.168.38.0/$NATNetPrefixLength" +$NATNetName = "NATNetwork" +$NATSwitchName = "NATSwitch" +$NATSwitchNameAlias = "vEthernet ($NATSwitchName)" - New-VMSwitch -SwitchName "NATSwitch" -SwitchType Internal +# Check our NAT switch exists, create it and configure it if it doesn't. +If ("$NATSwitchName" -in (Get-VMSwitch | Select-Object -ExpandProperty Name) -eq $FALSE) { + "Creating Internal-only switch named ""$NatSwitchName"" on Windows Hyper-V host..." - New-NetIPAddress -IPAddress 192.168.38.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)" + New-VMSwitch -SwitchName $NATSwitchName -SwitchType Internal + New-NetIPAddress -IPAddress $NATHostIP -PrefixLength $NATNetPrefixLength -InterfaceAlias $NATSwitchNameAlias + New-NetNAT -Name $NATNetName -InternalIPInterfaceAddressPrefix $NATNet - New-NetNAT -Name "NATNetwork" -InternalIPInterfaceAddressPrefix 192.168.38.0/24 -} -else { - '"NATSwitch" for static IP configuration already exists; skipping' +} else { + """$NATSwitchName"" VM Switch on Hyper-V host for guest static IP configuration already exists; skipping..." } -If ("192.168.38.1" -in (Get-NetIPAddress | Select-Object -ExpandProperty IPAddress) -eq $FALSE) { - 'Registering new IP address 192.168.38.1 on Windows Hyper-V host...' +# Check that our Hyper-V host has the proper gateway address for the NAT Network. +# TODO make sure that this is set for the proper NATSwitch +If ("$NATHostIP" -in (Get-NetIPAddress | Select-Object -ExpandProperty IPAddress) -eq $FALSE) { + "Registering new IP address $NATHostIP on Windows Hyper-V host..." - New-NetIPAddress -IPAddress 192.168.38.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)" -} -else { - '"192.168.38.1" for static IP configuration already registered; skipping' + New-NetIPAddress -IPAddress $NATHostIP -PrefixLength $NATNetPrefixLength -InterfaceAlias $NATSwitchNameAlias + +} else { + """$NATHostIP"" Hyper-V host gateway address for guest static IP configuration already registered; skipping..." } -If ("192.168.38.0/24" -in (Get-NetNAT | Select-Object -ExpandProperty InternalIPInterfaceAddressPrefix) -eq $FALSE) { - 'Registering new NAT adapter for 192.168.38.0/24 on Windows Hyper-V host...' +# Check that our Hyper-V host has the proper NAT Network setup +If ("$NATNet" -in (Get-NetNAT | Select-Object -ExpandProperty InternalIPInterfaceAddressPrefix) -eq $FALSE) { + "Registering new NAT adapter for $NATNet on Windows Hyper-V host..." - New-NetNAT -Name "NATNetwork" -InternalIPInterfaceAddressPrefix 192.168.38.0/24 -} -else { - '"192.168.38.0/24" for static IP configuration already registered; skipping' + New-NetNAT -Name $NATNetName -InternalIPInterfaceAddressPrefix $NATNet + +} else { + """$NATNet"" Hyper-V host NAT Network for guest static IP configuration already registered; skipping" } \ No newline at end of file From b6195693c90f1c18758182399af71de49aed8b12 Mon Sep 17 00:00:00 2001 From: Spencer Walden Date: Tue, 5 Jan 2021 16:51:07 -0800 Subject: [PATCH 5/6] Updates NATNetwork gateway IP check to be more specific to avoid different adapters having an IP address collision. --- HyperV/hyperv-create-nat-switch.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/HyperV/hyperv-create-nat-switch.ps1 b/HyperV/hyperv-create-nat-switch.ps1 index bd6c0fa..e75e916 100644 --- a/HyperV/hyperv-create-nat-switch.ps1 +++ b/HyperV/hyperv-create-nat-switch.ps1 @@ -20,8 +20,7 @@ If ("$NATSwitchName" -in (Get-VMSwitch | Select-Object -ExpandProperty Name) -eq } # Check that our Hyper-V host has the proper gateway address for the NAT Network. -# TODO make sure that this is set for the proper NATSwitch -If ("$NATHostIP" -in (Get-NetIPAddress | Select-Object -ExpandProperty IPAddress) -eq $FALSE) { +If (@(Get-NetIPAddress | Where-Object {$_.IPAddress -eq "$NATHostIP" -and $_.InterfaceAlias -eq "$NATSwitchNameAlias"}).Count -eq 1) { "Registering new IP address $NATHostIP on Windows Hyper-V host..." New-NetIPAddress -IPAddress $NATHostIP -PrefixLength $NATNetPrefixLength -InterfaceAlias $NATSwitchNameAlias From 6237582fc577ca0eeef3dde81158c774a40d0e45 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Mon, 11 Jan 2021 16:47:30 -0800 Subject: [PATCH 6/6] Update inventory.yml --- ESXi/ansible/inventory.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ESXi/ansible/inventory.yml b/ESXi/ansible/inventory.yml index a00fe41..46f3205 100644 --- a/ESXi/ansible/inventory.yml +++ b/ESXi/ansible/inventory.yml @@ -7,7 +7,7 @@ logger: ansible_password: vagrant ansible_port: 22 ansible_connection: ssh - ansible_ssh_common_args: '-o StrictHostKeyChecking=no' + ansible_ssh_common_args: '-o UserKnownHostsFile=/dev/null' dc: hosts: