One Article Review
| Source |  taosecurity |
|---|---|
| Identifiant | 1012586 |
| Date de publication | 2019-01-28 16:00:00 (vue: 2019-01-28 22:01:16) |
| Titre | Trying DetectionLab |
| Texte |  Many security professionals run personal labs. Trying to create an environment that includes fairly modern Windows systems can be a challenge. In the age of "infrastructure as code," there should be a simpler way to deploy systems in a repeatable, virtualized way -- right?Enter DetectionLab, a project by Chris Long. Briefly, Chris built a project that uses Packer and Vagrant to create an instrumented lab environment. Chris explained the project in late 2017 in a Medium post, which I recommend reading.I can't even begin to describe all the functionality packed into this project. So much of it is new, but this is a great way to learn about it. In this post, I would like to show how I got a version of DetectionLab running.My build environment included a modern laptop with 16 GB RAM and Windows 10 professional. I had already installed Virtualbox 6.0 with the appropriate VirtualBox Extension Pack. I had also enabled the native OpenSSH server and performed all DetectionLab installation functions over an OpenSSH session.Install ChocolateyMy first step was to install Chocolatey, a package manager for Windows. I wanted to use this to install the Git client I wanted to use to clone the DetectionLab repo. Commands I typed at each stage are in bold below.root@LAPTOP-HT4TGVCP C:\Users\root>@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"Getting latest version of the Chocolatey package for download.Getting Chocolatey from https://chocolatey.org/api/v2/package/chocolatey/0.10.11.Downloading 7-Zip commandline tool prior to extraction.Extracting C:\Users\root\AppData\Local\Temp\chocolatey\chocInstall\chocolatey.zip to C:\Users\root\AppData\Local\Temp\chocolatey\chocInstall...Installing chocolatey on this machineCreating ChocolateyInstall as an environment variable (targeting 'Machine') Setting ChocolateyInstall to 'C:\ProgramData\chocolatey'WARNING: It's very likely you will need to close and reopen your shell before you can use choco. |
| Envoyé | Oui |
| Condensat | /vagrant 0==> 127 16 1:2203 2003 2018 2200 2201 2202 2203 2204 2222 3389 55985 55986 5932 5985 5986 :root@laptop ==> => the about access adapter additions address address: after all allow also another any are attempting authentication based bejtlich blogspot bold bolded boot booted booting built but can can cases check checking clearing client cloud collision com computer configuration configuring conflict controller copyright could customizations dc: dc==> detectionlab directly discussion domain dustin enabled enabling encountered entry errors excited exe execution extensions failing features files findstr fine fixed folder folders fork forwarded forwarding four from furthermore git graceful guest has have haven host hostname hostonly==> ht4tgvcp installed instrumentation interfaces issue issues its laptop lee limit: listening local local| log machine make match may means minor minutes most mounting multiconn: nat negotiate==> network not now null of off offering on onion oracle over password please plus port ports pre preparing prevent previously problems program properly prospect pt2h rare rdp ready reload replaces reserved resolve restarting result reusesingleconn: richard root root> root@laptop running runs same saw screen security see see series server set setting shared should showvminfo shutdown similar solved some sort such summarythese sure system systems take taosecurity the these things time topic transport: trimmed trying type: unfortunately use user username: users using vagrant vagrant vagrant> vagrant>vagrant vboxmanage version version: virtual virtualbox vms vrde vrdevrde: waiting wef wef: wef: what which windomain windows winrm within wonder work working www yet your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.