├── WindowsAttackAndDefenseLab ├── DSC │ ├── DomainConfig │ │ ├── xDnsServer │ │ │ ├── .gitignore │ │ │ ├── DSCResources │ │ │ │ ├── MSFT_xDnsServerForwarder │ │ │ │ │ ├── MSFT_xDnsServerForwarder.schema.mof │ │ │ │ │ └── MSFT_xDnsServerForwarder.psm1 │ │ │ │ ├── MSFT_xDnsARecord │ │ │ │ │ └── MSFT_xDnsARecord.schema.mof │ │ │ │ ├── MSFT_xDnsRecord │ │ │ │ │ └── MSFT_xDnsRecord.schema.mof │ │ │ │ ├── MSFT_xDnsServerZoneTransfer │ │ │ │ │ └── MSFT_xDnsServerZoneTransfer.schema.mof │ │ │ │ ├── MSFT_xDnsServerSecondaryZone │ │ │ │ │ └── MSFT_xDnsServerSecondaryZone.schema.mof │ │ │ │ ├── MSFT_xDnsServerPrimaryZone │ │ │ │ │ └── MSFT_xDnsServerPrimaryZone.schema.mof │ │ │ │ ├── MSFT_xDnsServerADZone │ │ │ │ │ ├── MSFT_xDnsServerADZone.schema.mof │ │ │ │ │ └── Helper.psm1 │ │ │ │ └── Helper.psm1 │ │ │ ├── Misc │ │ │ │ ├── New-DnsServerSecondaryZone.ps1 │ │ │ │ └── New-DnsServerZoneTransfer.ps1 │ │ │ ├── LICENSE │ │ │ └── xDnsServer.psd1 │ │ ├── xTimeZone │ │ │ ├── .gitignore │ │ │ ├── DSCResources │ │ │ │ ├── xTimeZone │ │ │ │ │ ├── en-us │ │ │ │ │ │ └── xTimeZone.psd1 │ │ │ │ │ └── xTimeZone.schema.mof │ │ │ │ └── en-us │ │ │ │ │ └── TimezoneHelper.psd1 │ │ │ ├── Tests │ │ │ │ └── Integration │ │ │ │ │ └── xTimeZone.config.ps1 │ │ │ ├── LICENSE │ │ │ └── Examples │ │ │ │ └── SetTimeZone.ps1 │ │ ├── xActiveDirectory │ │ │ ├── DSCResources │ │ │ │ ├── MSFT_xADUser │ │ │ │ │ ├── README.md │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADUser.strings.psd1 │ │ │ │ ├── MSFT_xADGroup │ │ │ │ │ ├── README.md │ │ │ │ │ ├── en-US │ │ │ │ │ │ └── MSFT_xADGroup.strings.psd1 │ │ │ │ │ └── MSFT_xADGroup.schema.mof │ │ │ │ ├── MSFT_xADReplicationSubnet │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xADReplicationSubnet.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADReplicationSubnet.strings.psd1 │ │ │ │ ├── MSFT_xWaitForADDomain │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xWaitForADDomain.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xWaitForADDomain.strings.psd1 │ │ │ │ ├── MSFT_xADDomainDefaultPasswordPolicy │ │ │ │ │ ├── README.md │ │ │ │ │ ├── en-US │ │ │ │ │ │ └── MSFT_xADDomainDefaultPasswordPolicy.strings.psd1 │ │ │ │ │ └── MSFT_xADDomainDefaultPasswordPolicy.schema.mof │ │ │ │ ├── MSFT_xADForestProperties │ │ │ │ │ ├── README.md │ │ │ │ │ ├── en-US │ │ │ │ │ │ └── MSFT_xADForestProperties.strings.psd1 │ │ │ │ │ └── MSFT_xADForestProperties.schema.mof │ │ │ │ ├── MSFT_xADKDSKey │ │ │ │ │ └── README.md │ │ │ │ ├── MSFT_xADOrganizationalUnit │ │ │ │ │ ├── README.md │ │ │ │ │ ├── en-US │ │ │ │ │ │ └── MSFT_xADOrganizationalUnit.strings.psd1 │ │ │ │ │ └── MSFT_xADOrganizationalUnit.schema.mof │ │ │ │ ├── MSFT_xADDomainTrust │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xADDomainTrust.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADDomainTrust.strings.psd1 │ │ │ │ ├── MSFT_xADDomain │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xADDomain.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADDomain.strings.psd1 │ │ │ │ ├── MSFT_xADObjectPermissionEntry │ │ │ │ │ ├── README.md │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADObjectPermissionEntry.strings.psd1 │ │ │ │ ├── MSFT_xADServicePrincipalName │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xADServicePrincipalName.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADServicePrincipalName.strings.psd1 │ │ │ │ ├── MSFT_xADReplicationSiteLink │ │ │ │ │ ├── README.md │ │ │ │ │ ├── en-US │ │ │ │ │ │ └── MSFT_xADReplicationSiteLink.strings.psd1 │ │ │ │ │ └── MSFT_xADReplicationSiteLink.schema.mof │ │ │ │ ├── MSFT_xADReplicationSite │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xADReplicationSite.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADReplicationSite.strings.psd1 │ │ │ │ ├── MSFT_xADRecycleBin │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xADRecycleBin.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADRecycleBin.strings.psd1 │ │ │ │ ├── MSFT_xADManagedServiceAccount │ │ │ │ │ ├── README.md │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADManagedServiceAccount.strings.psd1 │ │ │ │ ├── MSFT_xADDomainController │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xADDomainController.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADDomainController.strings.psd1 │ │ │ │ ├── MSFT_xADObjectEnabledState │ │ │ │ │ ├── README.md │ │ │ │ │ ├── MSFT_xADObjectEnabledState.schema.mof │ │ │ │ │ └── en-US │ │ │ │ │ │ └── MSFT_xADObjectEnabledState.strings.psd1 │ │ │ │ └── MSFT_xADComputer │ │ │ │ │ └── README.md │ │ │ ├── Tests │ │ │ │ └── Unit │ │ │ │ │ └── Stubs │ │ │ │ │ └── Microsoft.DirectoryServices.Deployment.Types.cs │ │ │ ├── Examples │ │ │ │ ├── Resources │ │ │ │ │ ├── xADReplicationSite │ │ │ │ │ │ ├── 1-CreateADReplicationSite_Config.ps1 │ │ │ │ │ │ ├── 3-RemoveADReplicationSite_Config.ps1 │ │ │ │ │ │ └── 2-CreateADReplicationSiteRenameDefault_Config.ps1 │ │ │ │ │ ├── xADGroup │ │ │ │ │ │ ├── 2-NewGroupWithMembers_Config.ps1 │ │ │ │ │ │ ├── 3-NewGroupMultidomainMembers_Config.ps1 │ │ │ │ │ │ └── 1-NewGroup_Config.ps1 │ │ │ │ │ ├── xADManagedServiceAccount │ │ │ │ │ │ ├── 1-CreateManagedServiceAccount_Config.ps1 │ │ │ │ │ │ ├── 2-CreateGroupManagedServiceAccount_Config.ps1 │ │ │ │ │ │ └── 3-CreateGroupManagedServiceAccountWithMembers_Config.ps1 │ │ │ │ │ ├── xADReplicationSubnet │ │ │ │ │ │ └── 1-CreateReplicationSubnet_Config.ps1 │ │ │ │ │ ├── xADServicePrincipalName │ │ │ │ │ │ ├── 1-AddUserServicePrincipalName_Config.ps1 │ │ │ │ │ │ └── 2-AddComputerServicePrincipalName_Config.ps1 │ │ │ │ │ ├── xWaitForADDomain │ │ │ │ │ │ └── 1-WaitForADDomain_Config.ps1 │ │ │ │ │ ├── xADKDSKey │ │ │ │ │ │ ├── 1-CreateKDSRootKey_Config.ps1 │ │ │ │ │ │ ├── 3-CreateKDSRootKeyRemoveLastKey_Config.ps1 │ │ │ │ │ │ └── 2-CreateKDSRootKeyInPast_Config.ps1 │ │ │ │ │ ├── xADReplicationSiteLInk │ │ │ │ │ │ ├── 1-CreateReplicationSiteLink_Config.ps1 │ │ │ │ │ │ └── 2-ModifyExistingReplicationSiteLink_Config.ps1 │ │ │ │ │ ├── xADRecycleBin │ │ │ │ │ │ └── 1-EnableADRecycleBin_Config.ps1 │ │ │ │ │ ├── xADComputer │ │ │ │ │ │ ├── 2-AddComputerAccountDisabled_Config.ps1 │ │ │ │ │ │ ├── 1-AddComputerAccount_Config.ps1 │ │ │ │ │ │ ├── 3-AddComputerAccountSpecificPath_Config.ps1 │ │ │ │ │ │ └── 4-AddComputerAccountAndCreateODJRequest_Config.ps1 │ │ │ │ │ ├── xADObjectEnabledState │ │ │ │ │ │ ├── 1-EnabledComputerAccount_Config.ps1 │ │ │ │ │ │ ├── 3-EnabledPrestagedClusterComputerAccount_Config.ps1 │ │ │ │ │ │ └── 2-CreateClusterComputerAccount_Config.ps1 │ │ │ │ │ ├── xADUser │ │ │ │ │ │ ├── 1-CreateUserAndManagePassword_Config.ps1 │ │ │ │ │ │ └── 2-CreateUserAndIgnorePasswordChanges_Config.ps1 │ │ │ │ │ ├── xADForestProperties │ │ │ │ │ │ ├── 2-AddRemoveForestProperties_Config.ps1 │ │ │ │ │ │ └── 1-ReplaceForestProperties_Config.ps1 │ │ │ │ │ ├── xADDomainDefaultPasswordPolicy │ │ │ │ │ │ └── 1-ConfigureDefaultPasswordPolicy_Config.ps1 │ │ │ │ │ ├── xADObjectPermissionEntry │ │ │ │ │ │ ├── 2-CreateDeleteComputerObject_Config.ps1 │ │ │ │ │ │ ├── 1-DelegateFullControl_Config.ps1 │ │ │ │ │ │ └── 3-ReadWriteComputerObjectProperties_Config.ps1 │ │ │ │ │ ├── xADDomainTrust │ │ │ │ │ │ └── 1-NewOneWayTrust_Config.ps1 │ │ │ │ │ ├── xADOrganizationalUnit │ │ │ │ │ │ └── 1-CreateADOU_Config.ps1 │ │ │ │ │ └── xADDomain │ │ │ │ │ │ ├── 1-NewForest_Config.ps1 │ │ │ │ │ │ └── 2-NewChildDomain_Config.ps1 │ │ │ │ └── README.md │ │ │ ├── LICENSE │ │ │ └── README.md │ │ ├── xDisk │ │ │ ├── PSGetModuleInfo.xml │ │ │ ├── xDisk_Documentation.html │ │ │ ├── DSCResources │ │ │ │ ├── MSFT_xDisk │ │ │ │ │ └── MSFT_xDisk.schema.mof │ │ │ │ └── MSFT_xWaitForDisk │ │ │ │ │ ├── MSFT_xWaitForDisk.psm1 │ │ │ │ │ └── MSFT_xWaitForDisk.schema.mof │ │ │ └── xDisk.psd1 │ │ ├── xPendingReboot │ │ │ ├── PSGetModuleInfo.xml │ │ │ ├── xPendingReboot.psd1 │ │ │ └── DSCResources │ │ │ │ └── MSFT_xPendingReboot │ │ │ │ └── MSFT_xPendingReboot.schema.mof │ │ ├── xNetworking │ │ │ ├── DSCResources │ │ │ │ ├── MSFT_xFirewall │ │ │ │ │ └── MSFT_xFirewall.Schema.mof │ │ │ │ ├── MSFT_xDNSServerAddress │ │ │ │ │ └── MSFT_xDNSServerAddress.schema.mof │ │ │ │ └── MSFT_xIPAddress │ │ │ │ │ └── MSFT_xIPAddress.schema.mof │ │ │ ├── Examples │ │ │ │ ├── Sample_xIPAddress_FixedValue.ps1 │ │ │ │ ├── Sample_xFirewall_AddFirewallRuleToNewGroup.ps1 │ │ │ │ ├── Sample_xDnsServerAddress.ps1 │ │ │ │ ├── Sample_xFirewall_DisableAccessToApplication.ps1 │ │ │ │ ├── Sample_xIPAddress_Parameterized.ps1 │ │ │ │ ├── Sample_xFirewall_AddFirewallRuleToExistingGroup.ps1 │ │ │ │ └── Sample_xFirewall_AddFirewallRule.ps1 │ │ │ └── xNetworking.psd1 │ │ └── cDisk │ │ │ ├── DSCResources │ │ │ └── SAMPLE_cDiskNoRestart │ │ │ │ └── SAMPLE_cDiskNoRestart.schema.mof │ │ │ └── cDisk.psd1 │ ├── HomeConfig │ │ ├── cChoco │ │ │ ├── .gitIgnore │ │ │ ├── DSCResources │ │ │ │ ├── cChocoInstaller │ │ │ │ │ └── cChocoInstaller.schema.mof │ │ │ │ ├── cChocoFeature │ │ │ │ │ └── cChocoFeature.schema.mof │ │ │ │ ├── cChocoSource │ │ │ │ │ └── cChocoSource.schema.mof │ │ │ │ ├── cChocoPackageInstall │ │ │ │ │ └── cChocoPackageInstall.schema.mof │ │ │ │ └── cChocoPackageInstallerSet │ │ │ │ │ └── cChocoPackageInstallerSet.schema.psm1 │ │ │ ├── cChoco.psd1 │ │ │ ├── NOTICE │ │ │ ├── Examples │ │ │ │ ├── cChocoFeatureExample.ps1 │ │ │ │ ├── cChocoInstaller_cChocoPackageInstallExample.ps1 │ │ │ │ └── cChocoInstaller_cChocoInstallerExample.ps1 │ │ │ ├── Tests │ │ │ │ ├── cChocoInstaller_Tests.ps1 │ │ │ │ ├── cChoco_xDscResourceTests.ps1 │ │ │ │ └── cChoco_ScriptAnalyzerTests.ps1 │ │ │ ├── AppVeyor │ │ │ │ ├── AppVeyorBuild.ps1 │ │ │ │ ├── AppVeyorTest.ps1 │ │ │ │ └── AppVeyorDeploy.ps1 │ │ │ └── appveyor.yml │ │ └── xSystemSecurity │ │ │ ├── .gitignore │ │ │ ├── .vscode │ │ │ └── launch.json │ │ │ ├── DSCResources │ │ │ ├── xIEEsc │ │ │ │ ├── xIEEsc.schema.psm1 │ │ │ │ └── xIEEsc.psd1 │ │ │ └── MSFT_xFileSystemAccessRule │ │ │ │ └── MSFT_xFileSystemAccessRule.schema.mof │ │ │ ├── LICENSE │ │ │ └── Tests │ │ │ └── Integration │ │ │ └── MSFT_xFileSystemAccessRule.config.ps1 │ ├── UserDesktopConfig │ │ └── xComputerManagement │ │ │ ├── .gitignore │ │ │ ├── .MetaTestOptIn.json │ │ │ ├── .markdownlint.json │ │ │ ├── DSCResources │ │ │ ├── MSFT_xPowerPlan │ │ │ │ ├── MSFT_xPowerPlan.schema.mof │ │ │ │ └── en-US │ │ │ │ │ ├── MSFT_xPowerPlan.schema.mfl │ │ │ │ │ └── MSFT_xPowerPlan.strings.psd1 │ │ │ ├── MSFT_xOfflineDomainJoin │ │ │ │ ├── MSFT_xOfflineDomainJoin.schema.mof │ │ │ │ └── en-us │ │ │ │ │ └── MSFT_xOfflineDomainJoin.psd1 │ │ │ ├── MSFT_xComputer │ │ │ │ └── MSFT_xComputer.schema.mof │ │ │ └── MSFT_xVirtualMemory │ │ │ │ └── MSFT_xVirtualMemory.schema.mof │ │ │ ├── Examples │ │ │ ├── xComputer │ │ │ │ ├── 4-RenameComputerInWorkgroup.ps1 │ │ │ │ ├── 1-RenameComputerAndSetWorkgroup.ps1 │ │ │ │ ├── 2-JoinDomain.ps1 │ │ │ │ ├── 3-RenameComputerInDomain.ps1 │ │ │ │ └── 5-UnjoinDomainAndJoinWorkgroup.ps1 │ │ │ ├── xPowerPlan │ │ │ │ └── 1-SetPowerPlan.ps1 │ │ │ ├── xOfflineDomainJoin │ │ │ │ └── 1-JoinDomainUsingODJBlob.ps1 │ │ │ ├── xVirtualMemory │ │ │ │ └── 1-SetVirtualMemory.ps1 │ │ │ └── xScheduledTask │ │ │ │ └── 2-RunPowerShellTaskEvery15Minutes.ps1 │ │ │ ├── .codecov.yml │ │ │ ├── appveyor.yml │ │ │ ├── LICENSE │ │ │ └── Tests │ │ │ └── Integration │ │ │ └── MSFT_xVirtualMemory.Config.ps1 │ └── AdminDesktopConfig │ │ └── AdminDesktopConfig.ps1 ├── README.md ├── DeploymentScripts │ ├── WindowsAttackAndDefenseLab.psm1 │ ├── ClassRgManagement.ps1 │ └── ClassDnsManagement.ps1 ├── AzureVmScripts │ ├── Remove-ComputerFromDomain.ps1 │ └── Add-ComputerToDomain.ps1 ├── metadata.json ├── components │ ├── userdesktop.json │ ├── admindesktop.json │ └── terminalserver.json ├── azuredeploy.parameters-example.json └── nestedtemplates │ └── vnet-with-dns-server.json ├── WindowsAttackAndDefenseLab.sln ├── LICENSE └── README.md /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/.gitignore: -------------------------------------------------------------------------------- 1 | DSCResource.Tests 2 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xTimeZone/.gitignore: -------------------------------------------------------------------------------- 1 | DSCResource.Tests 2 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/.gitIgnore: -------------------------------------------------------------------------------- 1 | *.mof 2 | !*.schema.mof 3 | TestsResults.xml -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/.gitignore: -------------------------------------------------------------------------------- 1 | DSCResource.Tests 2 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/README.md: -------------------------------------------------------------------------------- 1 | Reference the main [README](https://github.com/jaredhaight/WindowsAttackAndDefenseLab/) for details. -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/xSystemSecurity/.gitignore: -------------------------------------------------------------------------------- 1 | *.suo 2 | *.user 3 | *.coverage 4 | .vs 5 | .psproj 6 | .sln 7 | DscResource.Tests 8 | DscResource.Tests/* 9 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADUser/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADUser DSC resource will manage Users within Active Directory. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADGroup/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADGroup DSC resource will manage groups within Active Directory. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSubnet/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADReplicationSubnet DSC resource will manage replication subnets. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/.MetaTestOptIn.json: -------------------------------------------------------------------------------- 1 | [ 2 | "Common Tests - Validate Markdown Files", 3 | "Common Tests - Validate Example Files" 4 | ] 5 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/PSGetModuleInfo.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/PSGetModuleInfo.xml -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xWaitForADDomain/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xWaitForADDomain resource is used to wait for Active Directory to become available. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/xDisk_Documentation.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/xDisk_Documentation.html -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DeploymentScripts/WindowsAttackAndDefenseLab.psm1: -------------------------------------------------------------------------------- 1 | Get-ChildItem "$PSScriptRoot\*.ps1" | Where-Object { $_.Extension -eq ".ps1" } | ForEach-Object { Import-Module $_.FullName -DisableNameChecking } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xPendingReboot/PSGetModuleInfo.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/xPendingReboot/PSGetModuleInfo.xml -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xPendingReboot/xPendingReboot.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/xPendingReboot/xPendingReboot.psd1 -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainDefaultPasswordPolicy/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADDomainDefaultPasswordPolicy DSC resource will manage an Active Directory domain's default password policy. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/DSCResources/MSFT_xDisk/MSFT_xDisk.schema.mof: -------------------------------------------------------------------------------- 1 | 2 | [ClassVersion("0.1.0.0"), FriendlyName("xDisk")] 3 | class MSFT_xDisk : OMI_BaseResource 4 | { 5 | [key] uint32 DiskNumber; 6 | [write] string DriveLetter; 7 | }; -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/AzureVmScripts/Remove-ComputerFromDomain.ps1: -------------------------------------------------------------------------------- 1 | param( 2 | $ComputerName 3 | ) 4 | 5 | try { 6 | Remove-Computer -ComputerName $ComputerName -Force 7 | } 8 | catch { 9 | Write-Output "Computer $ComputerName does not exist in domain" 10 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADForestProperties/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADForestProperties DSC resource will manage User Principal Name (UPN) suffixes and Service Principal Name (SPN) suffixes in a forest. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/DSCResources/MSFT_xWaitForDisk/MSFT_xWaitForDisk.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/DSCResources/MSFT_xWaitForDisk/MSFT_xWaitForDisk.psm1 -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/DSCResources/MSFT_xFirewall/MSFT_xFirewall.Schema.mof: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/DSCResources/MSFT_xFirewall/MSFT_xFirewall.Schema.mof -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/DSCResources/cChocoInstaller/cChocoInstaller.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0"), FriendlyName("cChocoInstaller")] 2 | class cChocoInstaller : OMI_BaseResource 3 | { 4 | [Key] string InstallDir; 5 | [Write] string ChocoInstallScriptUrl; 6 | }; -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/.markdownlint.json: -------------------------------------------------------------------------------- 1 | { 2 | "default": true, 3 | "MD029": { 4 | "style": "one" 5 | }, 6 | "MD013": true, 7 | "MD024": true, 8 | "MD034": true, 9 | "no-hard-tabs": true 10 | } 11 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADKDSKey/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADKDSKey DSC resource will manage KDS Root Keys within Active Directory. The KDS root keys are used to begin generating Group Managed Service Account (gMSA) passwords. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/cDisk/DSCResources/SAMPLE_cDiskNoRestart/SAMPLE_cDiskNoRestart.schema.mof: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/cDisk/DSCResources/SAMPLE_cDiskNoRestart/SAMPLE_cDiskNoRestart.schema.mof -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xPendingReboot/DSCResources/MSFT_xPendingReboot/MSFT_xPendingReboot.schema.mof: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/xPendingReboot/DSCResources/MSFT_xPendingReboot/MSFT_xPendingReboot.schema.mof -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/DSCResources/MSFT_xDNSServerAddress/MSFT_xDNSServerAddress.schema.mof: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaredhaight/WindowsAttackAndDefenseLab/HEAD/WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/DSCResources/MSFT_xDNSServerAddress/MSFT_xDNSServerAddress.schema.mof -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/DSCResources/MSFT_xWaitForDisk/MSFT_xWaitForDisk.schema.mof: -------------------------------------------------------------------------------- 1 | 2 | [ClassVersion("0.1.0.0"), FriendlyName("xWaitForDisk")] 3 | class MSFT_xWaitForDisk : OMI_BaseResource 4 | { 5 | [key] uint32 DiskNumber; 6 | [Write] uint64 RetryIntervalSec; 7 | [Write] uint32 RetryCount; 8 | }; -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xTimeZone/DSCResources/xTimeZone/en-us/xTimeZone.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData -StringData @' 3 | ReplaceSystemTimezoneMessage=Replace the System Time Zone 4 | SettingTimezoneMessage=Setting the TimeZone. 5 | TimezoneAlreadySetMessage=TimeZone already set to {0}. 6 | '@ 7 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/DSCResources/cChocoFeature/cChocoFeature.schema.mof: -------------------------------------------------------------------------------- 1 | 2 | [ClassVersion("1.0.0.0"), FriendlyName("cChocoFeature")] 3 | class cChocoFeature : OMI_BaseResource 4 | { 5 | [Key] String FeatureName; 6 | [Write,ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure; 7 | }; 8 | 9 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "itemDisplayName": "Create an Azure VM with a new AD Forest", 3 | "description": "This template creates a new Azure VM, it configures the VM to be an AD DC for a new Forest", 4 | "summary": "This template creates an Azure VM with AD", 5 | "githubUsername": "simongdavies", 6 | "dateUpdated": "2016-09-28" 7 | } 8 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADOrganizationalUnit/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADOrganizational Unit DSC resource will manage Organizational Units (OUs) within Active Directory. An OU is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainTrust/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADDomainTrust DSC resource will manage Domain Trusts within Active Directory. A trust is a relationship, which you establish between domains, that makes it possible for users in one domain to be authenticated by a domain controller in the other domain. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/xSystemSecurity/.vscode/launch.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "0.2.0", 3 | "configurations": [ 4 | { 5 | "name": "PowerShell", 6 | "type": "PowerShell", 7 | "request": "launch", 8 | "program": "${file}", 9 | "args": [], 10 | "cwd": "${file}" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xTimeZone/DSCResources/xTimeZone/xTimeZone.