Skip to content

Commit 81bd7c4

Browse files
authored
Merge branch 'master' into patch-2
2 parents e824cdc + 6126bcb commit 81bd7c4

File tree

16 files changed

+154
-72
lines changed

16 files changed

+154
-72
lines changed
File renamed without changes.

ESXi/ansible/roles/logger/tasks/main.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -650,7 +650,5 @@
650650
shell: |
651651
# Include Splunk and Zeek in the PATH
652652
echo export PATH="$PATH:/opt/splunk/bin:/opt/zeek/bin" >>~/.bashrc
653-
# Ping DetectionLab server for usage statistics
654-
curl -s -A "DetectionLab-logger" "https:/ping.detectionlab.network/logger" || echo "Unable to connect to ping.detectionlab.network"
655653
656654

Proxmox/Ansible/roles/logger/tasks/main.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -662,7 +662,5 @@
662662
shell: |
663663
# Include Splunk and Zeek in the PATH
664664
echo export PATH="$PATH:/opt/splunk/bin:/opt/zeek/bin" >>~/.bashrc
665-
# Ping DetectionLab server for usage statistics
666-
curl -s -A "DetectionLab-logger" "https:/ping.detectionlab.network/logger" || echo "Unable to connect to ping.detectionlab.network"
667665
668666

README.md

Lines changed: 5 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,14 @@
11
# Detection Lab
2+
## As of 2023-01-01, DetectionLab is no longer being actively maintained
23
![DetectionLab](./img/DetectionLab.png)
34

45
DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing.
56

6-
[![CircleCI](https://circleci.com/gh/clong/DetectionLab/tree/master.svg?style=shield)](https://circleci.com/gh/clong/DetectionLab/tree/master)
77
![Lint Code Base](https://github.com/clong/DetectionLab/workflows/Lint%20Code%20Base/badge.svg)
88
[![license](https://img.shields.io/github/license/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/blob/master/license.md)
9-
![Maintenance](https://img.shields.io/maintenance/yes/2022.svg?style=flat-square)
9+
![Maintenance](https://img.shields.io/maintenance/no/2023.svg?style=flat-square)
1010
[![GitHub last commit](https://img.shields.io/github/last-commit/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/commit/master)
1111
[![Twitter](https://img.shields.io/twitter/follow/DetectionLab.svg?style=social)](https://twitter.com/DetectionLab)
12-
[![Slack](https://img.shields.io/badge/Slack-DetectionLab-blue)](https://join.slack.com/t/detectionlab/shared_invite/zt-mv1qnw9f-3qo2ZrB0IbIKhvinfsgYhg)
13-
14-
#### Donate to the project:
15-
16-
All of the infrastructure, building, and testing of DetectionLab is currently funded by myself in my spare time. If you find this project useful, feel free to buy me a coffee using one of the buttons below!
17-
18-
[![GitHub Sponsor](https://img.shields.io/badge/GitHub-Sponsor-red.svg)](https://github.com/sponsors/clong)
19-
20-
[![GitHub One-Time Payment](https://img.shields.io/badge/GitHub-One--Time%20Sponsor-red)](https://github.com/sponsors/clong?frequency=one-time) [$5](https://github.com/login?return_to=%2Fsponsors%2Fclong%2Fsponsorships%3Ftier_id%3D89561) | [$20](https://github.com/login?return_to=%2Fsponsors%2Fclong%2Fsponsorships%3Ftier_id%3D89562) | [$100](https://github.com/login?return_to=%2Fsponsors%2Fclong%2Fsponsorships%3Ftier_id%3D97537)
2112

2213
## Purpose
2314
This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.
@@ -108,32 +99,6 @@ A sizable percentage of this code was borrowed and adapted from [Stefan Scherer]
10899
* [EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES)
109100

110101
# DetectionLab Sponsors
111-
#### Last updated: 07/10/2022
112-
I would like to extend thanks to the following sponsors for funding DetectionLab development. If you are interested in becoming a sponsor, please visit the [sponsors page](https://github.com/sponsors/clong).
113-
114-
### Diamond Sponsors:
115-
* [Veramine](https://github.com/veramine)
116-
* [Thinkst](https://github.com/ThinkstAppliedResearch)
117-
* [olliencc](https://github.com/olliencc)
118-
* [snaplabsio](https://github.com/snaplabsio)
119-
* [0x0lolbin](https://github.com/0x0lolbin)
120-
* [materaj2](https://github.com/materaj2)
121-
* [OutpostSecurity](https://github.com/OutpostSecurity)
122-
* [knotnet](https://github.com/knotnet)
123-
124-
### Premium Sponsors:
125-
* [dlee35](https://github.com/dlee35)
126-
* [chrissanders](https://github.com/chrissanders)
127-
* [iamfuntime](https://github.com/iamfuntime)
128-
* [Luct0r](https://github.com/Luct0r)
129-
* +2 private sponsors
130-
131-
### Standard Sponsors:
132-
* [braimee](https://github.com/braimee)
133-
* [defensivedepth](https://github.com/defensivedepth)
134-
* [mdtro](https://github.com/mdtro)
135-
* [ealaney](https://github.com/ealaney)
136-
* [elreydetoda](https://github.com/elreydetoda)
137-
* [DevBits1702](https://github.com/DevBits1702)
138-
* [0xcarpetman](https://github.com/0xcarpetman)
139-
* +2 private sponsors
102+
#### Last updated: 01/01/2023
103+
I would like to extend thanks to everyone who sponsored DetectionLab over the past few years. DetectionLab is no longer actively being maintained or developed.
104+

