├── .gitignore ├── Earth-DC ├── GPOBackup │ ├── Audit Logs │ │ ├── manifest.xml │ │ └── {BF746D0E-E27A-4A48-800B-DF0577990EDF} │ │ │ ├── Backup.xml │ │ │ ├── DomainSysvol │ │ │ └── GPO │ │ │ │ └── Machine │ │ │ │ └── Microsoft │ │ │ │ └── Windows NT │ │ │ │ ├── Audit │ │ │ │ └── audit.csv │ │ │ │ └── SecEdit │ │ │ │ └── GptTmpl.inf │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ ├── Default Domain Controller Policy │ │ ├── manifest.xml │ │ └── {EFF003BA-710D-45A5-9AD8-59CC94D2B6AE} │ │ │ ├── Backup.xml │ │ │ ├── DomainSysvol │ │ │ └── GPO │ │ │ │ └── Machine │ │ │ │ └── microsoft │ │ │ │ └── windows nt │ │ │ │ └── SecEdit │ │ │ │ └── GptTmpl.inf │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ ├── Disable Windows Automatic Updates │ │ ├── manifest.xml │ │ └── {4B6E8D32-5005-4AFB-AFB9-F37531D20D26} │ │ │ ├── Backup.xml │ │ │ ├── DomainSysvol │ │ │ └── GPO │ │ │ │ └── Machine │ │ │ │ ├── comment.cmtx │ │ │ │ └── registry.pol │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ ├── Disable Windows Defender │ │ ├── manifest.xml │ │ └── {1909F880-2248-44AB-904C-F822D0AE725E} │ │ │ ├── Backup.xml │ │ │ ├── DomainSysvol │ │ │ └── GPO │ │ │ │ └── Machine │ │ │ │ ├── comment.cmtx │ │ │ │ └── registry.pol │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ ├── Disable Windows Firewall │ │ ├── manifest.xml │ │ └── {78AEFEF1-511C-4B05-A344-A1EDFBB9EBCD} │ │ │ ├── Backup.xml │ │ │ ├── DomainSysvol │ │ │ └── GPO │ │ │ │ └── Machine │ │ │ │ ├── Microsoft │ │ │ │ └── Windows NT │ │ │ │ │ └── SecEdit │ │ │ │ │ └── GptTmpl.inf │ │ │ │ └── registry.pol │ │ │ ├── bkupInfo.xml │ │ │ └── gpreport.xml │ └── Powershell Logging │ │ ├── manifest.xml │ │ └── {06081EF8-8D7F-4E1C-9325-523728C1995C} │ │ ├── Backup.xml │ │ ├── DomainSysvol │ │ └── GPO │ │ │ └── Machine │ │ │ ├── comment.cmtx │ │ │ └── registry.pol │ │ ├── bkupInfo.xml │ │ └── gpreport.xml ├── Import-Marvel │ ├── README.md │ ├── marvel_users.csv │ └── quotes.txt ├── Initialize-MarvelDomain.ps1 ├── New-DCAutomatedTask.ps1 ├── Rename-DC.ps1 └── Update-Domain.ps1 ├── Logging ├── .env ├── Config │ ├── Windows │ │ ├── inputs.conf │ │ └── research-sysmon-config.xml │ ├── elasticstack │ │ ├── .env │ │ └── elasticstack-compose.yml │ ├── splunk │ │ ├── .env │ │ ├── indexes.conf │ │ ├── inputs.conf │ │ ├── splunk-compose.yml │ │ └── web.conf │ └── zeek │ │ ├── .env │ │ ├── __load__.zeek │ │ └── zeek-compose.yml ├── Logging.ps1 ├── docker-compose.yml └── setup_logging.sh ├── Marvel-Lab.psd1 ├── Marvel-Lab.psm1 ├── README.md ├── Workstations ├── Get-Tools.ps1 ├── Join-Domain.ps1 ├── New-WorkstationAutomatedTask.ps1 ├── Rename-Workstation.ps1 └── Update-Workstation.ps1 ├── docs ├── .vscode │ └── settings.json ├── Makefile ├── build │ ├── doctrees │ │ ├── environment.pickle │ │ ├── index.doctree │ │ └── subpages │ │ │ └── build_steps.doctree │ └── html │ │ ├── .buildinfo │ │ ├── .nojekyll │ │ ├── _images │ │ └── thor-rocket.gif │ │ ├── _sources │ │ ├── index.rst.txt │ │ └── subpages │ │ │ └── build_steps.rst.txt │ │ ├── _static │ │ ├── basic.css │ │ ├── css │ │ │ ├── badge_only.css │ │ │ ├── fonts │ │ │ │ ├── Roboto-Slab-Bold.woff │ │ │ │ ├── Roboto-Slab-Bold.woff2 │ │ │ │ ├── Roboto-Slab-Regular.woff │ │ │ │ ├── Roboto-Slab-Regular.woff2 │ │ │ │ ├── fontawesome-webfont.eot │ │ │ │ ├── fontawesome-webfont.svg │ │ │ │ ├── fontawesome-webfont.ttf │ │ │ │ ├── fontawesome-webfont.woff │ │ │ │ ├── fontawesome-webfont.woff2 │ │ │ │ ├── lato-bold-italic.woff │ │ │ │ ├── lato-bold-italic.woff2 │ │ │ │ ├── lato-bold.woff │ │ │ │ ├── lato-bold.woff2 │ │ │ │ ├── lato-normal-italic.woff │ │ │ │ ├── lato-normal-italic.woff2 │ │ │ │ ├── lato-normal.woff │ │ │ │ └── lato-normal.woff2 │ │ │ └── theme.css │ │ ├── doctools.js │ │ ├── documentation_options.js │ │ ├── file.png │ │ ├── fonts │ │ │ ├── FontAwesome.otf │ │ │ ├── Lato │ │ │ │ ├── lato-bold.eot │ │ │ │ ├── lato-bold.ttf │ │ │ │ ├── lato-bold.woff │ │ │ │ ├── lato-bold.woff2 │ │ │ │ ├── lato-bolditalic.eot │ │ │ │ ├── lato-bolditalic.ttf │ │ │ │ ├── lato-bolditalic.woff │ │ │ │ ├── lato-bolditalic.woff2 │ │ │ │ ├── lato-italic.eot │ │ │ │ ├── lato-italic.ttf │ │ │ │ ├── lato-italic.woff │ │ │ │ ├── lato-italic.woff2 │ │ │ │ ├── lato-regular.eot │ │ │ │ ├── lato-regular.ttf │ │ │ │ ├── lato-regular.woff │ │ │ │ └── lato-regular.woff2 │ │ │ ├── Roboto-Slab-Bold.woff │ │ │ ├── Roboto-Slab-Bold.woff2 │ │ │ ├── Roboto-Slab-Light.woff │ │ │ ├── Roboto-Slab-Light.woff2 │ │ │ ├── Roboto-Slab-Regular.woff │ │ │ ├── Roboto-Slab-Regular.woff2 │ │ │ ├── Roboto-Slab-Thin.woff │ │ │ ├── Roboto-Slab-Thin.woff2 │ │ │ ├── RobotoSlab │ │ │ │ ├── roboto-slab-v7-bold.eot │ │ │ │ ├── roboto-slab-v7-bold.ttf │ │ │ │ ├── roboto-slab-v7-bold.woff │ │ │ │ ├── roboto-slab-v7-bold.woff2 │ │ │ │ ├── roboto-slab-v7-regular.eot │ │ │ │ ├── roboto-slab-v7-regular.ttf │ │ │ │ ├── roboto-slab-v7-regular.woff │ │ │ │ └── roboto-slab-v7-regular.woff2 │ │ │ ├── fontawesome-webfont.eot │ │ │ ├── fontawesome-webfont.svg │ │ │ ├── fontawesome-webfont.ttf │ │ │ ├── fontawesome-webfont.woff │ │ │ ├── fontawesome-webfont.woff2 │ │ │ ├── lato-bold-italic.woff │ │ │ ├── lato-bold-italic.woff2 │ │ │ ├── lato-bold.woff │ │ │ ├── lato-bold.woff2 │ │ │ ├── lato-normal-italic.woff │ │ │ ├── lato-normal-italic.woff2 │ │ │ ├── lato-normal.woff │ │ │ └── lato-normal.woff2 │ │ ├── jquery-3.5.1.js │ │ ├── jquery.js │ │ ├── js │ │ │ ├── badge_only.js │ │ │ ├── html5shiv-printshiv.min.js │ │ │ ├── html5shiv.min.js │ │ │ ├── modernizr.min.js │ │ │ └── theme.js │ │ ├── language_data.js │ │ ├── minus.png │ │ ├── plus.png │ │ ├── pygments.css │ │ ├── searchtools.js │ │ ├── underscore-1.3.1.js │ │ └── underscore.js │ │ ├── genindex.html │ │ ├── index.html │ │ ├── objects.inv │ │ ├── search.html │ │ ├── searchindex.js │ │ └── subpages │ │ └── build_steps.html ├── conf.py ├── images │ ├── thor-rocket.gif │ └── tonystark.gif ├── index.rst └── subpages │ ├── v1-build_steps.rst │ ├── v1-logging.rst │ ├── v1-script_explanations.rst │ ├── v1-tools.rst │ ├── v1-troubleshooting.rst │ ├── v1.0.rst │ ├── v2-build_steps.rst │ ├── v2-logging.rst │ ├── v2-tools.rst │ └── v2.0.rst └── images ├── LocalAdmin.PNG ├── RDP.PNG ├── blackpanther.jpg ├── marvel.jpg └── thor.jpg /.gitignore: -------------------------------------------------------------------------------- 1 | Logging/Config/splunk/zeek/zeek-logs/* 2 | *.log 3 | *.code-workspace 4 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Audit Logs/manifest.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Audit Logs/{BF746D0E-E27A-4A48-800B-DF0577990EDF}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Audit Logs/{BF746D0E-E27A-4A48-800B-DF0577990EDF}/DomainSysvol/GPO/Machine/Microsoft/Windows NT/Audit/audit.csv: -------------------------------------------------------------------------------- 1 | Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value 2 | ,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3 3 | ,System,Audit Kerberos Authentication Service,{0cce9242-69ae-11d9-bed3-505054503030},Success and Failure,,3 4 | ,System,Audit Kerberos Service Ticket Operations,{0cce9240-69ae-11d9-bed3-505054503030},Success and Failure,,3 5 | ,System,Audit Other Account Logon Events,{0cce9241-69ae-11d9-bed3-505054503030},Success