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xTimeZone")] 2 | class xTimeZone : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; 5 | [Required, Description("Specifies the TimeZone.")] String TimeZone; 6 | }; 7 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/AzureVmScripts/Add-ComputerToDomain.ps1: -------------------------------------------------------------------------------- 1 | param( 2 | $StudentPassword 3 | ) 4 | 5 | $password = ConvertTo-SecureString -String $StudentPassword -asPlainText -Force 6 | $credential = New-Object System.Management.Automation.PSCredential('AD\WaadAdmin',$password) 7 | 8 | Add-Computer -DomainName 'ad.waad.training' -Credential $credential -OUPath "OU=Computers,OU=Production,DC=ad,DC=waad,DC=training" -Force 9 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsServerForwarder/MSFT_xDnsServerForwarder.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0"), FriendlyName("xDnsServerForwarder")] 2 | class MSFT_xDnsServerForwarder : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; 5 | [Write] String IPAddresses[]; 6 | }; 7 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/DSCResources/MSFT_xIPAddress/MSFT_xIPAddress.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0"), FriendlyName("xIPAddress")] 2 | class MSFT_xIPAddress : OMI_BaseResource 3 | { 4 | [Key] string IPAddress; 5 | [Key] string InterfaceAlias; 6 | [write] string DefaultGateway; 7 | [Write] uint32 SubnetMask; 8 | [Write,ValueMap{"IPv4", "IPv6"},Values{"IPv4", "IPv6"}] string AddressFamily; 9 | }; 10 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/DSCResources/cChocoSource/cChocoSource.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0"), FriendlyName("cChocoSource")] 2 | class cChocoSource : OMI_BaseResource 3 | { 4 | [Key] string Name; 5 | [Write,ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure; 6 | [write] string source; 7 | [write,EmbeddedInstance("MSFT_Credential")] String Credentials; 8 | [write] UInt32 Priority; 9 | }; 10 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/DSCResources/MSFT_xPowerPlan/MSFT_xPowerPlan.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xPowerPlan")] 2 | class MSFT_xPowerPlan : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; 5 | [Required, Description("The name of the power plan to activate.")] String Name; 6 | }; 7 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsARecord/MSFT_xDnsARecord.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xDnsARecord")] 2 | class MSFT_xDnsARecord : OMI_BaseResource 3 | { 4 | [Key] string Name; 5 | [Key] string Zone; 6 | [Required] string Target; 7 | [Write, Description("Should this DNS resource record be present or absent"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 8 | }; 9 | 10 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xTimeZone/DSCResources/en-us/TimezoneHelper.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData -StringData @' 3 | CurrentTimezoneMessage=Current Timezone is set to '{0}' 4 | GettingTimezoneCimMessage=Getting current Timezone using {0} 5 | SettingTimezoneMessage=Setting Timezone to '{0}' using {1} 6 | TimezoneUpdatedMessage=Timezone has been updated to '{0}' 7 | AddingSetTimeZonedotNetTypeMessage=Adding .NET Set Timezone Type 8 | '@ 9 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomain/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADDomain resource creates a new domain in a new forest or a child domain in an existing forest. While it is possible to set the forest functional level and the domain functional level during deployment with this resource the common restrictions apply. For more information see [TechNet](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels). 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/DSCResources/MSFT_xPowerPlan/en-US/MSFT_xPowerPlan.schema.mfl: -------------------------------------------------------------------------------- 1 | [Description("This resource is used to activate a power plan.") : Amended,AMENDMENT, LOCALE("MS_409")] 2 | class MSFT_xPowerPlan : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'") : Amended] String IsSingleInstance; 5 | [Description("The name of the power plan to activate.") : Amended] String Name; 6 | }; 7 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADObjectPermissionEntry/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADObjectPermissionEntry DSC resource will manage access control lists on Active Directory objects. The resource is 4 | designed to to manage just one entry in the list of permissios (ACL) for one AD object. It will only interact with the 5 | one permission and leave all others as they were. The resource can be used multiple times to add multiple entries into 6 | one ACL. 7 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/DSCResources/cChocoPackageInstall/cChocoPackageInstall.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1"), FriendlyName("cChocoPackageInstaller")] 2 | class cChocoPackageInstall : OMI_BaseResource 3 | { 4 | [Key] string Name; 5 | [Write,ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure; 6 | [write] string Params; 7 | [write] string Version; 8 | [write] string Source; 9 | [Write] String chocoParams; 10 | [Write] Boolean AutoUpgrade; 11 | }; 12 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADServicePrincipalName/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADServicePrincipalName DSC resource will manage service principal names. A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. This allows a client application to request that the service authenticate an account even if the client does not have the account name. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSiteLink/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADReplicationSiteLink DSC resource will manage Replication Site Links within Active Directory. A site link connects two or more sites. Site links reflect the administrative policy for how sites are to be interconnected and the methods used to transfer replication traffic. You must connect sites with site links so that domain controllers at each site can replicate Active Directory changes. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xTimeZone/Tests/Integration/xTimeZone.config.ps1: -------------------------------------------------------------------------------- 1 | $TestTimeZone = [PSObject]@{ 2 | TimeZone = 'Pacific Standard Time' 3 | IsSingleInstance = 'Yes' 4 | } 5 | 6 | configuration xTimezone_Config { 7 | Import-DscResource -ModuleName xTimeZone 8 | node localhost { 9 | xTimeZone Integration_Test { 10 | TimeZone = $TestTimeZone.TimeZone 11 | IsSingleInstance = $TestTimeZone.IsSingleInstance 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSite/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADReplicationSite DSC resource will manage Replication Sites within Active Directory. Sites are used in Active Directory to either enable clients to discover network resources (published shares, domain controllers) close to the physical location of a client computer or to reduce network traffic over wide area network (WAN) links. Sites can also be used to optimize replication between domain controllers. 4 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/DSCResources/MSFT_xOfflineDomainJoin/MSFT_xOfflineDomainJoin.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xOfflineDomainJoin")] 2 | class MSFT_xOfflineDomainJoin : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; 5 | [Required, Description("The full path to the Offline Domain Join Request file to use.")] String RequestFile; 6 | }; 7 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/DSCResources/MSFT_xComputer/MSFT_xComputer.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1.0"), FriendlyName("xComputer")] 2 | class MSFT_xComputer : OMI_BaseResource 3 | { 4 | [key] string Name; 5 | [write] string DomainName; 6 | [write] string JoinOU; 7 | [read] string CurrentOU; 8 | [write,EmbeddedInstance("MSFT_Credential")] String Credential; 9 | [write,EmbeddedInstance("MSFT_Credential")] String UnjoinCredential; 10 | [write] string WorkGroupName; 11 | }; 12 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsRecord/MSFT_xDnsRecord.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xDnsRecord")] 2 | class MSFT_xDnsRecord : OMI_BaseResource 3 | { 4 | [Key] string Name; 5 | [Key] string Zone; 6 | [Required, ValueMap{"ARecord","CName"}, Values{"ARecord","CName"}] string Type; 7 | [Key] string Target; 8 | [Write, Description("Should this DNS resource record be present or absent"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 9 | }; 10 | 11 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADRecycleBin/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADRecycleBin DSC resource will enable the Active Directory Recycle Bin feature for the target forest. 4 | This resource first verifies that the forest mode is Windows Server 2008 R2 or greater. If the forest mode 5 | is insufficient, then the resource will exit with an error message. The change is executed against the 6 | Domain Naming Master FSMO of the forest. 7 | (Note: This resource is compatible with a Windows 2008 R2 or above target node.) 8 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/Examples/Sample_xIPAddress_FixedValue.ps1: -------------------------------------------------------------------------------- 1 | configuration Sample_xIPAddress_FixedValue 2 | { 3 | param 4 | ( 5 | [string[]]$NodeName = 'localhost' 6 | ) 7 | 8 | Import-DscResource -Module xNetworking 9 | 10 | Node $NodeName 11 | { 12 | xIPAddress NewIPAddress 13 | { 14 | IPAddress = "2001:4898:200:7:6c71:a102:ebd8:f482" 15 | InterfaceAlias = "Ethernet" 16 | SubnetMask = 24 17 | AddressFamily = "IPV6" 18 | } 19 | } 20 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsServerZoneTransfer/MSFT_xDnsServerZoneTransfer.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xDnsServerZoneTransfer")] 2 | class MSFT_xDnsServerZoneTransfer : OMI_BaseResource 3 | { 4 | [Key, Description("Name of the DNS zone")] String Name; 5 | [Required, Description("Type of transfer allowed"), ValueMap{"None","Any","Named","Specific"}, Values{"None","Any","Named","Specific"}] String Type; 6 | [Write, Description("IP address or DNS name of DNS servers where zone information can be transfered")] String SecondaryServer[]; 7 | }; 8 | 9 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADManagedServiceAccount/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADManagedServiceAccount DSC resource will manage Single and Group Managed Service Accounts (MSAs) within Active Directory. A Managed Service Account is a managed domain account that provides automatic password management, simplified service principal name (SPN) management and the ability to delegate management to other administrators. 4 | A Single Managed Service Account can only be used on a single computer, whereas a Group Managed Service Account can be shared across multiple computers. 5 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xComputer/4-RenameComputerInWorkgroup.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | This example will set the machine name to 'Server01' while remaining 4 | in the workgroup. 5 | #> 6 | Configuration Example 7 | { 8 | param 9 | ( 10 | [Parameter()] 11 | [System.String[]] 12 | $NodeName = 'localhost' 13 | ) 14 | 15 | Import-DscResource -Module xComputerManagement 16 | 17 | Node $NodeName 18 | { 19 | xComputer NewName 20 | { 21 | Name = 'Server01' 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/Examples/Sample_xFirewall_AddFirewallRuleToNewGroup.ps1: -------------------------------------------------------------------------------- 1 | # DSC configuration for Firewall 2 | 3 | configuration Sample_xFirewall_AddFirewallRuleToNewGroup 4 | { 5 | param 6 | ( 7 | [string[]]$NodeName = 'localhost' 8 | ) 9 | 10 | Import-DSCResource -ModuleName xNetworking 11 | 12 | Node $NodeName 13 | { 14 | xFirewall Firewall 15 | { 16 | Name = "MyAppFirewallRule" 17 | ApplicationPath = "c:\windows\system32\MyApp.exe" 18 | Access = "Allow" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Tests/Unit/Stubs/Microsoft.DirectoryServices.Deployment.Types.cs: -------------------------------------------------------------------------------- 1 | namespace Microsoft.DirectoryServices.Deployment.Types 2 | { 3 | public enum DomainMode 4 | { 5 | Win2008 = 3, 6 | 7 | Win2008R2 = 4, 8 | 9 | Win2012 = 5, 10 | 11 | Win2012R2 = 6, 12 | 13 | WinThreshold = 7 14 | } 15 | 16 | public enum ForestMode 17 | { 18 | Win2008 = 3, 19 | 20 | Win2008R2 = 4, 21 | 22 | Win2012 = 5, 23 | 24 | Win2012R2 = 6, 25 | 26 | WinThreshold = 7 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xPowerPlan/1-SetPowerPlan.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | This examples sets the active power plan to the 'High performance' plan. 4 | #> 5 | Configuration Example 6 | { 7 | param 8 | ( 9 | [Parameter()] 10 | [System.String[]] 11 | $NodeName = 'localhost' 12 | ) 13 | 14 | Import-DscResource -ModuleName xComputerManagement 15 | 16 | Node $NodeName 17 | { 18 | xPowerPlan SetPlanHighPerformance 19 | { 20 | IsSingleInstance = 'Yes' 21 | Name = 'High performance' 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsServerSecondaryZone/MSFT_xDnsServerSecondaryZone.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xDnsServerSecondaryZone")] 2 | class MSFT_xDnsServerSecondaryZone : OMI_BaseResource 3 | { 4 | [Key, Description("Name of the secondary zone")] String Name; 5 | [Required, Description("IP address or DNS name of the secondary DNS servers")] String MasterServers[]; 6 | [Write, Description("Should this resource be present or absent"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 7 | [Read, Description("Type of the DNS server zone")] String Type; 8 | }; 9 | 10 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADRecycleBin/MSFT_xADRecycleBin.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xADRecycleBin")] 2 | class MSFT_xADRecycleBin : OMI_BaseResource 3 | { 4 | [Key, Description("The FQDN of the forest in which to change the Recycle Bin feature.")] String ForestFQDN; 5 | [Required, Description("The user account credentials to use to perform this task."), EmbeddedInstance("MSFT_Credential")] String EnterpriseAdministratorCredential; 6 | [Read, Description("The state of the Recycle Bin feature.")] String RecycleBinEnabled; 7 | [Read, Description("The functional level of the forest.")] String ForestMode; 8 | }; 9 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/cChoco.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | Copyright = "(c) 2017 Chocolatey Software, Inc (c) 2013-2017 Lawrence Gripper, All rights reserved."; 3 | Description = "Chocolatey DSC Resources for use with internal packages and the community package repository. Learn more at http://chocolatey.org/"; 4 | CompanyName = "Chocolatey Software"; 5 | GUID = "4857229F-8C2D-41BB-A068-9E3C0C8ED63D"; 6 | PowerShellVersion = "4.0"; 7 | FunctionsToExport = "*"; 8 | CLRVersion = "4.0"; 9 | CmdletsToExport = "*"; 10 | Author = "Chocolatey Software, Lawrence Gripper, Javy de Koning"; 11 | ModuleVersion = "2.3.1.0" 12 | } 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xOfflineDomainJoin/1-JoinDomainUsingODJBlob.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | This example will join the computer to a domain using the ODJ 4 | request file C:\ODJ\ODJRequest.txt. 5 | #> 6 | Configuration Example 7 | { 8 | param 9 | ( 10 | [Parameter()] 11 | [System.String[]] 12 | $NodeName = 'localhost' 13 | ) 14 | 15 | Import-DscResource -ModuleName xComputerManagement 16 | 17 | Node $NodeName 18 | { 19 | xOfflineDomainJoin ODJ 20 | { 21 | IsSingleInstance = 'Yes' 22 | RequestFile = 'C:\ODJ\ODJBlob.txt' 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSite/MSFT_xADReplicationSite.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xADReplicationSite")] 2 | class MSFT_xADReplicationSite : OMI_BaseResource 3 | { 4 | [Write, Description("Specifies if the AD replication site should be added or remove. Default value is 'Present'. { *Present* | Absent }."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] String Ensure; 5 | [Key, Description("Specifies the name of the AD replication site.")] String Name; 6 | [Write, Description("Specify if the Default-First-Site-Name should be renamed, if it exists. Dafult value is 'false'.")] Boolean RenameDefaultFirstSiteName; 7 | }; 8 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xComputer/1-RenameComputerAndSetWorkgroup.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | This configuration will set the computer name to 'Server01' 4 | and make it part of 'ContosoWorkgroup' Workgroup. 5 | #> 6 | Configuration Example 7 | { 8 | param 9 | ( 10 | [Parameter()] 11 | [System.String[]] 12 | $NodeName = 'localhost' 13 | ) 14 | 15 | Import-DscResource -Module xComputerManagement 16 | 17 | Node $NodeName 18 | { 19 | xComputer NewNameAndWorkgroup 20 | { 21 | Name = 'Server01' 22 | WorkGroupName = 'ContosoWorkgroup' 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsServerPrimaryZone/MSFT_xDnsServerPrimaryZone.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xDnsServerPrimaryZone")] 2 | class MSFT_xDnsServerPrimaryZone : OMI_BaseResource 3 | { 4 | [Key, Description("DNS Server primary zone name")] String Name; 5 | [Write, Description("DNS Server primary zone file")] String ZoneFile; 6 | [Write, Description("Dynamic zone update option"), ValueMap{"None","NonsecureAndSecure"}, Values{"None","NonsecureAndSecure"}] String DynamicUpdate; 7 | [Write, Description("Whether the DNS zone should be available or removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 8 | }; 9 | 10 | 11 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainController/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADDomainController DSC resource will install and configure domain 4 | controllers in Active Directory. 5 | 6 | >**Note:** If the account used for the parameter `DomainAdministratorCredential` 7 | >cannot connect to another domain controller, for example using a credential 8 | >without the domain name, then the cmdlet `Install-ADDSDomainController` will 9 | >seemingly halt (without reporting an error) when trying to replicate 10 | >information from another domain controller. 11 | >Make sure to use a correct domain account with the correct permission as 12 | >the account for the parameter `DomainAdministratorCredential`. 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xVirtualMemory/1-SetVirtualMemory.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | Example script that sets the paging file to reside on 4 | drive C with the custom size 2048MB 5 | #> 6 | Configuration Example 7 | { 8 | param 9 | ( 10 | [Parameter()] 11 | [System.String[]] 12 | $NodeName = 'localhost' 13 | ) 14 | 15 | Import-DSCResource -ModuleName xComputerManagement 16 | 17 | Node $NodeName 18 | { 19 | xVirtualMemory pagingSettings 20 | { 21 | Type = 'CustomSize' 22 | Drive = 'C' 23 | InitialSize = '2048' 24 | MaximumSize = '2048' 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/components/userdesktop.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "VmName": { 6 | "value": "UserDesktop" 7 | }, 8 | "ipAddress": { 9 | "value": "10.0.0.12" 10 | }, 11 | "VmSize": { 12 | "value": "Standard_B2ms" 13 | }, 14 | "OU": { 15 | "value": "OU=Computers,OU=Production,DC=ad,DC=waad,DC=training" 16 | }, 17 | "ImageProvider": { 18 | "value": "MicrosoftWindowsServer" 19 | }, 20 | "ImageOffer": { 21 | "value": "WindowsServer" 22 | }, 23 | "Sku": { 24 | "value": "2012-R2-Datacenter" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/components/admindesktop.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "VmName": { 6 | "value": "AdminDesktop" 7 | }, 8 | "ipAddress": { 9 | "value": "10.0.0.13" 10 | }, 11 | "VmSize": { 12 | "value": "Standard_B2ms" 13 | }, 14 | "OU": { 15 | "value": "OU=Computers,OU=Production,DC=ad,DC=waad,DC=training" 16 | }, 17 | "ImageProvider": { 18 | "value": "MicrosoftWindowsServer" 19 | }, 20 | "ImageOffer": { 21 | "value": "WindowsServer" 22 | }, 23 | "Sku": { 24 | "value": "2012-R2-Datacenter" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/components/terminalserver.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "VmName": { 6 | "value": "TerminalServer" 7 | }, 8 | "ipAddress": { 9 | "value": "10.0.0.11" 10 | }, 11 | "VmSize": { 12 | "value": "Standard_B2ms" 13 | }, 14 | "OU": { 15 | "value": "OU=Computers,OU=Production,DC=ad,DC=waad,DC=training" 16 | }, 17 | "ImageProvider": { 18 | "value": "MicrosoftWindowsServer" 19 | }, 20 | "ImageOffer": { 21 | "value": "WindowsServer" 22 | }, 23 | "Sku": { 24 | "value": "2012-R2-Datacenter" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/.codecov.yml: -------------------------------------------------------------------------------- 1 | codecov: 2 | notify: 3 | require_ci_to_pass: no 4 | # dev should be the baseline for reporting 5 | branch: dev 6 | 7 | comment: 8 | layout: "reach, diff" 9 | behavior: default 10 | 11 | coverage: 12 | range: 50..80 13 | round: down 14 | precision: 0 15 | 16 | status: 17 | project: 18 | default: 19 | # Set the overall project code coverage requirement to 70% 20 | target: 70 21 | patch: 22 | default: 23 | # Set the pull request requirement to not regress overall coverage by more than 5% 24 | # and let codecov.io set the goal for the code changed in the patch. 