DetectionLab/Vagrant/Vagrantfile

Vagrant.configure("2") do |config|

  config.vm.define "logger" do |cfg|
    cfg.vm.box = "bento/ubuntu-16.04"
    cfg.vm.hostname = "logger"
    cfg.vm.provision :shell, path: "bootstrap.sh"
    cfg.vm.network :private_network, ip: "192.168.38.105", gateway: "192.168.38.1", dns: "8.8.8.8"

    cfg.vm.provider "vmware_desktop" do |v, override|
      v.vmx["displayname"] = "logger"
      v.memory = 4096
      v.cpus = 2
      v.gui = true
    end

    cfg.vm.provider "virtualbox" do |vb, override|
      vb.gui = true
      vb.name = "logger"
      vb.customize ["modifyvm", :id, "--memory", 4096]
      vb.customize ["modifyvm", :id, "--cpus", 2]
      vb.customize ["modifyvm", :id, "--vram", "32"]
      vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
      vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
      vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
    end
  end

  config.vm.define "dc" do |cfg|
    cfg.vm.box = "detectionlab/win2016"
    cfg.vm.hostname = "dc"
    cfg.vm.boot_timeout = 600
    cfg.winrm.transport = :plaintext
    cfg.vm.communicator = "winrm"
    cfg.winrm.basic_auth_only = true
    cfg.winrm.timeout = 300
    cfg.winrm.retry_limit = 20
    cfg.vm.network :private_network, ip: "192.168.38.102", gateway: "192.168.38.1"

    cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "192.168.38.102"
    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
    cfg.vm.provision "reload"
    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/download_palantir_osquery.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-ou.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-wef-gpo.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-powershelllogging.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-AuditingPolicyGPOs.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-rdp-user-gpo.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-disable-windows-defender-gpo.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false
    cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
    cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false

    cfg.vm.provider "vmware_desktop" do |v, override|
      v.vmx["displayname"] = "dc.windomain.local"
      v.memory = 3072
      v.cpus = 2
      v.gui = true
      v.enable_vmrun_ip_lookup = false
    end

    cfg.vm.provider "virtualbox" do |vb, override|
      vb.gui = true
      vb.name = "dc.windomain.local"
      vb.default_nic_type = "82545EM"
      vb.customize ["modifyvm", :id, "--memory", 3072]
      vb.customize ["modifyvm", :id, "--cpus", 2]
      vb.customize ["modifyvm", :id, "--vram", "32"]
      vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
      vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
    end
  end

  config.vm.define "wef" do |cfg|
    cfg.vm.box = "detectionlab/win2016"
    cfg.vm.hostname = "wef"
    cfg.vm.boot_timeout = 600
    cfg.vm.communicator = "winrm"
    cfg.winrm.basic_auth_only = true
    cfg.winrm.timeout = 300
    cfg.winrm.retry_limit = 20
    cfg.vm.network :private_network, ip: "192.168.38.103", gateway: "192.168.38.1", dns: "192.168.38.102"

    cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "-ip 192.168.38.103 -dns 192.168.38.102"
    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
    cfg.vm.provision "reload"
    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/download_palantir_osquery.ps1", privileged: false
    cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
    cfg.vm.provision "shell", path: "scripts/install-wefsubscriptions.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-windows_ta.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-pslogstranscriptsshare.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false
    cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-microsoft-ata.ps1", privileged: false

    cfg.vm.provider "vmware_desktop" do |v, override|
      v.vmx["displayname"] = "wef.windomain.local"
      v.memory = 2048
      v.cpus = 2
      v.gui = true
      v.enable_vmrun_ip_lookup = false
    end

    cfg.vm.provider "virtualbox" do |vb, override|
      vb.gui = true
      vb.name = "wef.windomain.local"
      vb.default_nic_type = "82545EM"
      vb.customize ["modifyvm", :id, "--memory", 2048]
      vb.customize ["modifyvm", :id, "--cpus", 2]
      vb.customize ["modifyvm", :id, "--vram", "32"]
      vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
      vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
    end
  end

  config.vm.define "win10" do |cfg|
    cfg.vm.box = "detectionlab/win10"
    cfg.vm.hostname = "win10"
    cfg.vm.boot_timeout = 1200
    cfg.vm.communicator = "winrm"
    cfg.winrm.basic_auth_only = true
    cfg.winrm.timeout = 1200
    cfg.winrm.retry_limit = 20
    cfg.vm.network :private_network, ip: "192.168.38.104", gateway: "192.168.38.1", dns: "192.168.38.102"

    cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "-ip 192.168.38.104 -dns 192.168.38.102"
    cfg.vm.provision "shell", path: "scripts/MakeWindows10GreatAgain.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
    cfg.vm.provision "reload"
    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/download_palantir_osquery.ps1", privileged: false
    cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
    cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false

    cfg.vm.provider "vmware_desktop" do |v, override|
      v.vmx["displayname"] = "win10.windomain.local"
      v.vmx["gui.fullscreenatpoweron"] = "FALSE"
      v.vmx["gui.viewModeAtPowerOn"] = "windowed"
      v.memory = 2048
      v.cpus = 1
      v.gui = true
      v.enable_vmrun_ip_lookup = false
    end

    cfg.vm.provider "virtualbox" do |vb, override|
      vb.gui = true
      vb.name = "win10.windomain.local"
      vb.default_nic_type = "82545EM"
      vb.customize ["modifyvm", :id, "--memory", 2048]
      vb.customize ["modifyvm", :id, "--cpus", 1]
      vb.customize ["modifyvm", :id, "--vram", "32"]
      vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
      vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
    end
  end
end