Vagrant/Vagrantfile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,7 @@ Vagrant.configure("2") do |config|
6565
cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
6666
cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
6767
cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
68+
cfg.vm.provision "file", source: "files/choco-winpcap", destination: "choco-winpcap"
6869
cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
6970
cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
7071
cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
@@ -137,6 +138,7 @@ Vagrant.configure("2") do |config|
137138
cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
138139
cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
139140
cfg.vm.provision "shell", path: "scripts/install-evtx-attack-samples.ps1", privileged: false
141+
cfg.vm.provision "file", source: "files/choco-winpcap", destination: "choco-winpcap"
140142
cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
141143
cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
142144
cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
@@ -196,6 +198,7 @@ Vagrant.configure("2") do |config|
196198
cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
197199
cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
198200
cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
201+
cfg.vm.provision "file", source: "files/choco-winpcap", destination: "choco-winpcap"
199202
cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
200203
cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
201204
cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
<?xml version="1.0"?>
2+
<package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
3+
<metadata>
4+
<id>WinPcap</id>
5+
<version>4.1.3.20161116</version>
6+
<title>WinPcap</title>
7+
<authors>NetGroup, CACE Technologies</authors>
8+
<owners>chocolatey</owners>
9+
<licenseUrl>http://www.winpcap.org/misc/copyright.htm</licenseUrl>
10+
<projectUrl>http://www.winpcap.org/</projectUrl>
11+
<iconUrl>https://cdn.rawgit.com/chocolatey/chocolatey-coreteampackages/b689d60fd7922e46e600536569805cc1785b6bf1/icons/winpcap.png</iconUrl>
12+
<requireLicenseAcceptance>false</requireLicenseAcceptance>
13+
<description>WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.
14+
15+
## Notes
16+
17+
- This package uses an Autohotkey script for unattended as vendor removed silent installation options.</description>
18+
<releaseNotes>https://www.winpcap.org/misc/changelog.htm</releaseNotes>
19+
<copyright>NetGroup, Politecnico di Torino (Italy). CACE Technologies, Davis (California).</copyright>
20+
<tags>driver foss packet capture network admin</tags>
21+
<packageSourceUrl>https://github.com/chocolatey/chocolatey-coreteampackages/tree/master/automatic/winpcap</packageSourceUrl>
22+
<docsUrl>https://www.winpcap.org/docs/default.htm</docsUrl>
23+
<dependencies>
24+
<dependency id="autohotkey.portable" version="[1.1.36.02,2.0)" />
25+
<dependency id="chocolatey-core.extension" version="1.0" />
26+
</dependencies>
27+
</metadata>
28+
</package>
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
<?xml version="1.0" encoding="utf-8"?><Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml" /><Default Extension="nuspec" ContentType="application/octet" /><Default Extension="ps1" ContentType="application/octet" /><Default Extension="ahk" ContentType="application/octet" /><Default Extension="psmdcp" ContentType="application/vnd.openxmlformats-package.core-properties+xml" /></Types>
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
<?xml version="1.0" encoding="utf-8"?><coreProperties xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.openxmlformats.org/package/2006/metadata/core-properties"><dc:creator>NetGroup, CACE Technologies</dc:creator><dc:description>WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.
2+
3+
## Notes
4+
5+
- This package uses an Autohotkey script for unattended as vendor removed silent installation options.</dc:description><dc:identifier>WinPcap</dc:identifier><version>4.1.3.20161116</version><keywords>driver foss packet capture network admin</keywords><dc:title>WinPcap</dc:title><lastModifiedBy>choco, Version=0.9.10.3, Culture=neutral, PublicKeyToken=79d02ea9cad655eb;Microsoft Windows NT 6.3.9600.0;.NET Framework 4</lastModifiedBy></coreProperties>
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
$ErrorActionPreference = 'Stop'
2+
3+
$packageArgs = @{
4+
packageName = 'WinPcap'
5+
fileFullPath = "$(Get-PackageCacheLocation)\WinPcapInstall.exe"
6+
url = 'https://www.winpcap.org/install/bin/WinPcap_4_1_3.exe'
7+
checksum = 'fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de'
8+
checksumType = 'sha256'
9+
}
10+
Get-ChocolateyWebFile @packageArgs
11+
12+
Write-Output "Running Autohotkey installer"
13+
$toolsPath = Split-Path $MyInvocation.MyCommand.Definition
14+
$ahkScript = "$toolsPath\winpcapInstall.ahk"
15+
AutoHotkey $ahkScript $packageArgs.fileFullPath
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
Write-Output "Running Autohotkey uninstaller"
2+
$toolsPath = Split-Path $MyInvocation.MyCommand.Definition
3+
$ahkScript = "$toolsPath\winpcapInstall.ahk"
4+
AutoHotkey $ahkScript $packageArgs.fileFullPath

0 commit comments

Comments
 (0)