25 | target: auto 26 | threshold: 5 27 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/DSCResources/MSFT_xPowerPlan/en-US/MSFT_xPowerPlan.strings.psd1: -------------------------------------------------------------------------------- 1 | # Localized resources for WindowsOptionalFeature 2 | 3 | ConvertFrom-StringData @' 4 | PowerPlanIsActive = The power plan '{0}' is the active plan. 5 | PowerPlanIsNotActive = The power plan '{0}' is not the active plan. 6 | PowerPlanNotFound = Unable to find the power plan '{0}'. 7 | PowerPlanIsBeingActivated = Activating power plan '{0}' 8 | PowerPlanIsBeingValidated = Validating power plan '{0}' 9 | PowerPlanWasUnableToBeSet = Unable to set the power plan '{0}' to the active plan. Error message: {1} 10 | PowerPlanCIMError = Could not get the Common Information Model (CIM) instances of class {0} 11 | '@ 12 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DeploymentScripts/ClassRgManagement.ps1: -------------------------------------------------------------------------------- 1 | Import-Module Az 2 | 3 | workflow Remove-ClassResourceGroups { 4 | 5 | $resourceGroups = Get-AzResourceGroup 6 | 7 | if ($resourceGroups.Count -gt 0) { 8 | forEach -parallel -throttle 30 ($resourceGroup in $resourceGroups) { 9 | $resourceGroupName = $resourceGroup.ResourceGroupName.toString() 10 | if ($resourceGroupName -notlike "*master" -and $resourceGroupName -notlike "cupcake*" -and $resourceGroupName -notlike "jah*") { 11 | Write-Output "[*] Removing $resourceGroupName.." 12 | Remove-AzResourceGroup -Name $resourceGroupName -Force 13 | } 14 | } 15 | } 16 | else { 17 | Write-Output "No Resource Groups Found" 18 | } 19 | 20 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADServicePrincipalName/MSFT_xADServicePrincipalName.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xADServicePrincipalName")] 2 | class MSFT_xADServicePrincipalName : OMI_BaseResource 3 | { 4 | [Write, Description("Specifies if the service principal name should be added or remove. Default value is 'Present'."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; 5 | [Key, Description("The full SPN to add or remove, e.g. HOST/LON-DC1.")] string ServicePrincipalName; 6 | [Write, Description("The user or computer account to add or remove the SPN, e.b. User1 or LON-DC1$. Default value is ''. If Ensure is set to Present, a value must be specified.")] string Account; 7 | }; 8 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainDefaultPasswordPolicy/en-US/MSFT_xADDomainDefaultPasswordPolicy.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | QueryingDomainPasswordPolicy = Querying Active Directory domain '{0}' default password policy. 4 | UpdatingDomainPasswordPolicy = Updating Active Directory domain '{0}' default password policy. 5 | SettingPasswordPolicyValue = Setting password policy '{0}' property to '{1}'. 6 | ResourcePropertyValueIncorrect = Property '{0}' value is incorrect; expected '{1}', actual '{2}'. 7 | ResourceInDesiredState = Resource '{0}' is in the desired state. 8 | ResourceNotInDesiredState = Resource '{0}' is NOT in the desired state. 9 | '@ 10 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSubnet/MSFT_xADReplicationSubnet.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xADReplicationSubnet")] 2 | class MSFT_xADReplicationSubnet : OMI_BaseResource 3 | { 4 | [Write, Description("Specifies if the AD replication subnet should be added or remove. Default value is 'Present'."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; 5 | [Key, Description("The name of the AD replication subnet, e.g. 10.0.0.0/24.")] string Name; 6 | [Required, Description("The name of the assigned AD replication site, e.g. Default-First-Site-Name.")] string Site; 7 | [Write, Description("The location for the AD replication site. Default value is empty.")] string Location; 8 | }; 9 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/Examples/Sample_xDnsServerAddress.ps1: -------------------------------------------------------------------------------- 1 | configuration Sample_xDnsServerAddress 2 | { 3 | param 4 | ( 5 | [string[]]$NodeName = 'localhost', 6 | 7 | [Parameter(Mandatory)] 8 | [string]$DnsServerAddress, 9 | 10 | [Parameter(Mandatory)] 11 | [string]$InterfaceAlias, 12 | 13 | [ValidateSet("IPv4","IPv6")] 14 | [string]$AddressFamily = 'IPv4' 15 | ) 16 | 17 | Import-DscResource -Module xNetworking 18 | 19 | Node $NodeName 20 | { 21 | xDnsServerAddress DnsServerAddress 22 | { 23 | Address = $DnsServerAddress 24 | InterfaceAlias = $InterfaceAlias 25 | AddressFamily = $AddressFamily 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xWaitForADDomain/MSFT_xWaitForADDomain.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1.0"), FriendlyName("xWaitForADDomain")] 2 | class MSFT_xWaitForADDomain : OMI_BaseResource 3 | { 4 | [Key, Description("The name of the AD Domain to wait for.")] String DomainName; 5 | [Write, Description("The user account credentials to use to perform this task."), EmbeddedInstance("MSFT_Credential")] String DomainUserCredential; 6 | [Write, Description("The interval in seconds between retry attempts.")] uint64 RetryIntervalSec; 7 | [Write, Description("The number of retries before failing.")] uint32 RetryCount; 8 | [Write, Description("The number of times to reboot after failing and then restart retrying.")] uint32 RebootRetryCount; 9 | }; 10 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/NOTICE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Chocolatey Software, Inc. 2 | Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADObjectEnabledState/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | This resource enforces the property `Enabled` on the object class *Computer*. 4 | 5 | >This resource could support other object classes like *msDS-ManagedServiceAccount*, 6 | >*msDS-GroupManagedServiceAccount*, and *User*. But these object classes 7 | >are not yet supported due to that other resources already enforces the 8 | >`Enabled` property. If this resource should support another object class, 9 | >then it should be made so that only one resource enforces the enabled 10 | >property. This is to prevent a potential "ping-pong" behavior if both 11 | >resource would be used in a configuration. 12 | 13 | ## Requirements 14 | 15 | * Target machine must be running Windows Server 2008 R2 or later. 16 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADObjectPermissionEntry/en-US/MSFT_xADObjectPermissionEntry.strings.psd1: -------------------------------------------------------------------------------- 1 | 2 | # culture='en-US' 3 | ConvertFrom-StringData @' 4 | ObjectPermissionEntryFound = Object permission entry found on object '{0}'. (OPE0001) 5 | ObjectPermissionEntryNotFound = Object permission entry not found on object '{0}'. (OPE0002) 6 | AddingObjectPermissionEntry = Adding object permission entry to object '{0}'. (OPE0003) 7 | RemovingObjectPermissionEntry = Removing object permission entry from object '{0}'. (OPE0004) 8 | ObjectPermissionEntryInDesiredState = Object permission entry on object '{0}' is in the desired state. (OPE0005) 9 | ObjectPermissionEntryNotInDesiredState = Object permission entry on object '{0}' is not in the desired state. (OPE0006) 10 | '@ 11 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSiteLink/en-US/MSFT_xADReplicationSiteLink.strings.psd1: -------------------------------------------------------------------------------- 1 | ConvertFrom-StringData @' 2 | SiteNotFound = Site: {0} not found in SitesIncluded. Current SitesIncluded: {1}. 3 | SiteFoundInExcluded = Excluded {0} site found in SitesIncluded. Current SitesIncluded: {1}. 4 | PropertyNotInDesiredState = {0} is not in desired state Current: {1} Desired: {2}. 5 | RemovingSites = Removing sites {0} from site link {1}. 6 | AddingSites = Adding sites {0} to site link {1}. 7 | NewSiteLink = Creating AD Site Link {0}. 8 | RemoveSiteLink = Removing AD Site Link {0}. 9 | SiteLinkNotFound = Could not find {0} site link. 10 | GetSiteLinkUnexpectedError = Unexpected error getting site link {0}. 11 | '@ 12 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSite/en-US/MSFT_xADReplicationSite.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | AddReplicationSiteDefaultFirstSiteName = Add the replication site 'Default-First-Site-Name' to '{0}'. 4 | AddReplicationSite = Add the replication site '{0}'. 5 | RemoveReplicationSite = Remove the replication site '{0}'. 6 | GetReplicationSite = Getting replication site '{0}'. 7 | ReplicationSiteAbsent = Replication site '{0}' is not present. 8 | ReplicationSitePresent = Replication site '{0}' is present. 9 | ReplicationSiteInDesiredState = The replication site '{0}' is in the desired state. 10 | ReplicationSiteNotInDesiredState = The replication site '{0}' is not in the desired state. 11 | '@ 12 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/Examples/Sample_xFirewall_DisableAccessToApplication.ps1: -------------------------------------------------------------------------------- 1 | # DSC configuration for Firewall 2 | # 3 | 4 | configuration Sample_xFirewall_AddFirewallRuleToNewGroup 5 | { 6 | param 7 | ( 8 | [string[]]$NodeName = 'localhost' 9 | ) 10 | 11 | Import-DSCResource -ModuleName xNetworking 12 | 13 | Node $NodeName 14 | { 15 | xFirewall Firewall 16 | { 17 | Name = "NotePadFirewallRule" 18 | DisplayName = "Firewall Rule for Notepad.exe" 19 | DisplayGroup = "NotePad Firewall Rule Group" 20 | Ensure = "Present" 21 | Access = "Block" 22 | Description = "Firewall Rule for Notepad.exe" 23 | ApplicationPath = "c:\windows\system32\notepad.exe" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADComputer/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | The xADComputer DSC resource will manage computer accounts within Active Directory. 4 | This resource can be used to provision a computer account before the computer is 5 | added to the domain. These pre-created computer objects can be used with offline 6 | domain join, unsecure domain Join and RODC domain join scenarios. 7 | 8 | >**Note:** An Offline Domain Join (ODJ) request file will only be created 9 | >when a computer account is first created in the domain. Setting an Offline 10 | >Domain Join (ODJ) Request file path for a configuration that updates a 11 | >computer account that already exists, or restore it from the recycle bin 12 | >will not cause the Offline Domain Join (ODJ) request file to be created. 13 | 14 | ## Requirements 15 | 16 | * Target machine must be running Windows Server 2008 R2 or later. 17 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/DSCResources/MSFT_xOfflineDomainJoin/en-us/MSFT_xOfflineDomainJoin.psd1: -------------------------------------------------------------------------------- 1 | ConvertFrom-StringData @' 2 | GettingOfflineDomainJoinMessage=Getting the Offline Domain Join State. 3 | ApplyingOfflineDomainJoinMessage=Applying the Offline Domain Join State. 4 | AttemptingDomainJoinMessage=Attempting domain join using ODJ Request file '{0}'. 5 | DomainJoinedMessage=Domain joined using ODJ Request file '{0}'. Reboot will be required. 6 | CheckingOfflineDomainJoinMessage=Checking the Offline Domain Join State. 7 | DomainAlreadyJoinedMessage=The computer is already joined to a domain '{0}'. Change not required. 8 | DomainNotJoinedMessage=The computer is not joined to a domain. Change required. 9 | RequestFileNotFoundError=The ODJ Request file '{0}' does not exist. 10 | DjoinError=Error {0} occured requesting the Offline Domain Join. 11 | '@ 12 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADOrganizationalUnit/en-US/MSFT_xADOrganizationalUnit.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingOU = Retrieving OU '{0}'. 4 | UpdatingOU = Updating OU '{0}'. 5 | DeletingOU = Deleting OU '{0}'. 6 | CreatingOU = Creating OU '{0}'. 7 | RestoringOU = Attempting to restore the organizational unit object {0} from the recycle bin. 8 | OUInDesiredState = OU '{0}' exists and is in the desired state. 9 | OUNotInDesiredState = OU '{0}' exists but is not in the desired state. 10 | OUExistsButShouldNot = OU '{0}' exists when it should not exist. 11 | OUDoesNotExistButShould = OU '{0}' does not exist when it should exist. 12 | OUDoesNotExistAndShouldNot = OU '{0}' does not exist and is in the desired state. 13 | '@ 14 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xComputer/2-JoinDomain.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | This configuration sets the machine name to 'Server01' and 4 | joins the 'Contoso' domain. 5 | Note: this requires an AD credential to join the domain. 6 | #> 7 | Configuration Example 8 | { 9 | param 10 | ( 11 | [Parameter()] 12 | [System.String[]] 13 | $NodeName = 'localhost', 14 | 15 | [Parameter(Mandatory = $true)] 16 | [ValidateNotNullorEmpty()] 17 | [System.Management.Automation.PSCredential] 18 | $Credential 19 | ) 20 | 21 | Import-DscResource -Module xComputerManagement 22 | 23 | Node $NodeName 24 | { 25 | xComputer JoinDomain 26 | { 27 | Name = 'Server01' 28 | DomainName = 'Contoso' 29 | Credential = $Credential # Credential to join to domain 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xComputer/3-RenameComputerInDomain.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | This example will change the machines name 'Server01' while remaining 4 | joined to the current domain. 5 | Note: this requires a credential for renaming the machine on the 6 | domain. 7 | #> 8 | Configuration Example 9 | { 10 | param 11 | ( 12 | [Parameter()] 13 | [System.String[]] 14 | $NodeName = 'localhost', 15 | 16 | [Parameter(Mandatory = $true)] 17 | [ValidateNotNullorEmpty()] 18 | [System.Management.Automation.PSCredential] 19 | $Credential 20 | ) 21 | 22 | Import-DscResource -Module xComputerManagement 23 | 24 | Node $NodeName 25 | { 26 | xComputer NewName 27 | { 28 | Name = 'Server01' 29 | Credential = $Credential # Domain credential 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/Misc/New-DnsServerSecondaryZone.ps1: -------------------------------------------------------------------------------- 1 | $Properties = @{ 2 | Name = New-xDscResourceProperty -Name Name -Type String -Attribute Key ` 3 | -Description 'Name of the secondary zone' 4 | DnsServer = New-xDscResourceProperty -Name MasterServerIPAddress -Type String[] -Attribute Required ` 5 | -Description 'IP address of secondary DNS servers' 6 | Ensure = New-xDscResourceProperty -Name Ensure -Type String -Attribute Write -ValidateSet 'Present','Absent' ` 7 | -Description 'Should this resource be present or absent' 8 | 9 | } 10 | New-xDscResource -Name MSFT_xDnsServerSecondaryZone -Property $Properties.Values -Path . -ModuleName xDnsServer -FriendlyName xDnsServerSecondaryZone -Force 11 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADServicePrincipalName/en-US/MSFT_xADServicePrincipalName.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | GetServicePrincipalName = Getting service principal name '{0}'. 4 | ServicePrincipalNameAbsent = Service principal name '{0}' is absent. 5 | ServicePrincipalNamePresent = Service principal name '{0}' is present on account(s) '{1}' 6 | AccountNotFound = AD object with SamAccountName '{0}' not found! 7 | RemoveServicePrincipalName = Removing service principal name '{0}' from account '{1}'. 8 | AddServicePrincipalName = Adding service principal name '{0}' to account '{1}. 9 | ServicePrincipalNameInDesiredState = Service principal name '{0}' is in the desired state. 10 | ServicePrincipalNameNotInDesiredState = Service principal name '{0}' is not in the desired state. 11 | '@ 12 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xWaitForADDomain/en-US/MSFT_xWaitForADDomain.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | GetDomain = Getting Domain '{0}'. 4 | DomainNotFoundRetrying = Domain '{0}' not found. Will retry again after {1} seconds. 5 | DomainNotFoundRebooting = Domain '{0}' not found after {1} attempts with {2} sec interval. Rebooting. Reboot attempt number {3} of {4}. 6 | DomainNotFoundAfterReboot = Domain '{0}' NOT found after {1} Reboot attempts. 7 | DomainNotFoundAfterRetry = Domain '{0}' NOT found after {1} attempts. 8 | DomainInDesiredState = Domain '{0}' is in the desired state. 9 | DomainNotInDesiredState = Domain '{0}' is not in the desired state. 10 | CheckDomain = Checking for domain '{0}' ... 11 | FoundDomain = Found domain '{0}'. 12 | DomainNotFound = Domain '{0}' not found. 13 | '@ 14 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSubnet/en-US/MSFT_xADReplicationSubnet.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | CreateReplicationSubnet = Create the replication subnet '{0}'. 4 | RemoveReplicationSubnet = Remove the replication subnet '{0}'. 5 | GetReplicationSubnet = Getting replication subnet '{0}'. 6 | SetReplicationSubnetSite = Set the replication subnet '{0}' site to '{1}'. 7 | SetReplicationSubnetLocation = Set the replication subnet '{0}' location to '{1}'. 8 | ReplicationSubnetAbsent = Replication subnet '{0}' is absent. 9 | ReplicationSubnetPresent = Replication subnet '{0}' is present. 10 | ReplicationSubnetInDesiredState = The replication subnet '{0}' is in the desired state. 11 | ReplicationSubnetNotInDesiredState = The replication subnet '{0}' is not in the desired state. 12 | '@ 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/Examples/Sample_xIPAddress_Parameterized.ps1: -------------------------------------------------------------------------------- 1 | configuration Sample_xIPAddress_Parameterized 2 | { 3 | param 4 | ( 5 | 6 | [string[]]$NodeName = 'localhost', 7 | 8 | [Parameter(Mandatory)] 9 | [string]$IPAddress, 10 | 11 | [Parameter(Mandatory)] 12 | [string]$InterfaceAlias, 13 | 14 | [Parameter(Mandatory)] 15 | [string]$DefaultGateway, 16 | 17 | [int]$SubnetMask = 16, 18 | 19 | [ValidateSet("IPv4","IPv6")] 20 | [string]$AddressFamily = 'IPv4' 21 | ) 22 | 23 | Import-DscResource -Module xNetworking 24 | 25 | Node $NodeName 26 | { 27 | xIPAddress NewIPAddress 28 | { 29 | IPAddress = $IPAddress 30 | InterfaceAlias = $InterfaceAlias 31 | DefaultGateway = $DefaultGateway 32 | SubnetMask = $SubnetMask 33 | AddressFamily = $AddressFamily 34 | } 35 | } 36 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xComputer/5-UnjoinDomainAndJoinWorkgroup.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | This example switches the computer 'Server01' from a domain and joins it 4 | to the 'ContosoWorkgroup' Workgroup. 5 | Note: this requires a credential. 6 | #> 7 | Configuration Example 8 | { 9 | param 10 | ( 11 | [Parameter()] 12 | [System.String[]] 13 | $NodeName = 'localhost', 14 | 15 | [Parameter(Mandatory = $true)] 16 | [ValidateNotNullorEmpty()] 17 | [System.Management.Automation.PSCredential] 18 | $Credential 19 | ) 20 | 21 | Import-DscResource -Module xComputerManagement 22 | 23 | Node $NodeName 24 | { 25 | xComputer JoinWorkgroup 26 | { 27 | Name = 'Server01' 28 | WorkGroupName = 'ContosoWorkgroup' 29 | Credential = $Credential # Credential to unjoin from domain 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADOrganizationalUnit/MSFT_xADOrganizationalUnit.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xADOrganizationalUnit")] 2 | class MSFT_xADOrganizationalUnit : OMI_BaseResource 3 | { 4 | [Key, Description("The name of OU")] string Name; 5 | [Key, Description("Specifies the X500 path of the OU or container where the new object is created")] string Path; 6 | 7 | [Write, ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; 8 | [Write, EmbeddedInstance("MSFT_Credential"),Description("The credential to be used to perform the operation on Active Directory")] string Credential; 9 | [Write, Description("Defaults to True")] boolean ProtectedFromAccidentalDeletion; 10 | [Write, Description("The description of the OU")] string Description; 11 | [Write, Description("Try to restore the organizational unit from the recycle bin before creating a new one.")] Boolean RestoreFromRecycleBin; 12 | }; 13 | 14 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/DSCResources/MSFT_xVirtualMemory/MSFT_xVirtualMemory.schema.mof: -------------------------------------------------------------------------------- 1 | 2 | [ClassVersion("1.0.0.0"), FriendlyName("xVirtualMemory")] 3 | class MSFT_xVirtualMemory : OMI_BaseResource 4 | { 5 | [Key, Description("The drive letter for which paging settings should be set. Can be letter only, letter and colon or letter with colon and trailing slash.")] String Drive; 6 | [Key, Description("The type of the paging setting to use. If set to AutoManagePagingFile, the drive letter will be ignored. If set to SystemManagedSize, the values for InitialSize and MaximumSize will be ignored"), ValueMap{"AutoManagePagingFile","CustomSize","SystemManagedSize","NoPagingFile"}, Values{"AutoManagePagingFile","CustomSize","SystemManagedSize","NoPagingFile"}] String Type; 7 | [Write, Description("The initial size of the page file in Megabyte")] Sint64 InitialSize; 8 | [Write, Description("The maximum size of the page file in Megabyte")] Sint64 MaximumSize; 9 | }; 10 | 11 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADForestProperties/en-US/MSFT_xADForestProperties.