DetectionLab icon indicating copy to clipboard operation
DetectionLab copied to clipboard
verified publisher icon clong

win10 - redteam tools not installed

Open kiyori-lw opened this issue 3 years ago • 4 comments

  • Operating System Version: win11
  • Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): vmware
  • Vagrant Version (if applicable):

Please verify that you are building from an updated Master branch before filing an issue.

Description of the issue:

While building win10 host, I see that install-redteam.ps1 runs, but there are no tools in C:\tools:

    win10: Running: scripts/install-redteam.ps1 as C:\tmp\vagrant-shell.ps1
==> win10: Running provisioner: shell...

Link to Gist Containing Build Logs:

kiyori-lw avatar Sep 19 '22 01:09 kiyori-lw

started t-shoot. looks like 1st error is that windows defender is blocking mimikatz install, at which point install-redteam stops

kiyori-lw avatar Sep 19 '22 01:09 kiyori-lw

ok, looks like windows defender was supposed to be disabled, but it wasn't. i disabled it manually via the Defender GUI and the script ran fine and installed the tools as expected

reading the install-redteam script, it indicates that it should already be disabled at this line:

# Windows Defender should be disabled already by O&O ShutUp10 and the GPO

maybe there's an issue with those?

kiyori-lw avatar Sep 19 '22 01:09 kiyori-lw

looks like something is wrong with installing the AtomicRedTeam as well

kiyori-lw avatar Sep 19 '22 01:09 kiyori-lw

i think the GPO is turning the Defender back on. after some time (next day), defender is back on again

kiyori-lw avatar Sep 21 '22 00:09 kiyori-lw

Dupe of #854

clong avatar Oct 01 '22 17:10 clong