trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
672 Commits 1 Branch 0 Tags
83f5bf601cbe38e1f4018481905db007a23898aa
Commit Graph

123 Commits

Author SHA1 Message Date
Chris Long
4e850a5ee6 Adding final ESXI deployment code 2020-03-09 14:42:58 -07:00
Chris Long
47d4696147 Update install-redteam.ps1 2020-03-09 00:49:32 -07:00
Chris Long
361b9b0b48 Adding exclusion folders to install-redteam.ps1 2020-03-07 23:11:44 -08:00
Chris Long
c630b88961 Removing reference to Invoke-AtomicRedTeam.psm1 
Fixes https://github.com/clong/DetectionLab/issues/385
 2020-03-07 20:02:25 -08:00
Chris Long
2bd2f20776 Merge branch 'master' into libvirt_provider 2020-02-17 14:45:09 -08:00
Ahmed Shawky
fea8f35f0e Force powershell to use TLS 1.2 as chocolatey.org throws a TLS error 2020-02-05 02:47:03 +04:00
Selora
2a6cb92f51 Libvirt provider 
Adding Packer Qemu builder:
* Packer/answer_files/*_virtio: Install the virtio drivers from the ISO (NOT provided)
* windows_*.json needs some manual tweaks to match the virtio drivers ISO path

Adding Vagrant-libvirt provider:
* Uses the QEMU qcow2 images provided by packer to build the DetectionLab
* Vagrantfile needs manual tweaking to match libvirt's host configuration (backing store, network interfaces, etc)

README:
* Added separate README with instructions for libvirt
 2020-01-15 17:28:54 +00:00
Chris Long
b5c73ce647 Include Invoke-AtomicTest in Powershell 2019-12-20 23:46:35 -08:00
Chris Long
7e17727cbb Logger bump to Ubuntu 18.04 & Migrate to Zeek 2019-12-20 15:48:13 -08:00
Chris Long
0393d627ad Convert ADSI:Exists to Get-ADOrganizationalUnit 2019-12-04 18:49:28 -08:00
Chris Long
4a8485c28e Disable IPv6 on Windows adapters 2019-12-04 13:45:43 -08:00
Chris Long
f64ff20aaf Disabling default windows inputs. Adding powershell command for event channel perms 2019-12-04 11:27:35 -08:00
Chris Long
ee9a1f87fd Removing Splunk forwarder from Windows hosts 2019-12-03 00:42:02 -08:00
Chris Long
2b608addb0 Fixing issue #341 
Add TLS1.2 support
 2019-11-07 23:44:03 -08:00
Chris Long
280bce8252 Updating bginfo.bgi to point to the correct .bmp 2019-07-08 00:41:32 -07:00
Chris Long
df718b4408 Update to 1903 2019-07-06 18:29:29 -07:00
Sunny Neo
8d7bc4b9dc Explicitly define the file directory 
Osquery was not working with Fleet after deployment due to wrong directories. 

The following command installs the osqueryd service with --flagfile=\ProgramData\osquery\osquery.flags" however osquery.flags found at "C:\Program Files\osquery\osquery.flags" 

``` "c:\Program Files\osquery\osqueryd\osqueryd.exe" -ArgumentList "--install" -Wait  
```