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | GetForest = Getting forest suffix information from {0}. 4 | ForestUpnSuffixNotInDesiredState = User Principal Name Suffix for forest '{0}' not in the desired state. 5 | ForestSpnSuffixNotInDesiredState = Service Principal Name Suffix for forest '{0}' not in the desired state. 6 | AddSpnSuffix = Adding Service Principal Name Suffix: {0}. 7 | RemoveSpnSuffix = Removing Service Principal Name Suffix: {0}. 8 | ReplaceSpnSuffix = Replacing Service Principal Name Suffix with: {0}. 9 | AddUpnSuffix = Adding User Principal Name Suffix: {0}. 10 | RemoveUpnSuffix = Removing User Principal Name Suffix: {0}. 11 | ReplaceUpnSuffix = Replacing User Principal Name Suffix with: {0}. 12 | '@ 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/xNetworking.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | # Version number of this module. 3 | ModuleVersion = '2.1.1' 4 | 5 | # ID used to uniquely identify this module 6 | GUID = 'e6647cc3-ce9c-4c86-9eb8-2ee8919bf358' 7 | 8 | # Author of this module 9 | Author = 'Microsoft Corporation' 10 | 11 | # Company or vendor of this module 12 | CompanyName = 'Microsoft Corporation' 13 | 14 | # Copyright statement for this module 15 | Copyright = '(c) 2013 Microsoft Corporation. All rights reserved.' 16 | 17 | # Description of the functionality provided by this module 18 | Description = 'Module with DSC Resources for Networking area' 19 | 20 | # Minimum version of the Windows PowerShell engine required by this module 21 | PowerShellVersion = '4.0' 22 | 23 | # Minimum version of the common language runtime (CLR) required by this module 24 | CLRVersion = '4.0' 25 | 26 | # Functions to export from this module 27 | FunctionsToExport = '*' 28 | 29 | # Cmdlets to export from this module 30 | CmdletsToExport = '*' 31 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/xSystemSecurity/DSCResources/xIEEsc/xIEEsc.schema.psm1: -------------------------------------------------------------------------------- 1 | Configuration xIEEsc 2 | { 3 | param 4 | ( 5 | [parameter(Mandatory = $true)] 6 | [ValidateSet("Administrators","Users")] 7 | [System.String] 8 | $UserRole, 9 | 10 | [parameter(Mandatory = $true)] 11 | [System.Boolean] 12 | $IsEnabled 13 | ) 14 | 15 | $key = "" 16 | if ($UserRole -eq "Administrators") 17 | { 18 | $key = 'HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}' 19 | } 20 | else 21 | { 22 | $key = 'HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}' 23 | } 24 | 25 | 26 | Registry IEEscKey 27 | { 28 | Ensure = "Present" 29 | Key = $key 30 | ValueName = "IsInstalled" 31 | ValueData = [string][int]$IsEnabled 32 | ValueType = "Dword" 33 | } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainTrust/MSFT_xADDomainTrust.schema.mof: -------------------------------------------------------------------------------- 1 | 2 | [ClassVersion("1.0.1.0"), FriendlyName("xADDomainTrust")] 3 | class MSFT_xADDomainTrust : OMI_BaseResource 4 | { 5 | [Write, Description("Should this resource be present or absent"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 6 | [Required, EmbeddedInstance("MSFT_Credential"), Description("Credentials to authenticate to the target domain")] String TargetDomainAdministratorCredential; 7 | [Key, Description("Name of the AD domain that is being trusted")] String TargetDomainName; 8 | [Required, Description("Type of trust"), ValueMap{"External","Forest"}, Values{"External","Forest"}] String TrustType; 9 | [Required, Description("Direction of trust"), ValueMap{"Bidirectional","Inbound","Outbound"}, Values{"Bidirectional","Inbound","Outbound"}] String TrustDirection; 10 | [Key, Description("Name of the AD domain that is requesting the trust")] String SourceDomainName; 11 | }; 12 | 13 | 14 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsServerADZone/MSFT_xDnsServerADZone.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xDnsServerADZone")] 2 | class MSFT_xDnsServerADZone : OMI_BaseResource 3 | { 4 | [Key, Description("DNS Server zone name")] String Name; 5 | [Write, Description("Dynamic zone update option"), ValueMap{"None","NonsecureAndSecure","Secure"}, Values{"None","NonsecureAndSecure","Secure"}] String DynamicUpdate; 6 | [Required, Description("Replication scope option"), ValueMap{"Custom","Domain","Forest","Legacy"}, Values{"Custom","Domain","Forest","Legacy"}] String ReplicationScope; 7 | [Write, Description("Directory partition name")] String DirectoryPartitionName; 8 | [Write, Description("DNS Server name")] String ComputerName; 9 | [Write, Description("Credential used to set zone"), EmbeddedInstance("MSFT_Credential")] String Credential; 10 | [Write, Description("Whether the DNS zone should be available or removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 11 | }; 12 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADRecycleBin/en-US/MSFT_xADRecycleBin.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | ForestNotFound = Cannot contact forest '{0}'. Check the spelling of the Forest FQDN and make sure that a domain controller is available on the network. 4 | CredentialError = Credential error. Check the username and password used. 5 | GetUnhandledException = Unhandled exception getting Recycle Bin status for forest '{0}'. 6 | SetUnhandledException = Unhandled exception setting Recycle Bin status for forest '{0}'. 7 | TestUnhandledException = Unhandled exception testing Recycle Bin status for forest '{0}'. 8 | ForestFunctionalLevelError = Forest functional level '{0}' does not meet minimum requirement of Windows2008R2Forest or greater. 9 | RecycleBinEnabled = Active Directory Recycle Bin is enabled. 10 | RecycleBinNotEnabled = Active Directory Recycle Bin is not enabled. 11 | EnablingRecycleBin = Enabling Active Directory Recycle Bin. 12 | '@ 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADReplicationSiteLink/MSFT_xADReplicationSiteLink.schema.mof: -------------------------------------------------------------------------------- 1 | 2 | [ClassVersion("1.0.0.0"), FriendlyName("xADReplicationSiteLink")] 3 | class MSFT_xADReplicationSiteLink : OMI_BaseResource 4 | { 5 | [Key, Description("Specifies the name of the site link")] String Name; 6 | [Write, Description("Specifies the cost to be placed on the site link")] Sint32 Cost; 7 | [Write, Description("This parameter sets the value of the Description property for the object")] String Description; 8 | [Write, Description("Species the frequency (in minutes) for which replication will occur where this site link is in use between sites")] Sint32 ReplicationFrequencyInMinutes; 9 | [Write, Description("Specifies the list of sites included in the site link")] String SitesIncluded[]; 10 | [Write, Description("Specifies the list of sites to exclude from the site link")] String SitesExcluded[]; 11 | [Write, Description("Specifies if the site link is created or deleted"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 12 | }; 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Examples/xScheduledTask/2-RunPowerShellTaskEvery15Minutes.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | This example will create a scheduled task that will call PowerShell.exe every 15 4 | minutes to run a script saved locally. 5 | The script will be called as the local system account 6 | #> 7 | Configuration Example 8 | { 9 | param 10 | ( 11 | [Parameter()] 12 | [System.String[]] 13 | $NodeName = 'localhost' 14 | ) 15 | 16 | Import-DscResource -ModuleName xComputerManagement 17 | 18 | Node $NodeName 19 | { 20 | xScheduledTask MaintenanceScriptExample 21 | { 22 | TaskName = "Custom maintenance tasks" 23 | ActionExecutable = "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe" 24 | ActionArguments = "-File `"C:\scripts\my custom script.ps1`"" 25 | ScheduleType = 'Once' 26 | RepeatInterval = [datetime]::Today.AddMinutes(15) 27 | RepetitionDuration = [datetime]::Today.AddHours(10) 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADObjectEnabledState/MSFT_xADObjectEnabledState.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xADObjectEnabledState")] 2 | class MSFT_xADObjectEnabledState : OMI_BaseResource 3 | { 4 | [Key, Description("Specifies the identity of an object that has the object class specified in the parameter ObjectClass. When ObjectClass is set to 'Computer' then this property can be set to either distinguished name, GUID (objectGUID), security identifier (objectSid), or security Accounts Manager account name (sAMAccountName).")] String Identity; 5 | [Key, Description("Specifies the object class."), ValueMap{"Computer"}, Values{"Computer"}] String ObjectClass; 6 | [Required, Description("Specifies the value of the Enabled property.")] Boolean Enabled; 7 | [Write, Description("Specifies the Active Directory Domain Services instance to connect to perform the task.")] String DomainController; 8 | [Write, Description("Specifies the user account credentials to use to perform the task."), EmbeddedInstance("MSFT_Credential")] String Credential; 9 | }; 10 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.25420.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{151D2E53-A2C4-4D7D-83FE-D05416EBD58E}") = "WindowsAttackAndDefenseLab", "WindowsAttackAndDefenseLab\WindowsAttackAndDefenseLab.deployproj", "{B88DEBB5-A610-405F-8674-DEC398BB3B28}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {B88DEBB5-A610-405F-8674-DEC398BB3B28}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {B88DEBB5-A610-405F-8674-DEC398BB3B28}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {B88DEBB5-A610-405F-8674-DEC398BB3B28}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {B88DEBB5-A610-405F-8674-DEC398BB3B28}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | EndGlobal 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Jared Haight 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/appveyor.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------# 2 | # environment configuration # 3 | #---------------------------------# 4 | version: 1.9.{build}.0 5 | install: 6 | - git clone https://github.com/PowerShell/DscResource.Tests 7 | 8 | - ps: | 9 | Import-Module "$env:APPVEYOR_BUILD_FOLDER\DscResource.Tests\AppVeyor.psm1" 10 | Invoke-AppveyorInstallTask 11 | 12 | #---------------------------------# 13 | # build configuration # 14 | #---------------------------------# 15 | 16 | build: false 17 | 18 | #---------------------------------# 19 | # test configuration # 20 | #---------------------------------# 21 | 22 | test_script: 23 | - ps: | 24 | Invoke-AppveyorTestScriptTask ` 25 | -ExcludeTag @() ` 26 | -CodeCoverage ` 27 | -CodeCovIo 28 | 29 | #---------------------------------# 30 | # deployment configuration # 31 | #---------------------------------# 32 | 33 | # scripts to run before deployment 34 | deploy_script: 35 | - ps: | 36 | Invoke-AppveyorAfterTestTask 37 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/Examples/Sample_xFirewall_AddFirewallRuleToExistingGroup.ps1: -------------------------------------------------------------------------------- 1 | # DSC configuration for Firewall 2 | # 3 | 4 | configuration Sample_xFirewall_AddFirewallRuleToExistingGroup 5 | { 6 | param 7 | ( 8 | [string[]]$NodeName = 'localhost' 9 | ) 10 | 11 | Import-DSCResource -ModuleName xNetworking 12 | 13 | Node $NodeName 14 | { 15 | xFirewall Firewall 16 | { 17 | Name = "MyFirewallRule" 18 | DisplayName = "My Firewall Rule" 19 | DisplayGroup = "My Firewall Rule Group" 20 | Access = "Allow" 21 | } 22 | 23 | xFirewall Firewall1 24 | { 25 | Name = "MyFirewallRule1" 26 | DisplayName = "My Firewall Rule" 27 | DisplayGroup = "My Firewall Rule Group" 28 | Ensure = "Present" 29 | Access = "Allow" 30 | State = "Enabled" 31 | Profile = ("Domain", "Private") 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADReplicationSite/1-CreateADReplicationSite_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID db6e6810-76eb-464f-9514-92bc91ec28de 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create an Active Directory replication site 23 | called 'Seattle'. 24 | #> 25 | 26 | Configuration CreateADReplicationSite_Config 27 | { 28 | Import-DscResource -Module xActiveDirectory 29 | 30 | Node localhost 31 | { 32 | xADReplicationSite 'SeattleSite' 33 | { 34 | Ensure = 'Present' 35 | Name = 'Seattle' 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADReplicationSite/3-RemoveADReplicationSite_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 8fced2a6-bb34-400c-a44e-2c484e3bc9e3 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will remove the Active Directory replication site 23 | called 'Cupertino'. 24 | #> 25 | 26 | Configuration RemoveADReplicationSite_Config 27 | { 28 | Import-DscResource -Module xActiveDirectory 29 | 30 | Node localhost 31 | { 32 | xADReplicationSite 'CupertinoSite' 33 | { 34 | Ensure = 'Absent' 35 | Name = 'Cupertino' 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainTrust/en-US/MSFT_xADDomainTrust.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | MissingRoleMessage = Please ensure that the {0} role is installed 4 | CheckingTrustMessage = Checking if Trust between {0} and {1} exists ... 5 | TestTrustMessage = Trust is {0} between source and target domains and it should be {1} 6 | RemovingTrustMessage = Removing trust between {0} and {1} domains ... 7 | DeleteTrustMessage = Trust between specified domains is now absent 8 | AddingTrustMessage = Adding domain trust between {0} and {1} ... 9 | SetTrustMessage = Trust between specified domains is now present 10 | CheckPropertyMessage = Checking for {0} between domains ... 11 | DesiredPropertyMessage = {0} between domains is set correctly 12 | NotDesiredPropertyMessage = {0} between domains is not correct. Expected {1}, actual {2} 13 | SetPropertyMessage = {0} between domains is set 14 | TrustPresentMessage = Trust between domains {0} and {1} is present 15 | TrustAbsentMessage = Trust between domains {0} and {1} is absent 16 | '@ 17 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADGroup/2-NewGroupWithMembers_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 0d6564cf-5492-4922-b4ef-4c20da0b7b3f 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a new domain-local group with three members. 23 | #> 24 | 25 | Configuration NewGroupWithMembers_Config 26 | { 27 | Import-DscResource -ModuleName xActiveDirectory 28 | 29 | node localhost 30 | { 31 | xADGroup 'dl1' 32 | { 33 | GroupName = 'DL_APP_1' 34 | GroupScope = 'DomainLocal' 35 | Members = 'john', 'jim', 'sally' 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADManagedServiceAccount/1-CreateManagedServiceAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 4ab7581b-8729-4262-ae01-b04d1af51ab2 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a managed service account. 23 | #> 24 | 25 | Configuration CreateManagedServiceAccount_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xADManagedServiceAccount 'ExampleSingleMSA' 32 | { 33 | Ensure = 'Present' 34 | ServiceAccountName = 'Service01' 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADReplicationSubnet/1-CreateReplicationSubnet_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 3d2af0ab-3470-4da7-a38b-1c05ef384e05 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create an AD Replication Subnet. 23 | #> 24 | 25 | Configuration CreateReplicationSubnet_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xADReplicationSubnet 'LondonSubnet' 32 | { 33 | Name = '10.0.0.0/24' 34 | Site = 'London' 35 | Location = 'Datacenter 3' 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/cDisk/cDisk.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | # Version number of this module. 3 | ModuleVersion = '1.0' 4 | 5 | # ID used to uniquely identify this module 6 | GUID = 'ce4643ae-2d16-4f93-8ad2-c96c0fa17e3a' 7 | 8 | # Author of this module 9 | Author = 'Microsoft Corporation' 10 | 11 | # Company or vendor of this module 12 | CompanyName = 'Microsoft Corporation' 13 | 14 | # Copyright statement for this module 15 | Copyright = '(c) 2014 Microsoft Corporation. All rights reserved.' 16 | 17 | # Description of the functionality provided by this module 18 | Description = 'This is a modified verion of the xDisk Module to allow reboots to be suppressed' 19 | 20 | All of the resources in the DSC Resource Kit are provided AS IS, and are not supported through any Microsoft standard support program or service.' 21 | 22 | # Minimum version of the Windows PowerShell engine required by this module 23 | PowerShellVersion = '4.0' 24 | 25 | # Minimum version of the common language runtime (CLR) required by this module 26 | CLRVersion = '4.0' 27 | 28 | # Functions to export from this module 29 | FunctionsToExport = '*' 30 | 31 | # Cmdlets to export from this module 32 | CmdletsToExport = '*' 33 | } 34 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/xSystemSecurity/DSCResources/xIEEsc/xIEEsc.psd1: -------------------------------------------------------------------------------- 1 | # 2 | # Module manifest for module 'xIEEsc' 3 | # 4 | # Generated on: 3/19/2014 5 | # 6 | 7 | @{ 8 | 9 | # Script module or binary module file associated with this manifest. 10 | RootModule = 'xIEEsc.schema.psm1' 11 | 12 | # Version number of this module. 13 | ModuleVersion = '1.0' 14 | 15 | # ID used to uniquely identify this module 16 | GUID = '59cdb269-a864-46ce-a1d1-bed25fabe8b6' 17 | 18 | # Author of this module 19 | Author = 'Arun Chandrasekhar' 20 | 21 | # Company or vendor of this module 22 | CompanyName = 'Microsoft' 23 | 24 | # Copyright statement for this module 25 | Copyright = '(c) 2014 Microsoft Corporation. All rights reserved.' 26 | 27 | # Description of the functionality provided by this module 28 | Description = 'Enables or Disables IE Enhanced Security Configuration' 29 | 30 | # Functions to export from this module 31 | FunctionsToExport = '*' 32 | 33 | # Cmdlets to export from this module 34 | CmdletsToExport = '*' 35 | 36 | # Variables to export from this module 37 | VariablesToExport = '*' 38 | 39 | # Aliases to export from this module 40 | AliasesToExport = '*' 41 | 42 | } 43 | 44 | 45 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADObjectEnabledState/en-US/MSFT_xADObjectEnabledState.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingComputerAccount = Retrieving the information about the computer account '{0}' from Active Directory. (ADOES0001) 4 | ComputerAccountEnabled = The computer account is enabled. (ADOES0002) 5 | ComputerAccountDisabled = The computer account is disabled. (ADOES0003) 6 | FailedToRetrieveComputerAccount = Failed to retrieve the computer account '{0}' from Active Directory. (ADOES0005) 7 | TestConfiguration = Determining the current state of the enabled property of the object with the identity '{0}' and object class '{1}'. (ADOES0006) 8 | ComputerAccountInDesiredState = The property Enabled of the computer account '{0}' is in the desired state. (ADOES0007) 9 | ComputerAccountNotInDesiredState = The property Enabled of the computer account '{0}' is not in the desired state. (ADOES0008) 10 | ComputerAccountHasBeenDisabled = The computer account '{0}' has been disabled. (ADOES0009) 11 | ComputerAccountHasBeenEnabled = The computer account '{0}' has been enabled. (ADOES0010) 12 | '@ 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADServicePrincipalName/1-AddUserServicePrincipalName_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 0c29d71c-5787-49e6-97e9-c74583028f63 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will add a Service Principal Name to a user account. 23 | #> 24 | 25 | Configuration AddUserServicePrincipalName_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xADServicePrincipalName 'SQL01Svc' 32 | { 33 | ServicePrincipalName = 'MSSQLSvc/sql01.contoso.com:1433' 34 | Account = 'SQL01Svc' 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xTimeZone/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADServicePrincipalName/2-AddComputerServicePrincipalName_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 634194bb-189a-4b26-bd80-7c01270026ea 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will add a Service Principal Name to a computer account. 23 | #> 24 | 25 | Configuration AddComputerServicePrincipalName_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xADServicePrincipalName 'web.contoso.com' 32 | { 33 | ServicePrincipalName = 'HTTP/web.contoso.com' 34 | Account = 'IIS01$' 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/xSystemSecurity/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADGroup/en-US/MSFT_xADGroup.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingGroupMembers = Retrieving group membership based on '{0}' property. 4 | GroupMembershipNotDesiredState = Group membership is NOT in the desired state. 5 | AddingGroupMembers = Adding '{0}' member(s) to AD group '{1}'. 6 | RemovingGroupMembers = Removing '{0}' member(s) from AD group '{1}'. 