win10 - redteam tools not installed

clong / DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

MIT License

4.59k stars 979 forks source link

win10 - redteam tools not installed #850

Closed kiyori-lw closed 1 year ago

kiyori-lw commented 1 year ago

Operating System Version: win11
Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): vmware
Vagrant Version (if applicable):

Please verify that you are building from an updated Master branch before filing an issue.

Description of the issue:

While building win10 host, I see that install-redteam.ps1 runs, but there are no tools in C:\tools\:

    win10: Running: scripts/install-redteam.ps1 as C:\tmp\vagrant-shell.ps1
==> win10: Running provisioner: shell...

Link to Gist Containing Build Logs:

kiyori-lw commented 1 year ago

started t-shoot. looks like 1st error is that windows defender is blocking mimikatz install, at which point install-redteam stops

kiyori-lw commented 1 year ago

ok, looks like windows defender was supposed to be disabled, but it wasn't. i disabled it manually via the Defender GUI and the script ran fine and installed the tools as expected

reading the install-redteam script, it indicates that it should already be disabled at this line:

# Windows Defender should be disabled already by O&O ShutUp10 and the GPO

maybe there's an issue with those?

kiyori-lw commented 1 year ago

looks like something is wrong with installing the AtomicRedTeam as well

kiyori-lw commented 1 year ago

i think the GPO is turning the Defender back on. after some time (next day), defender is back on again

clong commented 1 year ago

Dupe of #854