search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.22k stars 887 forks source link

[Enhancement] Better install.ps1 network checks #551

Closed HuskyHacks closed 7 months ago

HuskyHacks commented 7 months ago

Hello again!

I've noticed a few PMAT students (particularly our analyst friends in countries other than the US) report install.ps1 failing network checks. The script currently doesn't give a lot of info about how the network checks failed. This PR seeks to provide more info so an analyst can troubleshoot more effectively.

All checks are still encapsulated so the -noChecks bypass will skip them:

image

Running without a custom config and all checks succeed:

image

Example of the ping check failing:

image

Erroring out on the GET request to GitHub:

image

When running install.ps1 while pulling a remote custom config file, the check will run for raw.githubusercontent.com:

image

Network checks are now encapsulated in a simple function, so if we want to add more of them (choco site, etc) it's as simple as:

    Test-WebConnection "google.com"
    Test-WebConnection "github.com"
    # Test-WebConnection "[any other URL we need]"
HuskyHacks commented 7 months ago

Apologies for the wacky rebase, my formatter went crazy on the rest of the file but I've restored it to its previous state! We should be good now.