7 | AddingGroup = Adding AD Group '{0}' 8 | UpdatingGroup = Updating AD Group '{0}' 9 | RemovingGroup = Removing AD Group '{0}' 10 | MovingGroup = Moving AD Group '{0}' to '{1}' 11 | RestoringGroup = Attempting to restore the group {0} from recycle bin. 12 | GroupNotFound = AD Group '{0}' was not found 13 | NotDesiredPropertyState = AD Group '{0}' is not correct. Expected '{1}', actual '{2}' 14 | UpdatingGroupProperty = Updating AD Group property '{0}' to '{1}' 15 | GroupMembershipMultipleDomains = Group membership objects are in '{0}' different AD Domains. 16 | '@ 17 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/Misc/New-DnsServerZoneTransfer.ps1: -------------------------------------------------------------------------------- 1 | $Properties = @{ 2 | Name = New-xDscResourceProperty -Name Name -Type String -Attribute Key ` 3 | -Description 'Name of the secondary zone' 4 | Type = New-xDscResourceProperty -Name Type -Type String -Attribute Required -ValidateSet 'Any', 'Named', 'Specific' ` 5 | -Description 'Type of transfer allowed' 6 | SecondaryServer = New-xDscResourceProperty -Name SecondaryServerIPAddress -Type String[] -Attribute Write ` 7 | -Description 'IP address of DNS servers where zone information can be sent' 8 | Ensure = New-xDscResourceProperty -Name Ensure -Type String -Attribute Write -ValidateSet 'Present','Absent' ` 9 | -Description 'Should this resource be present or absent' 10 | 11 | } 12 | New-xDscResource -Name MSFT_xDnsServerZoneTransfer -Property $Properties.Values -Path . -ModuleName xDnsServer -FriendlyName xDnsServerZoneTransfer -Force 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xWaitForADDomain/1-WaitForADDomain_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 5f105122-a318-46f4-a7e9-7dc745c57878 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will wait for an AD Domain to respond before returning. 23 | #> 24 | 25 | Configuration WaitForADDomain_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xWaitForADDomain 'contoso.com' 32 | { 33 | DomainName = 'contoso.com' 34 | RetryIntervalSec = 60 35 | RetryCount = 10 36 | RebootRetryCount = 1 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/xSystemSecurity/Tests/Integration/MSFT_xFileSystemAccessRule.config.ps1: -------------------------------------------------------------------------------- 1 | configuration MSFT_xFileSystemAccessRule_NewRule { 2 | Import-DscResource -ModuleName 'xSystemSecurity' 3 | node localhost { 4 | xFileSystemAccessRule Integration_Test { 5 | Path = "$($env:SystemDrive)\SampleFolder" 6 | Identity = "NT AUTHORITY\NETWORK SERVICE" 7 | Rights = @("Read","Synchronize") 8 | } 9 | } 10 | } 11 | 12 | configuration MSFT_xFileSystemAccessRule_UpdateRule { 13 | Import-DscResource -ModuleName 'xSystemSecurity' 14 | node localhost { 15 | xFileSystemAccessRule Integration_Test { 16 | Path = "$($env:SystemDrive)\SampleFolder" 17 | Identity = "NT AUTHORITY\NETWORK SERVICE" 18 | Rights = @("FullControl") 19 | } 20 | } 21 | } 22 | 23 | configuration MSFT_xFileSystemAccessRule_RemoveRule { 24 | Import-DscResource -ModuleName 'xSystemSecurity' 25 | node localhost { 26 | xFileSystemAccessRule Integration_Test { 27 | Path = "$($env:SystemDrive)\SampleFolder" 28 | Identity = "NT AUTHORITY\NETWORK SERVICE" 29 | Ensure = "Absent" 30 | } 31 | } 32 | } 33 | 34 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/UserDesktopConfig/xComputerManagement/Tests/Integration/MSFT_xVirtualMemory.Config.ps1: -------------------------------------------------------------------------------- 1 | Configuration setToAuto 2 | { 3 | Import-DscResource -ModuleName xComputerManagement 4 | node "localhost" { 5 | xVirtualMemory vMem 6 | { 7 | Type = 'AutoManagePagingFile' 8 | Drive = 'C' 9 | } 10 | } 11 | } 12 | 13 | Configuration setToCustom 14 | { 15 | Import-DscResource -ModuleName xComputerManagement 16 | node "localhost" { 17 | xVirtualMemory vMem 18 | { 19 | Type = 'CustomSize' 20 | Drive = 'C' 21 | InitialSize = 128 22 | MaximumSize = 1024 23 | } 24 | } 25 | } 26 | 27 | Configuration setToSystemManaged 28 | { 29 | Import-DscResource -ModuleName xComputerManagement 30 | node "localhost" { 31 | xVirtualMemory vMem 32 | { 33 | Type = 'SystemManagedSize' 34 | Drive = 'C' 35 | } 36 | } 37 | } 38 | 39 | Configuration setToNone 40 | { 41 | Import-DscResource -ModuleName xComputerManagement 42 | node "localhost" { 43 | xVirtualMemory vMem 44 | { 45 | Type = 'NoPagingFile' 46 | Drive = 'C' 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADManagedServiceAccount/2-CreateGroupManagedServiceAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 9736d8e5-f4e6-4ae9-9e3f-41267f4026a5 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a group managed service account. 23 | #> 24 | 25 | Configuration CreateGroupManagedServiceAccount_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xADManagedServiceAccount 'ExampleGroupMSA' 32 | { 33 | Ensure = 'Present' 34 | ServiceAccountName = 'Service01' 35 | AccountType = 'Group' 36 | Path = 'OU=ServiceAccounts,DC=contoso,DC=com' 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADKDSKey/1-CreateKDSRootKey_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 6c3b1da3-f139-42e5-89e9-b9c9986122c8 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a KDS root key. If the date is set to a time 23 | slightly ahead in the future, the key won't be usable for at least 10 hours 24 | from the creation time. 25 | #> 26 | 27 | Configuration CreateKDSRootKey_Config 28 | { 29 | Import-DscResource -Module xActiveDirectory 30 | 31 | Node localhost 32 | { 33 | xADKDSKey 'ExampleKDSRootKey' 34 | { 35 | Ensure = 'Present' 36 | EffectiveTime = '1/1/2030 13:00' 37 | # Date must be set to at time in the future 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/Examples/cChocoFeatureExample.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | configuration ChocoFeatures { 17 | 18 | Import-DscResource -ModuleName cChoco 19 | 20 | Node 'localhost' { 21 | 22 | cChocoFeature allowGlobalConfirmation { 23 | 24 | FeatureName = "allowGlobalConfirmation" 25 | Ensure = 'Present' 26 | 27 | } 28 | 29 | cChocoFeature powershellHost { 30 | 31 | FeatureName = "powershellHost" 32 | Ensure = 'Absent' 33 | } 34 | } 35 | 36 | } 37 | 38 | 39 | $config = ChocoFeatures 40 | 41 | Start-DscConfiguration -Path $config.psparentpath -Wait -Verbose -Force 42 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/Tests/cChocoInstaller_Tests.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | #---------------------------------# 17 | # Pester tests for cChocoInstall # 18 | #---------------------------------# 19 | $ResourceName = ((Split-Path $MyInvocation.MyCommand.Path -Leaf) -split '_')[0] 20 | $ResourceFile = (Get-DscResource -Name $ResourceName).Path 21 | 22 | Describe "Testing $ResourceName loaded from $ResourceFile" { 23 | Context “Testing 'Get-TargetResource'” { 24 | It 'DummyTest $true should be $true' { 25 | $true | Should Be $true 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/README.md: -------------------------------------------------------------------------------- 1 | # Examples 2 | 3 | This will help to understand how to setup certain scenarios with the 4 | xActiveDirectory resource module. 5 | 6 | ## Resource examples 7 | 8 | These are the links to the examples for each individual resource: 9 | 10 | - [xADComputer](Resources/xADComputer) 11 | - [xADDomain](Resources/xADDomain) 12 | - [xADDomainController](Resources/xADDomainController) 13 | - [xADDomainDefaultPasswordPolicy](Resources/xADDomainDefaultPasswordPolicy) 14 | - [xADDomainTrust](Resources/xADDomainTrust) 15 | - [xADForestProperties](Resources/xADForestProperties) 16 | - [xADGroup](Resources/xADGroup) 17 | - [xADKDSKey](Resources/xADKDSKey) 18 | - [xADManagedServiceAccount](Resources/xADManagedServiceAccount) 19 | - [xADObjectEnabledState](Resources/xADObjectEnabledState) 20 | - [xADObjectPermissionEntry](Resources/xADObjectPermissionEntry) 21 | - [xADOrganizationalUnit](Resources/xADOrganizationalUnit) 22 | - [xADRecycleBin](Resources/xADRecycleBin) 23 | - [xADReplicationSite](Resources/xADReplicationSite) 24 | - [xADReplicationSiteLink](Resources/xADReplicationSiteLink) 25 | - [xADReplicationSubnet](Resources/xADReplicationSubnet) 26 | - [xADServicePrincipalName](Resources/xADServicePrincipalName) 27 | - [xADUser](Resources/xADUser) 28 | - [xWaitForADDomain](Resources/xWaitForADDomain) 29 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADReplicationSiteLInk/1-CreateReplicationSiteLink_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID c3f14177-bf96-4296-aa1c-4a9f08c8e34e 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create an AD Replication Site Link. 23 | #> 24 | 25 | Configuration CreateReplicationSiteLink_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xADReplicationSiteLink 'HQSiteLink' 32 | { 33 | Name = 'HQSiteLInk' 34 | SitesIncluded = @('site1', 'site2') 35 | Cost = 100 36 | ReplicationFrequencyInMinutes = 15 37 | Ensure = 'Present' 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/Examples/cChocoInstaller_cChocoPackageInstallExample.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | Configuration InstallChoco 17 | { 18 | Import-DscResource -Module cChoco 19 | Node "localhost" 20 | { 21 | cChocoPackageInstaller installSkypeWithChocoParams 22 | { 23 | Name = 'skype' 24 | Ensure = 'Present' 25 | AutoUpgrade = $True 26 | Version = 7.35.0.101 27 | } 28 | } 29 | } 30 | 31 | $config = InstallChoco 32 | 33 | Start-DscConfiguration -Path $config.psparentpath -Wait -Verbose -Force 34 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADReplicationSite/2-CreateADReplicationSiteRenameDefault_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID f486afc3-63c8-4809-a84a-34bd227023a3 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create an Active Directory replication site called 23 | 'Seattle'. If the 'Default-First-Site-Name' site exists, it will rename 24 | this site instead of create a new one. 25 | #> 26 | 27 | Configuration CreateADReplicationSiteRenameDefault_Config 28 | { 29 | Import-DscResource -Module xActiveDirectory 30 | 31 | Node localhost 32 | { 33 | xADReplicationSite 'SeattleSite' 34 | { 35 | Ensure = 'Present' 36 | Name = 'Seattle' 37 | RenameDefaultFirstSiteName = $true 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xNetworking/Examples/Sample_xFirewall_AddFirewallRule.ps1: -------------------------------------------------------------------------------- 1 | # DSC configuration for Firewall 2 | 3 | configuration Sample_xFirewall_AddFirewallRule 4 | { 5 | param 6 | ( 7 | [string[]]$NodeName = 'localhost' 8 | ) 9 | 10 | Import-DSCResource -ModuleName xNetworking 11 | 12 | Node $NodeName 13 | { 14 | xFirewall Firewall 15 | { 16 | Name = "NotePadFirewallRule" 17 | DisplayName = "Firewall Rule for Notepad.exe" 18 | DisplayGroup = "NotePad Firewall Rule Group" 19 | Ensure = "Present" 20 | Access = "Allow" 21 | State = "Enabled" 22 | Profile = ("Domain", "Private") 23 | Direction = "OutBound" 24 | RemotePort = ("8080", "8081") 25 | LocalPort = ("9080", "9081") 26 | Protocol = "TCP" 27 | Description = "Firewall Rule for Notepad.exe" 28 | ApplicationPath = "c:\windows\system32\notepad.exe" 29 | Service = "WinRM" 30 | } 31 | } 32 | } 33 | 34 | Sample_xFirewall_AddFirewallRule 35 | Start-DscConfiguration -Path Sample_xFirewall_AddFirewallRule -Wait -Verbose -Force -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADKDSKey/3-CreateKDSRootKeyRemoveLastKey_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 2847174e-ab1c-44a0-8b4f-2ad70219b52b 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will remove the last KDS root key. Use with caution. 23 | If gMSAs are installed on the network, they will not be able to reset 24 | their passwords and it may cause services to fail. 25 | #> 26 | 27 | Configuration CreateKDSRootKeyRemoveLastKey_Config 28 | { 29 | Import-DscResource -Module xActiveDirectory 30 | 31 | Node localhost 32 | { 33 | xADKDSKey 'ExampleKDSRootKeyForceRemove' 34 | { 35 | Ensure = 'Absent' 36 | EffectiveTime = '1/1/2030 13:00' 37 | ForceRemove = $true # This will allow you to remove the key if it's the last one 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADReplicationSiteLInk/2-ModifyExistingReplicationSiteLink_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID cd618e81-b903-4ae9-9dd0-ab794931505c 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will modify an existing AD Replication Site Link. 23 | #> 24 | 25 | Configuration ModifyExistingReplicationSiteLink_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xADReplicationSiteLink 'HQSiteLink' 32 | { 33 | Name = 'HQSiteLInk' 34 | SitesIncluded = 'site1' 35 | SitesExcluded = 'site2' 36 | Cost = 100 37 | ReplicationFrequencyInMinutes = 20 38 | Ensure = 'Present' 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/xSystemSecurity/DSCResources/MSFT_xFileSystemAccessRule/MSFT_xFileSystemAccessRule.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xFileSystemAccessRule")] 2 | class MSFT_xFileSystemAccessRule : OMI_BaseResource 3 | { 4 | [Key, Description("The path to the item that should have permissions set")] string Path; 5 | [Key, Description("The identity to set permissions for")] string Identity; 6 | [Write, Description("The permissions to include in this rule, can be empty if ensure = absent"), ValueMap{"ListDirectory","ReadData","WriteData","CreateFiles","CreateDirectories","AppendData","ReadExtendedAttributes","WriteExtendedAttributes","Traverse","ExecuteFile","DeleteSubdirectoriesAndFiles","ReadAttributes","WriteAttributes","Write","Delete","ReadPermissions","Read","ReadAndExecute","Modify","ChangePermissions","TakeOwnership","Synchronize","FullControl"}, Values{"ListDirectory","ReadData","WriteData","CreateFiles","CreateDirectories","AppendData","ReadExtendedAttributes","WriteExtendedAttributes","Traverse","ExecuteFile","DeleteSubdirectoriesAndFiles","ReadAttributes","WriteAttributes","Write","Delete","ReadPermissions","Read","ReadAndExecute","Modify","ChangePermissions","TakeOwnership","Synchronize","FullControl"}] string Rights[]; 7 | [Write, Description("Present to create the rule, Absent to remove an existing rule"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; 8 | }; 9 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADKDSKey/2-CreateKDSRootKeyInPast_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID c3e0fb1e-d583-45ed-b95d-e7df1afa88b7 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a KDS root key in the past. This will allow 23 | the key to be used right away, but if all the domain controllers haven't 24 | replicated yet, there may be issues when retrieving the gMSA password. 25 | Use with caution 26 | #> 27 | 28 | Configuration CreateKDSRootKeyInPast_Config 29 | { 30 | Import-DscResource -Module xActiveDirectory 31 | 32 | Node localhost 33 | { 34 | xADKDSKey 'ExampleKDSRootKeyInPast' 35 | { 36 | Ensure = 'Present' 37 | EffectiveTime = '1/1/1999 13:00' 38 | AllowUnsafeEffectiveTime = $true # Use with caution 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDisk/xDisk.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | # Version number of this module. 3 | ModuleVersion = '1.0' 4 | 5 | # ID used to uniquely identify this module 6 | GUID = '00d73ca1-58b5-46b7-ac1a-5bfcf5814faf' 7 | 8 | # Author of this module 9 | Author = 'Microsoft Corporation' 10 | 11 | # Company or vendor of this module 12 | CompanyName = 'Microsoft Corporation' 13 | 14 | # Copyright statement for this module 15 | Copyright = '(c) 2014 Microsoft Corporation. All rights reserved.' 16 | 17 | # Description of the functionality provided by this module 18 | Description = 'The xDisk module is originally part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit. This version has been modified for use in Azure. This module contains the xDisk and xWaitforDisk resources. These DSC Resources allow you to perform computer management tasks, like joining a domain or initializing disks. 19 | 20 | All of the resources in the DSC Resource Kit are provided AS IS, and are not supported through any Microsoft standard support program or service.' 21 | 22 | # Minimum version of the Windows PowerShell engine required by this module 23 | PowerShellVersion = '4.0' 24 | 25 | # Minimum version of the common language runtime (CLR) required by this module 26 | CLRVersion = '4.0' 27 | 28 | # Functions to export from this module 29 | FunctionsToExport = '*' 30 | 31 | # Cmdlets to export from this module 32 | CmdletsToExport = '*' 33 | } 34 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainController/MSFT_xADDomainController.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1.0"), FriendlyName("xADDomainController")] 2 | class MSFT_xADDomainController : OMI_BaseResource 3 | { 4 | [Key, Description("The FQDN of the domain the Domain Controller will be joining.")] String DomainName; 5 | [Required, Description("The 'PSCredential' object containing Domain Administrator rights to add the Domain Controller to the domain."), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; 6 | [Required, Description("The 'PSCredential' object containing the password to use for DSRM."), EmbeddedInstance("MSFT_Credential")] String SafemodeAdministratorPassword; 7 | [Write, Description("The path where the database will be stored.")] String DatabasePath; 8 | [Write, Description("The path where the logs will be stored.")] String LogPath; 9 | [Write, Description("The path where the Sysvol will be stored.")] String SysvolPath; 10 | [Write, Description("The name of the site this Domain Controller will be added to.")] String SiteName; 11 | [Write, Description("The path of the media you want to use install the Domain Controller.")] String InstallationMediaPath; 12 | [Write, Description("Specifies if the domain controller will be a Global Catalog (GC).")] Boolean IsGlobalCatalog; 13 | [Read, Description("The state of the Domain Controller.")] String Ensure; 14 | }; 15 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/Examples/cChocoInstaller_cChocoInstallerExample.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | Configuration InstallChoco 17 | { 18 | Import-DscResource -Module cChoco 19 | Node "localhost" 20 | { 21 | cChocoInstaller InstallChoco 22 | { 23 | InstallDir = "c:\choco" 24 | } 25 | cChocoPackageInstaller installSkypeWithChocoParams 26 | { 27 | Name = 'skype' 28 | Ensure = 'Present' 29 | DependsOn = '[cChocoInstaller]installChoco' 30 | } 31 | } 32 | } 33 | 34 | $config = InstallChoco 35 | 36 | Start-DscConfiguration -Path $config.psparentpath -Wait -Verbose -Force 37 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADRecycleBin/1-EnableADRecycleBin_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 63447da7-3fe9-4d03-b680-2129a2d0318f 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will enable the Active Directory Recycle Bin for a 23 | specified Domain 24 | #> 25 | 26 | Configuration EnableADRecycleBin_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [System.String] 32 | $ForestFQDN, 33 | 34 | [Parameter(Mandatory = $true)] 35 | [System.Management.Automation.PSCredential] 36 | $EACredential 37 | ) 38 | 39 | Import-DscResource -Module xActiveDirectory 40 | 41 | Node localhost 42 | { 43 | xADRecycleBin 'RecycleBin' 44 | { 45 | EnterpriseAdministratorCredential = $EACredential 46 | ForestFQDN = $ForestFQDN 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Modern Windows Attacks and Defense Lab 2 | 3 | This is the lab configuration for the Modern Windows Attacks and Defense class that Sean Metcalf (@pyrotek3) and I teach. It leverages [Azure Resource Manager Templates](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates) and [Desired State Config](https://docs.microsoft.com/en-us/powershell/dsc/overview) to spin up the lab. 4 | 5 | ## Lab Environment 6 | The lab consists of the following servers: 7 | 8 | #### DC01 9 | * Windows 2012 R2 10 | * Active Directory 11 | * DNS 12 | * File Sharing 13 | 14 | #### TerminalServer 15 | * Windows 2012 R2 16 | * Remote Desktop Services 17 | 18 | #### AdminDesktop 19 | * Windows 2012 R2 20 | 21 | #### UserDesktop 22 | * Windows 2012 R2 23 | 24 | #### Home 25 | * Windows 2016 26 | * RSAT 27 | 28 | #### Pwnbox 29 | * Ubuntu 16.04 30 | * Metasploit 31 | 32 | ## Deploying the Lab 33 | _IMPORTANT: This lab deployment was designed to work as part of the WAAD class and certain aspects of this deployment will not work out of the box as it depends on files that are not part of this repo. Issues and pull requests will not be supported._ 34 | 35 | Most of this lab is available here in the repo. There are two aspects that are not provided though, the CLASS and WAAD folders. These folders are deployed to each Windows box as part of the DSC bootstrap. You can edit the bootstrap PS1s to either remove these deployments or modify them to work with your own folders. -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADComputer/2-AddComputerAccountDisabled_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID 6c3b8deb-2fdb-4d81-b74d-81dbfe86fcd7 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES First version. 15 | .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create an Active Directory computer account 23 | disabled. The property Enabled will not be enforced. 