trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
410 Commits 1 Branch 0 Tags
6cb8b1b53dbee1ea86cff2c4633646cd7295545c
Commit Graph

61 Commits

Author SHA1 Message Date
Chris Long
ee9a1f87fd Removing Splunk forwarder from Windows hosts 2019-12-03 00:42:02 -08:00
Chris Long
2b608addb0 Fixing issue #341 
Add TLS1.2 support
 2019-11-07 23:44:03 -08:00
Chris Long
280bce8252 Updating bginfo.bgi to point to the correct .bmp 2019-07-08 00:41:32 -07:00
Chris Long
df718b4408 Update to 1903 2019-07-06 18:29:29 -07:00
Sunny Neo
8d7bc4b9dc Explicitly define the file directory 
Osquery was not working with Fleet after deployment due to wrong directories. 

The following command installs the osqueryd service with --flagfile=\ProgramData\osquery\osquery.flags" however osquery.flags found at "C:\Program Files\osquery\osquery.flags" 

``` "c:\Program Files\osquery\osqueryd\osqueryd.exe" -ArgumentList "--install" -Wait  
```

The original osquery.flags defines the certfile.crt to be in "C:\programdata\osquery", it should be in  "c:\Program Files\osquery\" instead.
 2019-06-16 22:56:11 +08:00
Chris Long
9dcc235a55 Update osquery paths in v3.4.0 2019-05-25 12:36:45 -07:00
Chris Long
6b40e372bd Actually include the files 2019-05-11 01:42:35 -07:00
Chris Long
1261c0dfd8 Adding timestamps to scripts, Vagrantfile_prebuilt, logo 2019-05-06 09:26:59 -07:00
Chris Long
1746b49811 Add Atomic Red Team, Poll Packet for Provisioning, Fixes 2019-04-28 22:02:11 -07:00
Chris Long
88cd120e6e Don't try to re-disable Defender 2019-04-28 01:42:25 -07:00
Chris Long
7d844fd988 Removing Caldera 2019-04-27 22:36:06 -07:00
Chris Long
614af67405 Update to Caldera 2.0, reduce verbosity 2019-04-27 21:05:23 -07:00
Chris Long
4accd72069 Add a retry for SplunkForwarder stoppage 
Attempt at fixing https://github.com/clong/DetectionLab/issues/243
 2019-04-26 01:14:22 -07:00
Chris Long
dae0393b00 Fixing issues 228, 252, 255 2019-04-25 23:06:07 -07:00
Chris Long
d3e00c8d57 Install WinPcap to fix network interface issue 
Addresses https://github.com/clong/DetectionLab/issues/246
 2019-04-09 22:51:51 -07:00
Chris Long
c19f924de9 Update install-redteam.ps1 2019-04-07 23:42:09 -07:00
Jonathan Johnson
6f2b788f76 Update install-redteam.ps1 2019-04-02 14:43:24 -05:00
Chris Long
7c25cd1e00 Hardcode caldera config settings 2019-03-27 11:20:27 +07:00
Chris Long
f656b82db4 Update configure-ou.ps1 2019-03-25 08:13:44 +07:00
Chris Long
03b0c894d0 Update configure-wef-gpo.ps1 2019-03-25 08:11:54 +07:00
Chris Long
a30eb41737 Update create-domain.ps1 2019-03-24 22:11:32 +07:00
Chris Long
11b1ae4963 Update configure-ou.ps1 2019-03-24 22:11:10 +07:00
Chris Long
173723d96f Bash -> Powershell 2019-03-24 10:08:19 +07:00
Chris Long
57003667e0 More debugging 2019-03-23 16:33:35 +07:00
Chris Long
1d7cc0ed3e fix typo 2019-03-12 14:16:03 -07:00
Chris Long
23f0b30dab Add try/catch to configure-ou.ps1 2019-03-11 22:37:37 -07:00
Chris Long
a4a074ad24 Removing Microsoft-Message-Analyzer as it conflicts with Microsoft ATA 2019-03-02 10:28:05 -08:00
Chris Long
ebdaa07080 Fixing working in choco and redteam 2019-03-01 22:51:26 -08:00
Chris Long
93183a95e2 Update Splunk apps, create vagrantfile_minimum, bugfixes 2019-03-01 22:45:37 -08:00
Chris Long
020af3c936 Add ShutUp10, Upgrade Vagrant, Issue 12 2019-02-18 21:47:03 -08:00
Chris Long
05f1f41930 Update osquery paths to reflect updates to repo 2018-12-20 19:02:08 -08:00
Chris Long
8b9178685a Adding Olaf's Threat Hunting App. Fixes. Updates. 2018-12-11 00:52:46 -08:00
Chris Long
553ecbaaf4 Add TLSv1.2 support to install-bginfo.ps1 2018-10-30 14:13:50 -07:00
Chris Long
d763d66dc2 Drop the firewall in Win10 host [ci skip] 2018-09-25 22:48:26 -07:00
Chris Long
3af54d5003 Merge branch 'master' into patch-3 2018-09-25 22:44:47 -07:00
Chris Long
ba7784e0e8 Multiple fixes, additions 2018-09-06 22:58:36 -07:00
Dmitry
4d21d2e885 Add code to section "Excluding NAT interface from DNS" 
Hi!
I want  you to add code to subj section. 
Here my qwuick and dirty example of a code
Here the list what it proposed to do.
1. remove NAT adapters IP Resource records in DNS Server.
2. Uncheck option "Register this connection's addresses in dns"
3. Remove all RR from NAT if already registered. (unnessesary, if NAT adapter RR not exist)
4. restart DNS server service.
 2018-09-04 15:28:44 +07:00
Chris Long
95e177f5aa Fixing bugs 2018-07-30 21:54:42 -07:00
Chris Long
199075e412 Merge branch 'master' into H8to-patch-1 2018-07-26 15:12:06 -07:00
H8to
84297d0dc5 Disable screen turnoff 
This should fix the client machines from turning off and locking the screen.
 2018-07-26 17:04:04 +02:00
Chris Long
6370af1eae Updating windows_ta script to point to the correct version 2018-07-23 12:30:30 -07:00
Chris Long
b9b65601a6 Updating hashes for pre-built boxes and small fixes 2018-06-28 23:20:24 -07:00
Chris Long
a105722872 Adding some small fixes 2018-06-26 23:48:11 -07:00
Chris Long
bd6c3520f3 Update Win10 to 1804 & Fixes 2018-06-23 23:27:23 -07:00
Chris Long
ac792cc0b1 Revert "Updated Splunk UF and changed sysmon config" 2018-05-23 23:26:15 -07:00
Chris Long
20c40a22f9 Merge pull request #92 from olafhartong/master 
Updated Splunk UF and changed sysmon config
 2018-05-23 13:21:32 -07:00
hhofs
387682e809 added pre and post checks for installations 2018-05-16 14:56:12 +02:00
Olaf Hartong
f2545eef50 added olafhartong sysmon-modular config 2018-05-13 11:42:27 +02:00
Olaf Hartong
53ca340244 update to 7.0.1 2018-05-13 11:42:02 +02:00
hhofs
0e898af33f added verification of iso download, changed memory for wef and dc, fixed issue with post-build tests 2018-05-11 23:59:17 +02:00