The original osquery.flags defines the certfile.crt to be in "C:\programdata\osquery", it should be in  "c:\Program Files\osquery\" instead.
 2019-06-16 22:56:11 +08:00
Chris Long
9dcc235a55 Update osquery paths in v3.4.0 2019-05-25 12:36:45 -07:00
Chris Long
6b40e372bd Actually include the files 2019-05-11 01:42:35 -07:00
Chris Long
1261c0dfd8 Adding timestamps to scripts, Vagrantfile_prebuilt, logo 2019-05-06 09:26:59 -07:00
Chris Long
1746b49811 Add Atomic Red Team, Poll Packet for Provisioning, Fixes 2019-04-28 22:02:11 -07:00
Chris Long
88cd120e6e Don't try to re-disable Defender 2019-04-28 01:42:25 -07:00
Chris Long
7d844fd988 Removing Caldera 2019-04-27 22:36:06 -07:00
Chris Long
614af67405 Update to Caldera 2.0, reduce verbosity 2019-04-27 21:05:23 -07:00
Chris Long
4accd72069 Add a retry for SplunkForwarder stoppage 
Attempt at fixing https://github.com/clong/DetectionLab/issues/243
 2019-04-26 01:14:22 -07:00
Chris Long
dae0393b00 Fixing issues 228, 252, 255 2019-04-25 23:06:07 -07:00
Chris Long
d3e00c8d57 Install WinPcap to fix network interface issue 
Addresses https://github.com/clong/DetectionLab/issues/246
 2019-04-09 22:51:51 -07:00
Chris Long
c19f924de9 Update install-redteam.ps1 2019-04-07 23:42:09 -07:00
Jonathan Johnson
6f2b788f76 Update install-redteam.ps1 2019-04-02 14:43:24 -05:00
Chris Long
7c25cd1e00 Hardcode caldera config settings 2019-03-27 11:20:27 +07:00
Chris Long
f656b82db4 Update configure-ou.ps1 2019-03-25 08:13:44 +07:00
Chris Long
03b0c894d0 Update configure-wef-gpo.ps1 2019-03-25 08:11:54 +07:00
Chris Long
a30eb41737 Update create-domain.ps1 2019-03-24 22:11:32 +07:00
Chris Long
11b1ae4963 Update configure-ou.ps1 2019-03-24 22:11:10 +07:00
Chris Long
173723d96f Bash -> Powershell 2019-03-24 10:08:19 +07:00
Chris Long
57003667e0 More debugging 2019-03-23 16:33:35 +07:00
Chris Long
1d7cc0ed3e fix typo 2019-03-12 14:16:03 -07:00
Chris Long
23f0b30dab Add try/catch to configure-ou.ps1 2019-03-11 22:37:37 -07:00
Chris Long
a4a074ad24 Removing Microsoft-Message-Analyzer as it conflicts with Microsoft ATA 2019-03-02 10:28:05 -08:00
Chris Long
ebdaa07080 Fixing working in choco and redteam 2019-03-01 22:51:26 -08:00
Chris Long
93183a95e2 Update Splunk apps, create vagrantfile_minimum, bugfixes 2019-03-01 22:45:37 -08:00
Chris Long
020af3c936 Add ShutUp10, Upgrade Vagrant, Issue 12 2019-02-18 21:47:03 -08:00
Chris Long
05f1f41930 Update osquery paths to reflect updates to repo 2018-12-20 19:02:08 -08:00
Chris Long
8b9178685a Adding Olaf's Threat Hunting App. Fixes. Updates. 2018-12-11 00:52:46 -08:00
Chris Long
553ecbaaf4 Add TLSv1.2 support to install-bginfo.ps1 2018-10-30 14:13:50 -07:00
Chris Long
d763d66dc2 Drop the firewall in Win10 host [ci skip] 2018-09-25 22:48:26 -07:00
Chris Long
3af54d5003 Merge branch 'master' into patch-3 2018-09-25 22:44:47 -07:00
Chris Long
ba7784e0e8 Multiple fixes, additions 2018-09-06 22:58:36 -07:00
Dmitry
4d21d2e885 Add code to section "Excluding NAT interface from DNS" 
Hi!
I want  you to add code to subj section. 
Here my qwuick and dirty example of a code
Here the list what it proposed to do.
1. remove NAT adapters IP Resource records in DNS Server.
2. Uncheck option "Register this connection's addresses in dns"
3. Remove all RR from NAT if already registered. (unnessesary, if NAT adapter RR not exist)
4. restart DNS server service.
 2018-09-04 15:28:44 +07:00
Chris Long
95e177f5aa Fixing bugs 2018-07-30 21:54:42 -07:00