24 | #> 25 | 26 | Configuration AddComputerAccountDisabled_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $DomainAdministratorCredential 34 | ) 35 | 36 | Import-DscResource -ModuleName xActiveDirectory 37 | 38 | node localhost 39 | { 40 | xADComputer 'CreateDisabled' 41 | { 42 | ComputerName = 'CLU_CNO01' 43 | EnabledOnCreation = $false 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/Helper.psm1: -------------------------------------------------------------------------------- 1 | # Localized messages 2 | data LocalizedData 3 | { 4 | # culture="en-US" 5 | ConvertFrom-StringData @' 6 | RoleNotFound = Please ensure that the PowerShell module for role {0} is installed 7 | '@ 8 | } 9 | 10 | # Internal function to throw terminating error with specified errroCategory, errorId and errorMessage 11 | function New-TerminatingError 12 | { 13 | [CmdletBinding()] 14 | param 15 | ( 16 | [Parameter(Mandatory)] 17 | [String]$errorId, 18 | 19 | [Parameter(Mandatory)] 20 | [String]$errorMessage, 21 | 22 | [Parameter(Mandatory)] 23 | [System.Management.Automation.ErrorCategory]$errorCategory 24 | ) 25 | 26 | $exception = New-Object System.InvalidOperationException $errorMessage 27 | $errorRecord = New-Object System.Management.Automation.ErrorRecord $exception, $errorId, $errorCategory, $null 28 | throw $errorRecord 29 | } 30 | 31 | # Internal function to assert if the role specific module is installed or not 32 | function Assert-Module 33 | { 34 | [CmdletBinding()] 35 | param 36 | ( 37 | [string]$moduleName = 'DnsServer' 38 | ) 39 | 40 | if(! (Get-Module -Name $moduleName -ListAvailable)) 41 | { 42 | $errorMsg = $($LocalizedData.RoleNotFound) -f $moduleName 43 | New-TerminatingError -errorId 'ModuleNotFound' -errorMessage $errorMsg -errorCategory ObjectNotFound 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsServerADZone/Helper.psm1: -------------------------------------------------------------------------------- 1 | # Localized messages 2 | data LocalizedData 3 | { 4 | # culture="en-US" 5 | ConvertFrom-StringData @' 6 | RoleNotFound = Please ensure that the PowerShell module for role {0} is installed 7 | '@ 8 | } 9 | 10 | # Internal function to throw terminating error with specified errroCategory, errorId and errorMessage 11 | function New-TerminatingError 12 | { 13 | [CmdletBinding()] 14 | param 15 | ( 16 | [Parameter(Mandatory)] 17 | [String]$errorId, 18 | 19 | [Parameter(Mandatory)] 20 | [String]$errorMessage, 21 | 22 | [Parameter(Mandatory)] 23 | [System.Management.Automation.ErrorCategory]$errorCategory 24 | ) 25 | 26 | $exception = New-Object System.InvalidOperationException $errorMessage 27 | $errorRecord = New-Object System.Management.Automation.ErrorRecord $exception, $errorId, $errorCategory, $null 28 | throw $errorRecord 29 | } 30 | 31 | # Internal function to assert if the role specific module is installed or not 32 | function Assert-Module 33 | { 34 | [CmdletBinding()] 35 | param 36 | ( 37 | [string]$moduleName = 'DnsServer' 38 | ) 39 | 40 | if(! (Get-Module -Name $moduleName -ListAvailable)) 41 | { 42 | $errorMsg = $($LocalizedData.RoleNotFound) -f $moduleName 43 | New-TerminatingError -errorId 'ModuleNotFound' -errorMessage $errorMsg -errorCategory ObjectNotFound 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADGroup/3-NewGroupMultidomainMembers_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 24e89cf1-5696-499e-9e3c-e44df3a9948f 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a new domain-local group in contoso with 23 | three members in different domains. 24 | #> 25 | 26 | Configuration NewGroupMultiDomainMembers_Config 27 | { 28 | Import-DscResource -ModuleName xActiveDirectory 29 | 30 | node localhost 31 | { 32 | xADGroup 'dl1' 33 | { 34 | GroupName = 'DL_APP_1' 35 | GroupScope = 'DomainLocal' 36 | MembershipAttribute = 'DistinguishedName' 37 | Members = @( 38 | 'CN=john,OU=Accounts,DC=contoso,DC=com' 39 | 'CN=jim,OU=Accounts,DC=subdomain,DC=contoso,DC=com' 40 | 'CN=sally,OU=Accounts,DC=anothersub,DC=contoso,DC=com' 41 | ) 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/azuredeploy.parameters-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "LinuxAdminUsername": { 6 | "value": "username" 7 | }, 8 | "SSHKeyData": { 9 | "value": "ssh-rsa foo" 10 | }, 11 | "BackupUsername":{ 12 | "value": "username" 13 | }, 14 | "HelpdeskUsername":{ 15 | "value": "username" 16 | }, 17 | "AccountingUsername":{ 18 | "value": "username" 19 | }, 20 | "ServerAdminUsername":{ 21 | "value": "username" 22 | }, 23 | "HelperAccountUsername": { 24 | "value": "username" 25 | }, 26 | "BackupUserPassword":{ 27 | "value": "password" 28 | }, 29 | "HelpdeskUserPassword":{ 30 | "value": "password" 31 | }, 32 | "AccountingUserPassword":{ 33 | "value": "password" 34 | }, 35 | "ServerAdminPassword":{ 36 | "value": "password" 37 | }, 38 | "HelperAccountPassword": { 39 | "value": "password" 40 | }, 41 | "StudentPassword": { 42 | "value": "password" 43 | }, 44 | "UserDesktopClassFolderUrl": { 45 | "value": "url" 46 | }, 47 | "DCClassFolderUrl": { 48 | "value": "url" 49 | }, 50 | "LinuxClassFolderUrl": { 51 | "value": "url" 52 | }, 53 | "HomeClassFolderUrl": { 54 | "value": "url" 55 | }, 56 | "WAADFolderUrl": { 57 | "value": "url" 58 | } 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADObjectEnabledState/1-EnabledComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID b4d414dc-e230-4055-bdc3-fae268493881 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES First version. 15 | .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a computer account disabled, and 23 | enforcing the account to be enabled. 24 | #> 25 | Configuration EnabledComputerAccount_Config 26 | { 27 | Import-DscResource -ModuleName xActiveDirectory 28 | 29 | node localhost 30 | { 31 | xADComputer 'CreateDisabled' 32 | { 33 | ComputerName = 'CLU_CNO01' 34 | EnabledOnCreation = $false 35 | } 36 | 37 | xADObjectEnabledState 'EnforceEnabledPropertyToEnabled' 38 | { 39 | Identity = 'CLU_CNO01' 40 | ObjectClass = 'Computer' 41 | Enabled = $true 42 | 43 | DependsOn = '[xADComputer]CreateDisabled' 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADUser/1-CreateUserAndManagePassword_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID b293f599-2660-424d-8200-61d399e44257 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a user with a managed password. 23 | This might be used to manage the lifecycle of a service account. 24 | #> 25 | 26 | Configuration CreateUserAndManagePassword_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $Password 34 | ) 35 | 36 | Import-DscResource -Module xActiveDirectory 37 | 38 | Node localhost 39 | { 40 | xADUser 'Contoso\ExampleUser' 41 | { 42 | Ensure = 'Present' 43 | UserName = 'ExampleUser' 44 | Password = $Password 45 | DomainName = 'contoso.com' 46 | Path = 'CN=Users,DC=contoso,DC=com' 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADForestProperties/2-AddRemoveForestProperties_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID bd5991db-7382-41cf-aefa-ba2b57af227a 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will manage the Service and User Principal name suffixes in 23 | the forest by adding and removing the desired suffixes. This will not overwrite 24 | existing suffixes in the forest. 25 | #> 26 | 27 | Configuration AddRemoveForestProperties_Config 28 | { 29 | Import-DscResource -ModuleName xActiveDirectory 30 | 31 | node localhost 32 | { 33 | xADForestProperties 'ContosoProperties' 34 | { 35 | ForestName = 'contoso.com' 36 | ServicePrincipalNameSuffixToAdd = 'test.net' 37 | ServicePrincipalNameSuffixToRemove = 'test.com' 38 | UserPrincipalNameSuffixToAdd = 'cloudapp.net', 'fabrikam.com' 39 | UserPrincipalNameSuffixToRemove = 'pester.net' 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/AppVeyor/AppVeyorBuild.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | #---------------------------------# 17 | # Header # 18 | #---------------------------------# 19 | Write-Host 'Running AppVeyor build script' -ForegroundColor Yellow 20 | Write-Host "ModuleName : $env:ModuleName" 21 | Write-Host "Build version : $env:APPVEYOR_BUILD_VERSION" 22 | Write-Host "Author : $env:APPVEYOR_REPO_COMMIT_AUTHOR" 23 | Write-Host "Branch : $env:APPVEYOR_REPO_BRANCH" 24 | Write-Host "Repo : $env:APPVEYOR_REPO_NAME" 25 | Write-Host "PSModulePath :" 26 | 27 | $env:PSModulePath -split ';' 28 | 29 | #---------------------------------# 30 | # BuildScript # 31 | #---------------------------------# 32 | Write-Host 'Nothing to build, skipping.....' 33 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADComputer/1-AddComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID ba7fb687-dad4-40b2-9776-c6b49386c297 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES First version. 15 | .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create two Active Directory computer accounts 23 | enabled. The property Enabled will not be enforced in either case. 24 | #> 25 | 26 | Configuration AddComputerAccount_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $DomainAdministratorCredential 34 | ) 35 | 36 | Import-DscResource -ModuleName xActiveDirectory 37 | 38 | node localhost 39 | { 40 | xADComputer 'CreateEnabled_SQL01' 41 | { 42 | ComputerName = 'SQL01' 43 | } 44 | 45 | xADComputer 'CreateEnabled_SQL02' 46 | { 47 | ComputerName = 'SQL02' 48 | EnabledOnCreation = $true 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/appveyor.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------# 2 | # environment configuration # 3 | #---------------------------------# 4 | version: 2.3.1.{build} 5 | os: WMF 5 6 | install: 7 | - ps: . .\AppVeyor\AppVeyorInstall.ps1 8 | 9 | environment: 10 | nugetKey: 11 | secure: cTU7bDH5E95cI/Zj36CfMrrgnnW/fmEd1S9+cqmBlV3P0GMUnluLcydTWgDK7Usu 12 | github_access_token: 13 | secure: Xk7jTkdE82qskQy9WPZK0zSafSjT6gK1SYxH8m4Aa8muCMQ4ACkkztJ3toh9DFlS 14 | ModuleName: cChoco 15 | #---------------------------------# 16 | # build configuration # 17 | #---------------------------------# 18 | build_script: 19 | - ps: . .\AppVeyor\AppVeyorBuild.ps1 20 | 21 | #---------------------------------# 22 | # test configuration # 23 | #---------------------------------# 24 | test_script: 25 | - ps: . .\AppVeyor\AppVeyorTest.ps1 26 | 27 | #---------------------------------# 28 | # deployment configuration # 29 | #---------------------------------# 30 | deploy_script: 31 | - ps: . .\AppVeyor\AppveyorDeploy.ps1 32 | 33 | #---------------------------------# 34 | # notification configuration # 35 | #---------------------------------# 36 | notifications: 37 | - provider: Email 38 | to: 39 | - chocolatey-build-status@googlegroups.com 40 | subject: AppVeyor - cChoco DSC Resource Build Notification 41 | on_build_success: false 42 | on_build_failure: true 43 | on_build_status_changed: true 44 | - provider: Webhook 45 | url: https://webhooks.gitter.im/e/f764ee3ccd6ed7348224 46 | on_build_success: true 47 | on_build_failure: true 48 | on_build_status_changed: true 49 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADGroup/1-NewGroup_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID f24bbdb8-4f0d-47a4-9281-d40092322cd5 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a new domain-local group 23 | #> 24 | 25 | Configuration NewGroup_Config 26 | { 27 | param 28 | ( 29 | [parameter(Mandatory = $true)] 30 | [System.String] 31 | $GroupName, 32 | 33 | [ValidateSet('DomainLocal', 'Global', 'Universal')] 34 | [System.String] 35 | $Scope = 'Global', 36 | 37 | [ValidateSet('Security', 'Distribution')] 38 | [System.String] 39 | $Category = 'Security', 40 | 41 | [ValidateNotNullOrEmpty()] 42 | [System.String] 43 | $Description 44 | ) 45 | 46 | Import-DscResource -Module xActiveDirectory 47 | 48 | Node localhost 49 | { 50 | xADGroup 'ExampleGroup' 51 | { 52 | GroupName = $GroupName 53 | GroupScope = $Scope 54 | Category = $Category 55 | Description = $Description 56 | Ensure = 'Present' 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADDomainDefaultPasswordPolicy/1-ConfigureDefaultPasswordPolicy_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 96b94fc3-2b96-47b7-82e8-d0551ec2e738 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will set an Active Directory domain's default password 23 | policy to set the minimum password length and complexity. 24 | #> 25 | 26 | Configuration ConfigureDefaultPasswordPolicy_Config 27 | { 28 | Param 29 | ( 30 | [parameter(Mandatory = $true)] 31 | [System.String] 32 | $DomainName, 33 | 34 | [parameter(Mandatory = $true)] 35 | [System.Boolean] 36 | $ComplexityEnabled, 37 | 38 | [parameter(Mandatory = $true)] 39 | [System.Int32] 40 | $MinPasswordLength 41 | ) 42 | 43 | Import-DscResource -Module xActiveDirectory 44 | 45 | Node localhost 46 | { 47 | xADDomainDefaultPasswordPolicy 'DefaultPasswordPolicy' 48 | { 49 | DomainName = $DomainName 50 | ComplexityEnabled = $ComplexityEnabled 51 | MinPasswordLength = $MinPasswordLength 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADComputer/3-AddComputerAccountSpecificPath_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID a18e0a9-2a4b-4406-939e-ac2bb7b6e917 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES First version. 15 | .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create an Active Directory computer account 23 | on the specified domain controller and in the specific organizational 24 | unit. 25 | #> 26 | 27 | Configuration AddComputerAccountSpecificPath_Config 28 | { 29 | param 30 | ( 31 | [Parameter(Mandatory = $true)] 32 | [ValidateNotNullOrEmpty()] 33 | [System.Management.Automation.PSCredential] 34 | $DomainAdministratorCredential 35 | ) 36 | 37 | Import-DscResource -ModuleName xActiveDirectory 38 | 39 | node localhost 40 | { 41 | xADComputer 'CreateComputerAccount' 42 | { 43 | DomainController = 'DC01' 44 | ComputerName = 'SQL01' 45 | Path = 'OU=Servers,DC=contoso,DC=com' 46 | DomainAdministratorCredential = $DomainAdministratorCredential 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADUser/2-CreateUserAndIgnorePasswordChanges_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID b293f599-2660-424d-8200-61d399e44257 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a user with a password and then ignore 23 | when the password has changed. This might be used with a traditional 24 | user account where a managed password is not desired. 25 | #> 26 | 27 | Configuration CreateUserAndIgnorePasswordChanges_Config 28 | { 29 | param 30 | ( 31 | [Parameter(Mandatory = $true)] 32 | [ValidateNotNullOrEmpty()] 33 | [System.Management.Automation.PSCredential] 34 | $Password 35 | ) 36 | 37 | Import-DscResource -Module xActiveDirectory 38 | 39 | Node localhost 40 | { 41 | xADUser 'Contoso\ExampleUser' 42 | { 43 | Ensure = 'Present' 44 | UserName = 'ExampleUser' 45 | Password = $Password 46 | PasswordNeverResets = $true 47 | DomainName = 'contoso.com' 48 | Path = 'CN=Users,DC=contoso,DC=com' 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomain/MSFT_xADDomain.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1.0"), FriendlyName("xADDomain")] 2 | class MSFT_xADDomain : OMI_BaseResource 3 | { 4 | [Key, Description("FQDN of the new domain")] String DomainName; 5 | [Required, Description("Credentials used to query for domain existence"), EmbeddedInstance("MSFT_Credential")] String DomainAdministratorCredential; 6 | [Required, Description("Password for the administrator account when the computer is started in Safe Mode"), EmbeddedInstance("MSFT_Credential")] String SafemodeAdministratorPassword; 7 | [Write, Description("Fully qualified name of the parent domain")] String ParentDomainName; 8 | [Write, Description("NetBIOS name for the new domain")] String DomainNetbiosName; 9 | [Write, Description("Credential used for creating DNS delegation"), EmbeddedInstance("MSFT_Credential")] String DnsDelegationCredential; 10 | [Write, Description("Path to a directory that contains the domain database")] String DatabasePath; 11 | [Write, Description("Path to a directory for the log file that will be written")] String LogPath; 12 | [Write, Description("Path to a directory where the Sysvol file will be written")] String SysvolPath; 13 | [Write, Description("The Forest Functional Level for the entire forest"), ValueMap{"Win2008", "Win2008R2", "Win2012", "Win2012R2", "WinThreshold"}, Values{"Win2008", "Win2008R2", "Win2012", "Win2012R2", "WinThreshold"}] String ForestMode; 14 | [Write, Description("The Domain Functional Level for the entire domain"), ValueMap{"Win2008", "Win2008R2", "Win2012", "Win2012R2", "WinThreshold"}, Values{"Win2008", "Win2008R2", "Win2012", "Win2012R2", "WinThreshold"}] String DomainMode; 15 | }; 16 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomain/en-US/MSFT_xADDomain.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | ExistingDomainMemberError = Computer is already a domain member. Cannot create a new '{0}' domain? 4 | InvalidCredentialError = Domain '{0}' is available, but invalid credentials were supplied. 5 | QueryDomainWithLocalCredential = Computer is a domain member; querying domain '{0}' using local credential ... 6 | QueryDomainWithCredential = Computer is a workgroup member; querying for domain '{0}' using supplied credential ... 7 | DomainFound = Active Directory domain '{0}' found. 8 | DomainNotFound = Active Directory domain '{0}' cannot be found. 9 | CreatingChildDomain = Creating domain '{0}' as a child of domain '{1}' ... 10 | CreatedChildDomain = Child domain '{0}' created. 11 | CreatingForest = Creating AD forest '{0}' ... 12 | CreatedForest = AD forest '{0}' created. 13 | ResourcePropertyValueIncorrect = Property '{0}' value is incorrect; expected '{1}', actual '{2}'. 14 | ResourceInDesiredState = Resource '{0}' is in the desired state. 15 | ResourceNotInDesiredState = Resource '{0}' is NOT in the desired state. 16 | RetryingGetADDomain = Attempt {0} of {1} to call Get-ADDomain failed, retrying in {2} seconds. 17 | UnhandledError = Unhandled error occured, detail here: {0} 18 | FaultExceptionAndDomainShouldExist = ServiceModel FaultException detected and domain should exist, performing retry... 19 | '@ 20 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADManagedServiceAccount/en-US/MSFT_xADManagedServiceAccount.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture='en-US' 2 | ConvertFrom-StringData @' 3 | AddingManagedServiceAccount = Adding AD Managed Service Account '{0}'. (MSA0001) 4 | RemovingManagedServiceAccount = Removing AD Managed Service Account '{0}'. (MSA0003) 5 | MovingManagedServiceAccount = Moving AD Managed Service Account '{0}' to '{1}'. (MSA0004) 6 | ManagedServiceAccountNotFound = AD Managed Service Account '{0}' was not found. (MSA0005) 7 | RetrievingServiceAccount = Retrieving AD Managed Service Account '{0}'. (MSA0006) 8 | AccountTypeForceNotTrue = The 'AccountTypeForce' was either not specified or set to false. To convert from a '{0}' MSA to a '{1}' MSA, AccountTypeForce must be set to true. (MSA0007) 9 | NotDesiredPropertyState = AD Managed Service Account '{0}' is not correct. Expected '{1}', actual '{2}'. (MSA0008) 10 | MSAInDesiredState = AD Managed Service Account '{0}' is in the desired state. (MSA0009) 11 | MSANotInDesiredState = AD Managed Service Account '{0}' is NOT in the desired state. (MSA0010) 12 | UpdatingManagedServiceAccountProperty = Updating AD Managed Service Account property '{0}' to '{1}'. (MSA0011) 13 | AddingManagedServiceAccountError = Error adding AD Managed Service Account '{0}'. (MSA0012) 14 | RetrievingPrincipalMembers = Retrieving Principals Allowed To Retrieve Managed Password based on '{0}' property. (MSA0013) 15 | RetrievingServiceAccountError = There was an error when retrieving the AD Managed Service Account '{0}'. (MSA0014) 16 | '@ 17 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/DSCResources/cChocoPackageInstallerSet/cChocoPackageInstallerSet.schema.psm1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | Configuration cChocoPackageInstallerSet 17 | { 18 | <# 19 | .SYNOPSIS 20 | Composite DSC Resource allowing you to specify multiple choco packages in a single resource block. 21 | #> 22 | [CmdletBinding(SupportsShouldProcess=$true)] 23 | param 24 | ( 25 | [parameter(Mandatory = $true)] 26 | [ValidateNotNullOrEmpty()] 27 | [System.String[]] 28 | $Name, 29 | [ValidateSet('Present','Absent')] 30 | [System.String] 31 | $Ensure='Present', 32 | [parameter(Mandatory = $false)] 33 | [ValidateNotNullOrEmpty()] 34 | [System.String] 35 | $Source 36 | ) 37 | 38 | foreach ($pName in $Name) { 39 | cChocoPackageInstaller "cChocoPackageInstaller_$($Ensure)_$($pName)" { 40 | Ensure = $Ensure 41 | Name = $pName 42 | Source = $Source 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADForestProperties/1-ReplaceForestProperties_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 4ac2de06-ee10-4f15-9ed8-a87d21b48766 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will manage the Service and User Principal name suffixes 23 | in the forest by replacing any existing suffixes with the ones specified 24 | in the configuration. 