-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathos-setup.yml
128 lines (117 loc) · 6.45 KB
/
os-setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
###############################################################
# Author : Jerzy 'Yuri' Kramarz (op7ic) #
# Version : 1.0 #
# Type : Terraform/Ansible #
# Description : Cloud-Investigate. See README.md for details #
# License : See LICENSE for details #
###############################################################
############################################################
# Instructions: Use options below to configure your deployment enviroment
############################################################
# Firewall setup
enable_windows_firewall: false
# Credentials of the local admin/root created on workstation and servers.
# On AWS we rename default 'Administrator' account to specificed username so ansible can log in.
local_admin_credentials:
username: prime
password: oD2kQ09#%qZ5%ZxZ77N&6BMFghvm$j
# Safe Mode Password
safe_mode_pass: oD2kQ09#%qZ5%ZxZ77N&6BMFghvm$j
# hostname
server_name: PRIME
# Packages installed by chocoladey package management
chocoladey_packages:
- python3
- megatools
- nirlauncher
- vcredist-all
- visualstudio2019buildtools
- visualstudio2022buildtools
- microsoft-build-tools
- visualcpp-build-tools
- windows-sdk-10-version-2004-windbg
- virtualmachineconverter
- dotnetfx
- wireshark
- ext2fsd
- 7zip.install
- notepadplusplus
- winscp
- folderchangesview
- hashcheck
- Firefox
- volatility
- sandboxie-plus
- radare2
- powertoys
- qemu
- qemu-img
- curl
- GoogleChrome
- tor-browser
- smartftp
- Cygwin
- kubernetes-cli
- putty.install
- yara
- jre8
- clamav
- bitvise-ssh-server
# Sysmon configuration options. This options allows you to set up where to get Sysmon binary and configuration files from.
sysmon:
installer_url: https://live.sysinternals.com/Sysmon64.exe
config_url: https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml
# Location of download links for various tools and plugins
tools:
standalone:
velociraptor: https://github.com/Velocidex/velociraptor/releases/download/v0.7.1/velociraptor-v0.7.1-1-windows-amd64.exe
kape: https://s3.amazonaws.com/cyb-us-prd-kape/kape.zip
wsl: https://aka.ms/wslubuntu2004
ericzimmermantools: https://f001.backblazeb2.com/file/EricZimmermanTools/Get-ZimmermanTools.zip # TODO
Aresnal_Image_Mouter: https://mega.nz/file/mopUjYAa#Y6F-BkJ6svDkxI0WNevPle6xS7zWuioajgbUdkGq4Ws
Arsenal_Registry_Recon: https://mega.nz/file/PwJGXTQZ#Py3NGbvkkJzeEAoCJ9aghdyVuP1Augfa5Hz-jRATNEs
Arsenal_Hive_Recon: https://mega.nz/file/GxpD2CIa#ADTUWZrX328ijGXNTfe6sxKLkNMkXsu6w3s7b2EdZ8s
Arsenal_Hibernation_Recon: https://mega.nz/file/z4Q2iD4C#1I8eFUnuV-x-OOuFJ7G-8YWcNPDfrV26w3aL2mnqGPI
Arsenal_HIBN_Recon: https://mega.nz/file/i04RjYJI#yqyrgECgUjKxwGSCsvx-fhvwkICGTr2z7OihTJoeWys
Arsenal_ODC_Recon: https://mega.nz/file/604lWb4Z#Tn3ePIlMaGOSmTfuCMKaEeLRyTU0S4uCekZQJzKttCQ
Sysinternals: https://download.sysinternals.com/files/SysinternalsSuite.zip
burp: https://portswigger-cdn.net/burp/releases/download?product=community&version=2024.1.1.6&type=WindowsX64
OSForensic: https://osforensics.com/downloads/osf.exe
OSFMount: https://www.osforensics.com/downloads/osfmount.exe
VolatilityWorkbench: https://www.osforensics.com/downloads/VolatilityWorkbench.zip
NetworkMiner: https://www.netresec.com/?download=NetworkMiner
DidierStevensSuite: https://github.com/DidierStevens/DidierStevensSuite/archive/refs/heads/master.zip
Zircolite: https://github.com/wagga40/Zircolite/archive/refs/heads/master.zip
pestudio: https://www.winitor.com/tools/pestudio/current/pestudio.zip
RITA: https://github.com/activecm/rita/archive/refs/heads/master.zip
git:
volatility3: https://github.com/volatilityfoundation/volatility3/archive/refs/heads/develop.zip
volatility2: https://github.com/volatilityfoundation/volatility/archive/refs/heads/master.zip
plaso: https://github.com/log2timeline/plaso/archive/refs/heads/main.zip
installers:
autopsy: https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.21.0/autopsy-4.21.0-64bit.msi
sift: https://github.com/teamdfir/sift-cli/releases/download/v1.14.0-rc1/sift-cli-linux
splunk: https://download.splunk.com/products/splunk/releases/8.2.6/windows/splunk-8.2.6-a6fe1ee8894b-x64-release.msi
kape_plugins:
KAPE_EZUpader: https://raw.githubusercontent.com/AndrewRathbun/KAPE-EZToolsAncillaryUpdater/main/KAPE-EZToolsAncillaryUpdater.ps1
reg_hunter: https://github.com/theflakes/reg_hunter/releases/download/v0.7.4/reg_hunter.exe
SEPparser: https://github.com/Beercow/SEPparser/releases/download/v2022.12.21/SEPparser.exe
srum_dump: https://github.com/MarkBaggett/srum-dump/raw/python3/srum_dump_csv.exe
OneDriveExplorer: https://github.com/Beercow/OneDriveExplorer/releases/download/v2024.03.22/ODE.zip
hindsight: https://github.com/obsidianforensics/hindsight/releases/download/v2023.03/hindsight.exe
dhparser: https://github.com/jklepsercyber/defender-detectionhistory-parser/blob/main/dhparser.exe
CCMRUAFinder_RecentlyUsedApps: https://github.com/esecrpm/WMI_Forensics/raw/master/CCM_RUA_Finder.exe
BMCCacheParse: https://github.com/dingtoffee/bmc-tools/blob/master/dist/bmc-tools.exe
sigcheck: https://live.sysinternals.com/sigcheck64.exe
INDXRipper: https://github.com/harelsegev/INDXRipper/releases/download/v20231117/INDXRipper-20231117-py3.12-amd64.zip
Chainsaw: https://github.com/WithSecureLabs/chainsaw/releases/download/v2.8.1/chainsaw_all_platforms+rules+examples.zip
hayabusa: https://github.com/Yamato-Security/hayabusa/releases/download/v2.13.0/hayabusa-2.13.0-all-platforms.zip
LevelDBDumper: https://github.com/mdawsonuk/LevelDBDumper/releases/download/v3.0.0-beta.1/LevelDBDumper.exe
EvtxHussar: https://github.com/yarox24/EvtxHussar/releases/download/1.7/EvtxHussar1.7_windows_amd64.zip
browsinghistoryview: https://www.nirsoft.net/utils/browsinghistoryview-x64.zip
FullEventLogView: https://www.nirsoft.net/utils/fulleventlogview-x64.zip
TurnedOnTimesView: https://www.nirsoft.net/utils/turnedontimesview.zip
usbdeview: https://www.nirsoft.net/utils/usbdeview-x64.zip
RegRipper: https://github.com/keydet89/RegRipper3.0/archive/refs/heads/master.zip
CAFAE: https://tzworks.com/prototypes/cafae/cafae64.v.0.78.win.zip
evtwalk64: https://tzworks.com/prototypes/evtwalk/evtwalk64.v.0.63.win.zip