GithubHelp home page GithubHelp logo

spacecase123 / threatpursuit-vm Goto Github PK

View Code? Open in Web Editor NEW

This project forked from mandiant/threatpursuit-vm

0.0 0.0 0.0 179 KB

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

License: Other

AutoHotkey 1.31% PowerShell 98.63% Batchfile 0.06%

threatpursuit-vm's Introduction

      __   __                         __      
    _/  |_|  |_________  ____ _____ _/  |_    
    \   __|  |  \_  __ _/ __ \\__  \\   __\   
     |  | |   Y  |  | \\  ___/ / __ \|  |     
     |__| |___|  |__|   \___  (____  |__|     
     ______  __ _________ ________ __|___/  |
     \____ \|  |  \_  __ /  ___|  |  |  \   __\
     |  |_> |  |  /|  | \\___ \|  |  |  ||  |
     |   __/|____/ |__| /____  |____/|__||__|
     |__|                    \/

            MANDIANT THREAT INTELLIGENCE VM
                   Version 2020.1
              [email protected]

                     Created by:
                     Dan Kennedy
              Jake Barteaux @day1player
          Blaine Stancill @MalwareMechanic
                     Nhan Huynh
      Front Line Advanced Research and Expertise

Pre-Requisites

Google Chrome Browser

Oracle Java SE 11 or Greater

Installation (Install Script)

Requirements

Recommended

  • Windows 10 1903
  • 120+ GB Hard Drive
  • 8+ GB RAM
  • 1 network adapters
  • 1024mb Graphics Card Memory
  • Enable Virtualization support for VM (Required for Docker)

Known Issues

Using Oracle Virtualbox as the virtualisation software running from a Windows 10 physical host, will cause issues with the Docker install. There is currently no workaround other than using VMware Player or VMware Workstation.

Instructions

Standard install

  1. Create and configure a new Windows Virtual Machine
  2. Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain
  3. Take a snapshot of your machine!
  4. Download and copy install.ps1 on your newly configured machine.
  5. Open PowerShell as an Administrator
  6. Unblock the install file by running Unblock-File .\install.ps1
  7. Enable script execution by running Set-ExecutionPolicy Unrestricted -f
  8. Finally, execute the installer script as follows: .\install.ps1 You can also pass your password as an argument: .\install.ps1 -password The script will set up the Boxstarter environment and proceed to download and install the ThreatPursuit VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.

Installed Tools

Development, Analytics and Machine Learning

  • Shogun
  • Tensorflow
  • Pytorch
  • Rstudio
  • RTools
  • Darwin
  • Keras
  • Apache Spark
  • Elasticsearch
  • Kibana
  • Apache Zeppelin
  • Jupyter Notebook
  • MITRE Caret
  • Python (x64)

Visualisation

  • Constellation
  • Neo4J
  • CMAP

Triage, Modelling & Hunting

  • MISP
  • OpenCTI
  • Maltego
  • Splunk
  • Microsoft MSTIC Jupyter and Python Security Tools
  • MITRE ATT&CK Navigator
  • Cortex Analyzer
  • Greynoise API and GNQL
  • threatcrowd API
  • threatcmd
  • ViperMonkey
  • Threat Hunters Playbook
  • MITRE TRAM
  • SIGMA
  • YETI
  • Azure Zentinel
  • AMITT Framework

Adversarial Emulation

  • MITRE Calderra
  • Red Canary ATOMIC Red Team
  • Mordor Re-play Adversarial Techniques
  • MITRE Caltack Plugin
  • APTSimulator
  • FlightSim

Information Gathering

  • Maltego
  • nmap
  • intelmq
  • dnsrecon
  • orbit
  • FOCA

Utilities and Links

  • CyberChef
  • KeepPass
  • FLOSS
  • peview
  • VLC
  • AutoIt3
  • Chrome
  • OpenVPN
  • Sublime
  • Notepad++
  • Docker Desktop
  • HxD
  • Sysinternals
  • Putty

threatpursuit-vm's People

Contributors

itzdan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.