25 | #> 26 | 27 | Configuration ReplaceForestProperties_Config 28 | { 29 | Import-DscResource -ModuleName xActiveDirectory 30 | 31 | node $AllNodes.NodeName 32 | { 33 | xADForestProperties $Node.ForestName 34 | { 35 | ForestName = $Node.ForestName 36 | UserPrincipalNameSuffix = $Node.UserPrincipalNameSuffix 37 | ServicePrincipalNameSuffix = $Node.ServicePrincipalNameSuffix 38 | } 39 | } 40 | } 41 | 42 | $ConfigurationData = @{ 43 | AllNodes = @( 44 | @{ 45 | NodeName = 'dc.contoso.com' 46 | ForestName = 'contoso.com' 47 | UserPrincipalNameSuffix = 'fabrikam.com', 'industry.com' 48 | ServicePrincipalNameSuffix = 'corporate.com' 49 | } 50 | ) 51 | } 52 | 53 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainDefaultPasswordPolicy/MSFT_xADDomainDefaultPasswordPolicy.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0"), FriendlyName("xADDomainDefaultPasswordPolicy")] 2 | class MSFT_xADDomainDefaultPasswordPolicy : OMI_BaseResource 3 | { 4 | [Key, Description("Name of the domain to which the password policy will be applied")] String DomainName; 5 | [Write, Description("Whether password complexity is enabled for the default password policy")] Boolean ComplexityEnabled; 6 | [Write, Description("Length of time that an account is locked after the number of failed login attempts (minutes)")] UInt32 LockoutDuration; 7 | [Write, Description("Maximum time between two unsuccessful login attempts before the counter is reset to 0 (minutes)")] UInt32 LockoutObservationWindow; 8 | [Write, Description("Number of unsuccessful login attempts that are permitted before an account is locked out")] UInt32 LockoutThreshold; 9 | [Write, Description("Minimum length of time that you can have the same password (minutes)")] UInt32 MinPasswordAge; 10 | [Write, Description("Maximum length of time that you can have the same password (minutes)")] UInt32 MaxPasswordAge; 11 | [Write, Description("Minimum number of characters that a password must contain")] UInt32 MinPasswordLength; 12 | [Write, Description("Number of previous passwords to remember")] UInt32 PasswordHistoryCount; 13 | [Write, Description("Whether the directory must store passwords using reversible encryption")] Boolean ReversibleEncryptionEnabled; 14 | [Write, Description("Active Directory domain controller to enact the change upon")] String DomainController; 15 | [Write, Description("Credentials used to access the domain"), EmbeddedInstance("MSFT_Credential")] String Credential; 16 | }; 17 | 18 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DeploymentScripts/ClassDnsManagement.ps1: -------------------------------------------------------------------------------- 1 | function New-ClassDnsRecordSets { 2 | [CmdletBinding()] 3 | Param( 4 | [string]$ResourceGroupName='waad.training-master', 5 | [string]$ZoneName='waad.training' 6 | ) 7 | 8 | $vms = Get-AzureRmResource -ResourceType "Microsoft.Compute/VirtualMachines" -Tag @{"displayName"="homeVM"} 9 | 10 | ForEach ($vm in $vms) { 11 | $studentCode = $vm.Tags['studentCode'] 12 | $AzureHostname = "$studentCode.$($vm.Location).cloudapp.azure.com" 13 | $CnameRecord = New-AzDnsRecordConfig -Cname $AzureHostname 14 | Write-Output "[i] Mapping $AzureHostname to $studentCode.$ZoneName" 15 | New-AzDnsRecordSet -Name $studentCode -RecordType "CNAME" -ZoneName $ZoneName -ResourceGroupName $ResourceGroupName -Ttl 10 -DnsRecords $CnameRecord | Out-Null 16 | } 17 | } 18 | 19 | 20 | workflow Remove-ClassDnsRecordSets { 21 | 22 | [CmdletBinding()] 23 | Param( 24 | [Parameter(Mandatory=$true)] 25 | [pscredential]$Credentials, 26 | 27 | [Parameter(Mandatory=$true)] 28 | [string]$ResourceGroupName, 29 | 30 | [Parameter(Mandatory=$true)] 31 | [string]$ZoneName 32 | 33 | ) 34 | 35 | $dnsRecordSets = Get-AzDnsRecordSet -ZoneName $zoneName -ResourceGroupName $resourceGroupName 36 | 37 | if ($dnsRecordSets.Count -gt 0) { 38 | forEach -parallel -throttle 30 ($dnsRecordSet in $dnsRecordSets) { 39 | if ($dnsRecordSet.RecordType -eq "A" -and $dnsRecordSet.Name -notlike "*www*") { 40 | $dnsName = $dnsRecordSet.Name.toString() 41 | Write-Output "Removing $dnsName" 42 | Remove-AzDnsRecordSet -Name $dnsRecordSet.Name -RecordType "A" -ZoneName $zoneName -ResourceGroupName $resourceGroupName 43 | } 44 | } 45 | } 46 | else { 47 | Write-Output "No DNS RecordSets found" 48 | } 49 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADForestProperties/MSFT_xADForestProperties.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.0.0"), FriendlyName("xADForestProperties")] 2 | class MSFT_xADForestProperties : OMI_BaseResource 3 | { 4 | [Write, EmbeddedInstance("MSFT_Credential"), Description("Specifies the user account credentials to use to perform this task.")] String Credential; 5 | [Key, Description("Specifies the target Active Directory forest for the change.")] String ForestName; 6 | [Write, Description("Specifies the Service Principal Name (SPN) Suffix(es) to be explicitly defined in the forest and replace existing SPNs. Cannot be used with ServicePrincipalNameSuffixToAdd or ServicePrincipalNameSuffixToRemove.")] String ServicePrincipalNameSuffix[]; 7 | [Write, Description("Specifies the Service Principal Name (SPN) Suffix(es) to be added to the forest. Cannot be used with ServicePrincipalNameSuffix.")] String ServicePrincipalNameSuffixToAdd[]; 8 | [Write, Description("Specifies the Service Principal Name (SPN) Suffix(es) to be removed from the forest. Cannot be used with ServicePrincipalNameSuffix.")] String ServicePrincipalNameSuffixToRemove[]; 9 | [Write, Description("Specifies the User Principal Name (UPN) Suffix(es) to be explicitly defined in the forest and replace existing UPNs. Cannot be used with UserPrincipalNameSuffixToAdd or UserPrincipalNameSuffixToRemove.")] String UserPrincipalNameSuffix[]; 10 | [Write, Description("Specifies the User Principal Name (UPN) Suffix(es) to be added to the forest. Cannot be used with UserPrincipalNameSuffix.")] String UserPrincipalNameSuffixToAdd[]; 11 | [Write, Description("Specifies the User Principal Name (UPN) Suffix(es) to be removed from the forest. Cannot be used with UserPrincipalNameSuffix.")] String UserPrincipalNameSuffixToRemove[]; 12 | }; 13 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADObjectPermissionEntry/2-CreateDeleteComputerObject_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID cb962ab5-6694-43a7-a207-425c23682995 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will add a group permission to create and delete 23 | (CreateChild,DeleteChild) computer objects in an OU and any sub-OUs that 24 | may get created. 25 | #> 26 | 27 | Configuration CreateDeleteComputerObject_Config 28 | { 29 | Import-DscResource -Module xActiveDirectory 30 | 31 | Node localhost 32 | { 33 | xADObjectPermissionEntry 'ADObjectPermissionEntry' 34 | { 35 | Ensure = 'Present' 36 | Path = 'OU=ContosoComputers,DC=contoso,DC=com' 37 | IdentityReference = 'CONTOSO\ComputerAdminGroup' 38 | ActiveDirectoryRights = 'CreateChild', 'DeleteChild' 39 | AccessControlType = 'Allow' 40 | ObjectType = 'bf967a86-0de6-11d0-a285-00aa003049e2' # Computer objects 41 | ActiveDirectorySecurityInheritance = 'All' 42 | InheritedObjectType = '00000000-0000-0000-0000-000000000000' 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADDomainTrust/1-NewOneWayTrust_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 2caf2b93-d87e-426d-8c44-9f1d0452be10 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a new one way inbound trust between two 23 | domains. 24 | #> 25 | 26 | Configuration NewOneWayTrust_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [System.String] 32 | $SourceDomain, 33 | 34 | [Parameter(Mandatory = $true)] 35 | [System.String] 36 | $TargetDomain, 37 | 38 | [Parameter(Mandatory = $true)] 39 | [System.Management.Automation.PSCredential] 40 | $TargetDomainAdminCred 41 | ) 42 | 43 | Import-DscResource -module xActiveDirectory 44 | 45 | node localhost 46 | { 47 | xADDomainTrust 'Trust' 48 | { 49 | Ensure = 'Present' 50 | SourceDomainName = $SourceDomain 51 | TargetDomainName = $TargetDomain 52 | TargetDomainAdministratorCredential = $TargetDomainAdminCred 53 | TrustDirection = 'Inbound' 54 | TrustType = 'External' 55 | } 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADManagedServiceAccount/3-CreateGroupManagedServiceAccountWithMembers_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID b743c31a-6db6-4aad-93fb-7f209042d8c1 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a group managed service account with members. 23 | #> 24 | 25 | Configuration CreateGroupManagedServiceAccountWithMembers_Config 26 | { 27 | Import-DscResource -Module xActiveDirectory 28 | 29 | Node localhost 30 | { 31 | xADManagedServiceAccount 'AddingMembersUsingSamAccountName' 32 | { 33 | Ensure = 'Present' 34 | ServiceAccountName = 'Service01' 35 | AccountType = 'Group' 36 | Path = 'OU=ServiceAccounts,DC=contoso,DC=com' 37 | Members = 'User01', 'Computer01$' 38 | } 39 | 40 | xADManagedServiceAccount 'AddingMembersUsingDN' 41 | { 42 | Ensure = 'Present' 43 | ServiceAccountName = 'Service02' 44 | AccountType = 'Group' 45 | Path = 'OU=ServiceAccounts,DC=contoso,DC=com' 46 | Members = 'CN=User01,OU=Users,DC=contoso,DC=com', 'CN=Computer01,OU=Computers,DC=contoso,DC=com' 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADOrganizationalUnit/1-CreateADOU_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID e7ed876c-7a6b-46d7-bb89-8288680c1691 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will add an Active Directory organizational unit to the 23 | domain. 24 | #> 25 | 26 | Configuration CreateADOU_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [System.String] 32 | $Name, 33 | 34 | [Parameter(Mandatory = $true)] 35 | [System.String] 36 | $Path, 37 | 38 | [Parameter()] 39 | [System.Boolean] 40 | $ProtectedFromAccidentalDeletion = $true, 41 | 42 | [Parameter()] 43 | [ValidateNotNull()] 44 | [System.String] 45 | $Description = '' 46 | ) 47 | 48 | Import-DscResource -Module xActiveDirectory 49 | 50 | Node localhost 51 | { 52 | xADOrganizationalUnit 'ExampleOU' 53 | { 54 | Name = $Name 55 | Path = $Path 56 | ProtectedFromAccidentalDeletion = $ProtectedFromAccidentalDeletion 57 | Description = $Description 58 | Ensure = 'Present' 59 | } 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/Tests/cChoco_xDscResourceTests.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | #---------------------------------# 17 | # xDscResourceTests Pester # 18 | #---------------------------------# 19 | $DSC = Get-DscResource | Where-Object {$_.Module.Name -eq 'cChoco'} 20 | 21 | Describe 'Testing all DSC resources using xDscResource designer.' { 22 | foreach ($Resource in $DSC) 23 | { 24 | if (-not ($Resource.ImplementedAs -eq 'Composite') ) { 25 | $ResourceName = $Resource.ResourceType 26 | $Mof = Get-ChildItem “$PSScriptRoot\..\” -Filter "$resourcename.schema.mof" -Recurse 27 | 28 | Context “Testing DscResource '$ResourceName' using Test-xDscResource” { 29 | It 'Test-xDscResource should return $true' { 30 | Test-xDscResource -Name $ResourceName | Should Be $true 31 | } 32 | } 33 | 34 | Context “Testing DscSchema '$ResourceName' using Test-xDscSchema” { 35 | It 'Test-xDscSchema should return true' { 36 | Test-xDscSchema -Path $Mof.FullName | Should Be $true 37 | } 38 | } 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xTimeZone/Examples/SetTimeZone.ps1: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------------------- 2 | #The sample scripts are not supported under any Microsoft standard support 3 | #program or service. The sample scripts are provided AS IS without warranty 4 | #of any kind. Microsoft further disclaims all implied warranties including, 5 | #without limitation, any implied warranties of merchantability or of fitness for 6 | #a particular purpose. The entire risk arising out of the use or performance of 7 | #the sample scripts and documentation remains with you. In no event shall 8 | #Microsoft, its authors, or anyone else involved in the creation, production, or 9 | #delivery of the scripts be liable for any damages whatsoever (including, 10 | #without limitation, damages for loss of business profits, business interruption, 11 | #loss of business information, or other pecuniary loss) arising out of the use 12 | #of or inability to use the sample scripts or documentation, even if Microsoft 13 | #has been advised of the possibility of such damages 14 | #--------------------------------------------------------------------------------- 15 | 16 | Configuration SetTimeZone 17 | { 18 | Param 19 | ( 20 | [String[]]$NodeName = $env:COMPUTERNAME, 21 | 22 | [Parameter(Mandatory = $true)] 23 | [ValidateNotNullorEmpty()] 24 | [String]$SystemTimeZone 25 | ) 26 | 27 | Import-DSCResource -ModuleName xTimeZone 28 | 29 | Node $NodeName 30 | { 31 | xTimeZone TimeZoneExample 32 | { 33 | IsSingleInstance = 'Yes' 34 | TimeZone = $SystemTimeZone 35 | } 36 | } 37 | } 38 | 39 | SetTimeZone -NodeName "localhost" -SystemTimeZone "Tonga Standard Time" 40 | Start-DscConfiguration -Path .\SetTimeZone -Wait -Verbose -Force 41 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADObjectPermissionEntry/1-DelegateFullControl_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID c096de91-61ee-41e9-917a-069c62b34d50 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will add full control (GenericAll) permissions to 23 | the virtual computer object (VCO) ROLE01 for a cluster name object (CNO) 24 | CONTOSO\CLUSTER01$. This is used so that the Windows Failover Cluster 25 | can control the roles AD objects. 26 | #> 27 | 28 | Configuration DelegateFullControl_Config 29 | { 30 | Import-DscResource -Module xActiveDirectory 31 | 32 | Node localhost 33 | { 34 | xADObjectPermissionEntry 'ADObjectPermissionEntry' 35 | { 36 | Ensure = 'Present' 37 | Path = 'CN=ROLE01,CN=Computers,DC=contoso,DC=com' 38 | IdentityReference = 'CONTOSO\CLUSTER01$' 39 | ActiveDirectoryRights = 'GenericAll' 40 | AccessControlType = 'Allow' 41 | ObjectType = '00000000-0000-0000-0000-000000000000' 42 | ActiveDirectorySecurityInheritance = 'None' 43 | InheritedObjectType = '00000000-0000-0000-0000-000000000000' 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADObjectPermissionEntry/3-ReadWriteComputerObjectProperties_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 2b2ad944-0a4f-457e-b8ad-98e86767d77c 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will add a group permission to allow read and write 23 | (ReadProperty, WriteProperty) of all properties of computer objects in 24 | an OU and any sub-OUs that may get created. 25 | #> 26 | 27 | Configuration ReadWriteComputerObjectProperties_Config 28 | { 29 | Import-DscResource -Module xActiveDirectory 30 | 31 | Node localhost 32 | { 33 | xADObjectPermissionEntry 'ADObjectPermissionEntry' 34 | { 35 | Ensure = 'Present' 36 | Path = 'OU=ContosoComputers,DC=contoso,DC=com' 37 | IdentityReference = 'CONTOSO\ComputerAdminGroup' 38 | ActiveDirectoryRights = 'ReadProperty', 'WriteProperty' 39 | AccessControlType = 'Allow' 40 | ObjectType = '00000000-0000-0000-0000-000000000000' 41 | ActiveDirectorySecurityInheritance = 'Descendents' 42 | InheritedObjectType = 'bf967a86-0de6-11d0-a285-00aa003049e2' # Computer objects 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/Tests/cChoco_ScriptAnalyzerTests.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | #---------------------------------# 17 | # PSScriptAnalyzer tests # 18 | #---------------------------------# 19 | $Rules = Get-ScriptAnalyzerRule 20 | 21 | #Only run on cChocoInstaller.psm1 for now as this is the only resource that has had code adjustments for PSScriptAnalyzer rules. 22 | $Modules = Get-ChildItem “$PSScriptRoot\..\” -Filter ‘*.psm1’ -Recurse | Where-Object {$_.FullName -match '(cChocoInstaller|cChocoPackageInstall|cChocoFeature)\.psm1$'} 23 | 24 | #---------------------------------# 25 | # Run Module tests (psm1) # 26 | #---------------------------------# 27 | if ($Modules.count -gt 0) { 28 | Describe ‘Testing all Modules against default PSScriptAnalyzer rule-set’ { 29 | foreach ($module in $modules) { 30 | Context “Testing Module '$($module.FullName)'” { 31 | foreach ($rule in $rules) { 32 | It “passes the PSScriptAnalyzer Rule $rule“ { 33 | (Invoke-ScriptAnalyzer -Path $module.FullName -IncludeRule $rule.RuleName ).Count | Should Be 0 34 | } 35 | } 36 | } 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADComputer/4-AddComputerAccountAndCreateODJRequest_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID c5ba4d3d-72ec-4dfc-b1f9-ff1f4c45f845 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES First version. 15 | .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create an Active Directory computer account 23 | on the specified domain controller and in the specific organizational 24 | unit. After the account is create an Offline Domain Join Request file 25 | is created to the specified path. 26 | #> 27 | 28 | Configuration AddComputerAccountAndCreateODJRequest_Config 29 | { 30 | param 31 | ( 32 | [Parameter(Mandatory = $true)] 33 | [ValidateNotNullOrEmpty()] 34 | [System.Management.Automation.PSCredential] 35 | $DomainAdministratorCredential 36 | ) 37 | 38 | Import-DscResource -ModuleName xActiveDirectory 39 | 40 | node localhost 41 | { 42 | xADComputer 'CreateComputerAccount' 43 | { 44 | DomainController = 'DC01' 45 | ComputerName = 'NANO-200' 46 | Path = 'OU=Servers,DC=contoso,DC=com' 47 | RequestFile = 'D:\ODJFiles\NANO-200.txt' 48 | DomainAdministratorCredential = $DomainAdministratorCredential 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADUser/en-US/MSFT_xADUser.strings.psd1: -------------------------------------------------------------------------------- 1 | # culture="en-US" 2 | ConvertFrom-StringData @' 3 | RetrievingADUserError = Error looking up Active Directory user '{0}' ({0}@{1}). 4 | PasswordParameterConflictError = Parameter '{0}' cannot be set to '{1}' when the '{2}' parameter is specified. 5 | ChangePasswordParameterConflictError = Parameter 'ChangePasswordAtLogon' cannot be set to 'true' when Parameter 'PasswordNeverExpires' is also set to 'true'. 6 | RetrievingADUser = Retrieving Active Directory user '{0}' ({0}@{1}) ... 7 | CreatingADDomainConnection = Creating connection to Active Directory domain '{0}' ... 8 | CheckingADUserPassword = Checking Active Directory user '{0}' password ... 9 | ADUserIsPresent = Active Directory user '{0}' ({0}@{1}) is present. 10 | ADUserNotPresent = Active Directory user '{0}' ({0}@{1}) was NOT present. 11 | ADUserNotDesiredPropertyState = User '{0}' property is NOT in the desired state. Expected '{1}', actual '{2}'. 12 | AddingADUser = Adding Active Directory user '{0}'. 13 | RemovingADUser = Removing Active Directory user '{0}'. 14 | UpdatingADUser = Updating Active Directory user '{0}'. 15 | SettingADUserPassword = Setting Active Directory user password. 16 | UpdatingADUserProperty = Updating user property '{0}' with/to '{1}'. 17 | ClearingADUserProperty = Clearing user property '{0}'. 18 | MovingADUser = Moving user from '{0}' to '{1}'. 19 | RenamingADUser = Renaming user from '{0}' to '{1}'. 20 | RestoringUser = Attempting to restore the user object {0} from the recycle bin. 21 | '@ 22 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/DSCResources/MSFT_xDnsServerForwarder/MSFT_xDnsServerForwarder.psm1: -------------------------------------------------------------------------------- 1 | function Get-TargetResource 2 | { 3 | [OutputType([Hashtable])] 4 | param 5 | ( 6 | [Parameter(Mandatory)] 7 | [ValidateSet('Yes')] 8 | [string]$IsSingleInstance, 9 | [string[]]$IPAddresses 10 | ) 11 | Write-Verbose 'Getting current DNS forwarders.' 12 | [array]$currentIPs = (Get-CimInstance -Namespace root\MicrosoftDNS -ClassName microsoftdns_server).Forwarders 13 | $targetResource = @{ 14 | IsSingleInstance = $IsSingleInstance 15 | IPAddresses = @() 16 | } 17 | if ($currentIPs) 18 | { 19 | $targetResource.IPAddresses = $currentIPs 20 | } 21 | Write-Output $targetResource 22 | } 23 | 24 | function Set-TargetResource 25 | { 26 | param 27 | ( 28 | [Parameter(Mandatory)] 29 | [ValidateSet('Yes')] 30 | [string]$IsSingleInstance, 31 | [string[]]$IPAddresses 32 | ) 33 | if (!$IPAddresses) 34 | { 35 | $IPAddresses = @() 36 | } 37 | Write-Verbose 'Setting DNS forwarders.' 38 | $setParams = @{ 39 | Namespace = 'root\MicrosoftDNS' 40 | Query = 'select * from microsoftdns_server' 41 | Property = @{Forwarders = $IPAddresses} 42 | } 43 | Set-CimInstance @setParams 44 | } 45 | 46 | function Test-TargetResource 47 | { 48 | [OutputType([Bool])] 49 | param 50 | ( 51 | [Parameter(Mandatory)] 52 | [ValidateSet('Yes')] 53 | [string]$IsSingleInstance, 54 | [string[]]$IPAddresses 55 | ) 56 | [array]$currentIPs = (Get-TargetResource @PSBoundParameters).IPAddresses 57 | if ($currentIPs.Count -ne $IPAddresses.Count) 58 | { 59 | return $false 60 | } 61 | foreach ($ip in $IPAddresses) 62 | { 63 | if ($ip -notin $currentIPs) 64 | { 65 | return $false 66 | } 67 | } 68 | return $true 69 | } 70 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/nestedtemplates/vnet-with-dns-server.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "virtualNetworkName": { 6 | "type": "string", 7 | "metadata": { 8 | "description": "The name of the Virtual Network to Create" 9 | } 10 | }, 11 | "virtualNetworkAddressRange": { 12 | "type": "string", 13 | "metadata": { 14 | "description": "The address range of the new VNET in CIDR format" 15 | }, 16 | "defaultValue": "10.0.0.0/16" 17 | }, 18 | "subnetName": { 19 | "type": "string", 20 | "metadata": { 21 | "description": "The name of the subnet created in the new VNET" 22 | } 23 | }, 24 | "subnetRange": { 25 | "type": "string", 26 | "metadata": { 27 | "description": "The address range of the subnet created in the new VNET" 28 | }, 29 | "defaultValue": "10.0.0.0/24" 30 | }, 31 | "DNSServerAddress": { 32 | "type": "array", 33 | "metadata": { 34 | "description": "The DNS address(es) of the DNS Server(s) used by the VNET" 35 | } 36 | } 37 | }, 38 | "resources": [ 39 | { 40 | "type": "Microsoft.Network/virtualNetworks", 41 | "name": "[parameters('virtualNetworkName')]", 42 | "apiVersion": "2016-03-30", 43 | "location": "[resourceGroup().location]", 44 | "properties": { 45 | "addressSpace": { 46 | "addressPrefixes": [ 47 | "[parameters('virtualNetworkAddressRange')]" 48 | ] 49 | }, 50 | "dhcpOptions": { 51 | "dnsServers": "[parameters('DNSServerAddress')]" 52 | }, 53 | "subnets": [ 54 | { 55 | "name": "[parameters('subnetName')]", 56 | "properties": { 57 | "addressPrefix": "[parameters('subnetRange')]" 58 | } 59 | } 60 | ] 61 | } 62 | } 63 | ] 64 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADObjectEnabledState/3-EnabledPrestagedClusterComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID b4d414dc-e230-4055-bdc3-fae268493881 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES First version. 15 | .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | #Requires -module xFailoverCluster 20 | 21 | <# 22 | .DESCRIPTION 23 | This configuration will configure a cluster using a pre-staged computer 24 | account, and enforcing the pre-staged computer account to be enabled. 25 | #> 26 | Configuration EnabledPrestagedClusterComputerAccount_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $DomainAdministratorCredential 34 | ) 35 | 36 | Import-DscResource -ModuleName xActiveDirectory 37 | Import-DscResource -ModuleName xFailoverCluster 38 | 39 | node localhost 40 | { 41 | xCluster 'CreateCluster' 42 | { 43 | Name = 'CLU_CNO01' 44 | StaticIPAddress = '192.168.100.20/24' 45 | DomainAdministratorCredential = $DomainAdministratorCredential 46 | } 47 | 48 | xADObjectEnabledState 'EnforceEnabledPropertyToEnabled' 49 | { 50 | Identity = 'CLU_CNO01' 51 | ObjectClass = 'Computer' 52 | Enabled = $true 53 | 54 | DependsOn = @( 55 | '[xCluster]CreateCluster' 56 | ) 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/AppVeyor/AppVeyorTest.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | #---------------------------------# 17 | # Header # 18 | #---------------------------------# 19 | Write-Host 'Running AppVeyor test script' -ForegroundColor Yellow 20 | Write-Host "Current working directory: $pwd" 21 | 22 | #---------------------------------# 23 | # Run Pester Tests # 24 | #---------------------------------# 25 | $resultsFile = '.\TestsResults.xml' 26 | $testFiles = Get-ChildItem "$pwd\tests" | Where-Object {$_.FullName -match 'Tests.ps1$'} | Select-Object -ExpandProperty FullName 27 | $results = Invoke-Pester -Script $testFiles -OutputFormat NUnitXml -OutputFile $resultsFile -PassThru 28 | 29 | Write-Host 'Uploading results' 30 | try { 31 | (New-Object 'System.Net.WebClient').UploadFile("https://ci.appveyor.com/api/testresults/nunit/$($env:APPVEYOR_JOB_ID)", (Resolve-Path $resultsFile)) 32 | } catch { 33 | throw "Upload failed." 34 | } 35 | 36 | #---------------------------------# 37 | # Validate # 38 | #---------------------------------# 39 | if (($results.FailedCount -gt 0) -or ($results.PassedCount -eq 0) -or ($null -eq $results)) { 40 | throw "$($results.FailedCount) tests failed." 41 | } else { 42 | Write-Host 'All tests passed' -ForegroundColor Green 43 | } 44 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/HomeConfig/cChoco/AppVeyor/AppVeyorDeploy.ps1: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Chocolatey Software, Inc. 2 | # Copyright (c) 2013 - 2017 Lawrence Gripper & original authors/contributors from https://github.com/chocolatey/cChoco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | #---------------------------------# 17 | # Header # 18 | #---------------------------------# 19 | Write-Host 'Running AppVeyor deploy script' -ForegroundColor Yellow 20 | 21 | #---------------------------------# 22 | # Update module manifest # 23 | #---------------------------------# 24 | Write-Host 'Creating new module manifest' 25 | 26 | $ModuleManifestPath = Join-Path -path "$pwd" -ChildPath ("$env:ModuleName"+'.psd1') 27 | $ModuleManifest = Get-Content $ModuleManifestPath -Raw 28 | 29 | Write-Host "Updating module manifest to version: $env:APPVEYOR_BUILD_VERSION" 30 | [regex]::replace($ModuleManifest,'(ModuleVersion = )(.*)',"`$1'$env:APPVEYOR_BUILD_VERSION'") | Out-File -LiteralPath $ModuleManifestPath 31 | 32 | #---------------------------------# 33 | # Publish to PS Gallery # 34 | #---------------------------------# 35 | 36 | if ( ($env:APPVEYOR_REPO_NAME -notmatch 'chocolatey') -or (!$env:APPVEYOR_REPO_TAG_NAME) ) 37 | { 38 | Write-Host "Finished testing of branch: $env:APPVEYOR_REPO_BRANCH - Exiting" 39 | exit; 40 | } 41 | 42 | Write-Host "Publishing module to Powershell Gallery: " 43 | Publish-Module -Name $env:ModuleName -NuGetApiKey $env:nugetKey 44 | 45 | Write-Host 'Done!' -ForegroundColor Green 46 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADDomain/1-NewForest_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 86c0280c-6b48-4689-815d-5bc0692845a4 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a new domain with a new forest and a forest 23 | functional level of Server 2016. 24 | #> 25 | 26 | Configuration NewForest_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $DomainAdministratorCredential 34 | ) 35 | 36 | Import-DscResource -ModuleName PSDscResources 37 | Import-DscResource -ModuleName xActiveDirectory 38 | 39 | node $AllNodes.NodeName 40 | { 41 | WindowsFeature 'ADDS' 42 | { 43 | Name = 'AD-Domain-Services' 44 | Ensure = 'Present' 45 | } 46 | 47 | WindowsFeature 'RSAT' 48 | { 49 | Name = 'RSAT-AD-PowerShell' 50 | Ensure = 'Present' 51 | } 52 | 53 | xADDomain $Node.DomainName 54 | { 55 | DomainName = $Node.DomainName 56 | DomainAdministratorCredential = $DomainAdministratorCredential 57 | SafemodeAdministratorPassword = $DomainAdministratorCredential 58 | ForestMode = $Node.FFL 59 | } 60 | } 61 | } 62 | 63 | $ConfigurationData = @{ 64 | AllNodes = @( 65 | @{ 66 | NodeName = 'localhost' 67 | FFL = 'WinThreshold' 68 | DomainName = 'contoso.com' 69 | } 70 | ) 71 | } 72 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADGroup/MSFT_xADGroup.schema.mof: -------------------------------------------------------------------------------- 1 | [ClassVersion("1.0.1.0"), FriendlyName("xADGroup")] 2 | class MSFT_xADGroup : OMI_BaseResource 3 | { 4 | [Key, Description("Name of the Active Directory group")] String GroupName; 5 | [Write, Description("Active Directory group scope"), ValueMap{"DomainLocal","Global","Universal"}, Values{"DomainLocal","Global","Universal"}] String GroupScope; 6 | [Write, Description("Active Directory group category"), ValueMap{"Security","Distribution"}, Values{"Security","Distribution"}] String Category; 7 | [Write, Description("Location of the group within Active Directory expressed as a Distinguished Name")] String Path; 8 | [Write, Description("Should this resource be present or absent"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 9 | [Write, Description("Description of the Active Directory group")] String Description; 10 | [Write, Description("Display name of the Active Directory group")] String DisplayName; 11 | [Write, Description("Credentials used to enact the change upon"), EmbeddedInstance("MSFT_Credential")] String Credential; 12 | [Write, Description("Active Directory domain controller to enact the change upon")] String DomainController; 13 | [Write, Description("Active Directory group membership should match membership exactly")] String Members[]; 14 | [Write, Description("Active Directory group should include these members")] String MembersToInclude[]; 15 | [Write, Description("Active Directory group should NOT include these members")] String MembersToExclude[]; 16 | [Write, Description("Active Directory attribute used to perform membership operations"), ValueMap{"SamAccountName","DistinguishedName","ObjectGUID","SID"}, Values{"SamAccountName","DistinguishedName","ObjectGUID","SID"}] String MembershipAttribute; 17 | [Write, Description("Active Directory managed by attribute specified as a DistinguishedName")] String ManagedBy; 18 | [Write, Description("Active Directory group notes field")] String Notes; 19 | [Write, Description("Try to restore the group from the recycle bin before creating a new one.")] Boolean RestoreFromRecycleBin; 20 | }; 21 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/DSCResources/MSFT_xADDomainController/en-US/MSFT_xADDomainController.strings.psd1: -------------------------------------------------------------------------------- 1 | ConvertFrom-StringData @' 2 | ResolveDomainName = Resolving the domain name '{0}'. (ADDC0001) 3 | DomainPresent = The domain '{0}' is present. Looking for domain controllers. (ADDC0002) 4 | FoundDomainController = Found the domain controller '{0}' in the domain '{1}'. (ADDC0003) 5 | AlreadyDomainController = The current node '{0}' is already a domain controller for the domain '{1}'. (ADDC0004) 6 | NotDomainController = The current node '{0}' is not a domain controller. (ADDC0006) 7 | IsDomainController = The current node '{0}' is a domain controller for the domain '{1}'. (ADDC0007) 8 | MissingDomain = Current node could not find the domain '{0}'. (ADDC0008) 9 | Promoting = Promoting the current node to be a domain controller for the domain '{1}'. (ADDC0009) 10 | Promoted = The current node '{0}' has been promoted to a domain controller for the domain '{1}'. (ADDC0010) 11 | AddGlobalCatalog = Adding Global Catalog to the domain controller. (ADDC0011) 12 | RemoveGlobalCatalog = Removing Global Catalog from the domain controller. (ADDC0012) 13 | MovingDomainController = Moving Domain Controller from site '{0}' to site '{1}'. (ADDC0013) 14 | FailedToFindSite = The site '{0}' could not be found in the domain '{1}'. (ADDC0014) 15 | TestingConfiguration = Determine the state of the domain controller on the current node '{0}' in the domain '{1}'. (ADDC0015) 16 | WrongSite = The domain controller is in the site '{0}', but expected it to be in the site '{1}'. (ADDC0016) 17 | ExpectedGlobalCatalogEnabled = The domain controller does not contain a Global Catalog, but it was expected to have a Global Catalog. 18 | ExpectedGlobalCatalogDisabled = The domain controller have a Global Catalog, but it was expected to not have a Global Catalog. 19 | ExpectedDomainController = Expected the node to be a domain controller, but did not get a domain controller object. (ADDC0017) 20 | '@ 21 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/AdminDesktopConfig/AdminDesktopConfig.ps1: -------------------------------------------------------------------------------- 1 | configuration AdminDesktopConfig 2 | { 3 | Param( 4 | [Parameter(Mandatory)] 5 | [String]$DomainName, 6 | [Parameter(Mandatory)] 7 | [System.Management.Automation.PSCredential]$Admincreds, 8 | [Parameter(Mandatory)] 9 | [string]$waadFolderUrl 10 | ) 11 | Import-DscResource -ModuleName PSDesiredStateConfiguration 12 | [System.Management.Automation.PSCredential]$DomainCreds = New-Object System.Management.Automation.PSCredential ("${DomainName}\$($Admincreds.UserName)", $Admincreds.Password) 13 | 14 | Node localhost { 15 | 16 | Script DownloadWAADFiles { 17 | SetScript = { 18 | Add-Content -Path "C:\Windows\Temp\jah-dsc-log.txt" -Value "[DownloadWAADFiles] Downloading WAAD.zip" 19 | Invoke-WebRequest -Uri $using:waadFolderUrl -OutFile C:\Windows\Temp\WAAD.zip 20 | } 21 | GetScript = { @{} } 22 | TestScript = { 23 | Test-Path C:\Windows\Temp\WAAD.zip 24 | } 25 | } 26 | Archive UnzipWAADFiles { 27 | Ensure = "Present" 28 | Destination = "C:\WAAD" 29 | Path = "C:\Windows\Temp\WAAD.zip" 30 | Force = $true 31 | DependsOn = "[Script]DownloadWAADFiles" 32 | } 33 | Script SetTimeZone { 34 | SetScript = { 35 | Add-Content -Path "C:\Windows\Temp\jah-dsc-log.txt" -Value "[SetTimeZone] Running.." 36 | cmd.exe /c 'tzutil /s "Eastern Standard Time"' 37 | } 38 | GetScript = { @{} } 39 | TestScript = { $false } 40 | } 41 | WindowsFeature DotNetCore { 42 | Ensure = "Present" 43 | Name = "Net-Framework-Core" 44 | } 45 | WindowsFeature RemoteDesktop 46 | { 47 | Ensure = "Present" 48 | Name = "RDS-RD-Server" 49 | } 50 | Group AddToAdmins { 51 | GroupName = 'Administrators' 52 | Ensure = 'Present' 53 | MembersToInclude = "$DomainName\WorkstationAdmins" 54 | Credential = $DomainCreds 55 | PsDscRunAsCredential = $DomainCreds 56 | } 57 | LocalConfigurationManager { 58 | ConfigurationMode = 'ApplyOnly' 59 | RebootNodeIfNeeded = $true 60 | } 61 | } 62 | } -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xDnsServer/xDnsServer.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | # Version number of this module. 3 | ModuleVersion = '1.7.0.0' 4 | 5 | # ID used to uniquely identify this module 6 | GUID = '5f70e6a1-f1b2-4ba0-8276-8967d43a7ec2' 7 | 8 | # Author of this module 9 | Author = 'Microsoft Corporation' 10 | 11 | # Company or vendor of this module 12 | CompanyName = 'Microsoft Corporation' 13 | 14 | # Copyright statement for this module 15 | Copyright = '(c) 2014 Microsoft Corporation. All rights reserved.' 16 | 17 | # Description of the functionality provided by this module 18 | Description = 'Module with DSC Resources for DNS Server area' 19 | 20 | # Minimum version of the Windows PowerShell engine required by this module 21 | PowerShellVersion = '4.0' 22 | 23 | # Minimum version of the common language runtime (CLR) required by this module 24 | # CLRVersion = '4.0' 25 | 26 | # Functions to export from this module 27 | FunctionsToExport = '*' 28 | 29 | # Cmdlets to export from this module 30 | CmdletsToExport = '*' 31 | 32 | # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell. 33 | PrivateData = @{ 34 | 35 | PSData = @{ 36 | 37 | # Tags applied to this module. These help with module discovery in online galleries. 38 | Tags = @('DesiredStateConfiguration', 'DSC', 'DSCResourceKit', 'DSCResource') 39 | 40 | # A URL to the license for this module. 41 | LicenseUri = 'https://github.com/PowerShell/xDnsServer/blob/master/LICENSE' 42 | 43 | # A URL to the main website for this project. 44 | ProjectUri = 'https://github.com/PowerShell/xDnsServer' 45 | 46 | # A URL to an icon representing this module. 47 | # IconUri = '' 48 | 49 | # ReleaseNotes of this module 50 | ReleaseNotes = '* Unit tests updated to use standard unit test templates. 51 | * MSFT_xDnsServerZoneTransfer: Added unit tests. 52 | Updated to meet Style Guidelines. 53 | * MSFT_xDnsARecord: Removed hard coding of Localhost computer name to eliminate PSSA rule violation. 54 | 55 | ' 56 | 57 | } # End of PSData hashtable 58 | 59 | } # End of PrivateData hashtable 60 | } 61 | 62 | 63 | 64 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADObjectEnabledState/2-CreateClusterComputerAccount_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID b4d414dc-e230-4055-bdc3-fae268493881 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES First version. 15 | .PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | #Requires -module xFailoverCluster 20 | 21 | <# 22 | .DESCRIPTION 23 | This configuration will create a computer account disabled, configure 24 | a cluster using the disabled computer account, and enforcing the 25 | computer account to be enabled. 26 | #> 27 | Configuration CreateClusterComputerAccount_Config 28 | { 29 | param 30 | ( 31 | [Parameter(Mandatory = $true)] 32 | [ValidateNotNullOrEmpty()] 33 | [System.Management.Automation.PSCredential] 34 | $DomainAdministratorCredential 35 | ) 36 | 37 | Import-DscResource -ModuleName xActiveDirectory 38 | Import-DscResource -ModuleName xFailoverCluster 39 | 40 | node localhost 41 | { 42 | xADComputer 'ClusterAccount' 43 | { 44 | ComputerName = 'CLU_CNO01' 45 | EnabledOnCreation = $false 46 | } 47 | 48 | xCluster 'CreateCluster' 49 | { 50 | Name = 'CLU_CNO01' 51 | StaticIPAddress = '192.168.100.20/24' 52 | DomainAdministratorCredential = $DomainAdministratorCredential 53 | 54 | DependsOn = '[xADComputer]ClusterAccount' 55 | } 56 | 57 | xADObjectEnabledState 'EnforceEnabledPropertyToEnabled' 58 | { 59 | Identity = 'CLU_CNO01' 60 | ObjectClass = 'Computer' 61 | Enabled = $true 62 | 63 | DependsOn = '[xCluster]CreateCluster' 64 | } 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/Examples/Resources/xADDomain/2-NewChildDomain_Config.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0 3 | .GUID 40a01066-4c01-4115-b7a8-c21b51ac4ed3 4 | .AUTHOR Microsoft Corporation 5 | .COMPANYNAME Microsoft Corporation 6 | .COPYRIGHT (c) Microsoft Corporation. All rights reserved. 7 | .TAGS DSCConfiguration 8 | .LICENSEURI https://github.com/PowerShell/xActiveDirectory/blob/master/LICENSE 9 | .PROJECTURI https://github.com/PowerShell/xActiveDirectory 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | .PRIVATEDATA 16 | #> 17 | 18 | #Requires -module xActiveDirectory 19 | 20 | <# 21 | .DESCRIPTION 22 | This configuration will create a new child domain in an existing forest with 23 | a Domain Functional Level of Windows Server 2012R2. 24 | #> 25 | 26 | Configuration NewChildDomain_Config 27 | { 28 | param 29 | ( 30 | [Parameter(Mandatory = $true)] 31 | [ValidateNotNullOrEmpty()] 32 | [System.Management.Automation.PSCredential] 33 | $DomainAdministratorCredential 34 | ) 35 | 36 | Import-DscResource -ModuleName PSDscResources 37 | Import-DscResource -ModuleName xActiveDirectory 38 | 39 | node $AllNodes.NodeName 40 | { 41 | WindowsFeature 'ADDS' 42 | { 43 | Name = 'AD-Domain-Services' 44 | Ensure = 'Present' 45 | } 46 | 47 | WindowsFeature 'RSAT' 48 | { 49 | Name = 'RSAT-AD-PowerShell' 50 | Ensure = 'Present' 51 | } 52 | 53 | xADDomain $Node.DomainName 54 | { 55 | DomainName = $Node.DomainName 56 | DomainAdministratorCredential = $DomainAdministratorCredential 57 | SafemodeAdministratorPassword = $DomainAdministratorCredential 58 | DomainMode = $Node.DFL 59 | ParentDomainName = $node.ParentDomain 60 | } 61 | } 62 | } 63 | 64 | $ConfigurationData = @{ 65 | AllNodes = @( 66 | @{ 67 | NodeName = 'localhost' 68 | DFL = 'Win2012R2' 69 | DomainName = 'child' 70 | ParentDomain = 'contoso.com' 71 | } 72 | ) 73 | } 74 | -------------------------------------------------------------------------------- /WindowsAttackAndDefenseLab/DSC/DomainConfig/xActiveDirectory/README.md: -------------------------------------------------------------------------------- 1 | # xActiveDirectory 2 | 3 | The **xActiveDirectory** module contains DSC resources for deployment and 4 | configuration of Active Directory. 5 | 6 | These DSC resources allow you to configure new domains, child domains, and high 7 | availability domain controllers, establish cross-domain trusts and manage users, 8 | groups and OUs. 9 | 10 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 11 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 12 | 13 | ## Documentation and Examples 14 | 15 | For a full list of resources in xActiveDirectory and examples on their use, check 16 | out the [xActiveDirectory wiki](https://github.com/PowerShell/xActiveDirectory/wiki). 17 | 18 | ## Branches 19 | 20 | ### master 21 | 22 | [![Build status](https://ci.appveyor.com/api/projects/status/p4jejr60jrgb8ity/branch/master?svg=true)](https://ci.appveyor.com/project/PowerShell/xActiveDirectory/branch/master) 23 | [![codecov](https://codecov.io/gh/PowerShell/xActiveDirectory/branch/master/graph/badge.svg)](https://codecov.io/gh/PowerShell/xActiveDirectory/branch/master) 24 | 25 | This is the branch containing the latest release - 26 | no contributions should be made directly to this branch. 27 | 28 | ### dev 29 | 30 | [![Build status](https://ci.appveyor.com/api/projects/status/p4jejr60jrgb8ity/branch/dev?svg=true)](https://ci.appveyor.com/project/PowerShell/xActiveDirectory/branch/dev) 31 | [![codecov](https://codecov.io/gh/PowerShell/xActiveDirectory/branch/dev/graph/badge.svg)](https://codecov.io/gh/PowerShell/xActiveDirectory/branch/dev) 32 | 33 | This is the development branch 34 | to which contributions should be proposed by contributors as pull requests. 35 | This development branch will periodically be merged to the master branch, 36 | and be released to [PowerShell Gallery](https://www.powershellgallery.com/). 37 | 38 | ## Contributing 39 | 40 | Please check out common DSC Resource [contributing guidelines](https://github.com/PowerShell/DscResources/blob/master/CONTRIBUTING.md). 41 | 42 | ## Change log 43 | 44 | A full list of changes in each version can be found in the [change log](CHANGELOG.md). 45 | --------------------------------------------------------------------------------