and Failure,,3 6 | ,System,Audit Application Group Management,{0cce9239-69ae-11d9-bed3-505054503030},Success and Failure,,3 7 | ,System,Audit Computer Account Management,{0cce9236-69ae-11d9-bed3-505054503030},Success and Failure,,3 8 | ,System,Audit Distribution Group Management,{0cce9238-69ae-11d9-bed3-505054503030},Success and Failure,,3 9 | ,System,Audit Other Account Management Events,{0cce923a-69ae-11d9-bed3-505054503030},Success and Failure,,3 10 | ,System,Audit Security Group Management,{0cce9237-69ae-11d9-bed3-505054503030},Success and Failure,,3 11 | ,System,Audit User Account Management,{0cce9235-69ae-11d9-bed3-505054503030},Success and Failure,,3 12 | ,System,Audit DPAPI Activity,{0cce922d-69ae-11d9-bed3-505054503030},Success and Failure,,3 13 | ,System,Audit PNP Activity,{0cce9248-69ae-11d9-bed3-505054503030},Success and Failure,,3 14 | ,System,Audit Process Creation,{0cce922b-69ae-11d9-bed3-505054503030},Success and Failure,,3 15 | ,System,Audit Process Termination,{0cce922c-69ae-11d9-bed3-505054503030},Success and Failure,,3 16 | ,System,Audit RPC Events,{0cce922e-69ae-11d9-bed3-505054503030},Success and Failure,,3 17 | ,System,Audit Token Right Adjusted,{0cce924a-69ae-11d9-bed3-505054503030},Success and Failure,,3 18 | ,System,Audit Detailed Directory Service Replication,{0cce923e-69ae-11d9-bed3-505054503030},Success and Failure,,3 19 | ,System,Audit Directory Service Access,{0cce923b-69ae-11d9-bed3-505054503030},Success and Failure,,3 20 | ,System,Audit Directory Service Changes,{0cce923c-69ae-11d9-bed3-505054503030},Success and Failure,,3 21 | ,System,Audit Directory Service Replication,{0cce923d-69ae-11d9-bed3-505054503030},Success and Failure,,3 22 | ,System,Audit Account Lockout,{0cce9217-69ae-11d9-bed3-505054503030},Success and Failure,,3 23 | ,System,Audit User / Device Claims,{0cce9247-69ae-11d9-bed3-505054503030},Success and Failure,,3 24 | ,System,Audit Group Membership,{0cce9249-69ae-11d9-bed3-505054503030},Success and Failure,,3 25 | ,System,Audit IPsec Extended Mode,{0cce921a-69ae-11d9-bed3-505054503030},Success and Failure,,3 26 | ,System,Audit IPsec Main Mode,{0cce9218-69ae-11d9-bed3-505054503030},Success and Failure,,3 27 | ,System,Audit IPsec Quick Mode,{0cce9219-69ae-11d9-bed3-505054503030},Success and Failure,,3 28 | ,System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success and Failure,,3 29 | ,System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3 30 | ,System,Audit Network Policy Server,{0cce9243-69ae-11d9-bed3-505054503030},Success and Failure,,3 31 | ,System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},Success and Failure,,3 32 | ,System,Audit Special Logon,{0cce921b-69ae-11d9-bed3-505054503030},Success and Failure,,3 33 | ,System,Audit Application Generated,{0cce9222-69ae-11d9-bed3-505054503030},Success and Failure,,3 34 | ,System,Audit Certification Services,{0cce9221-69ae-11d9-bed3-505054503030},Success and Failure,,3 35 | ,System,Audit Detailed File Share,{0cce9244-69ae-11d9-bed3-505054503030},Success and Failure,,3 36 | ,System,Audit File Share,{0cce9224-69ae-11d9-bed3-505054503030},Success and Failure,,3 37 | ,System,Audit File System,{0cce921d-69ae-11d9-bed3-505054503030},Success and Failure,,3 38 | ,System,Audit Filtering Platform Connection,{0cce9226-69ae-11d9-bed3-505054503030},Success and Failure,,3 39 | ,System,Audit Filtering Platform Packet Drop,{0cce9225-69ae-11d9-bed3-505054503030},Success and Failure,,3 40 | ,System,Audit Handle Manipulation,{0cce9223-69ae-11d9-bed3-505054503030},Success and Failure,,3 41 | ,System,Audit Kernel Object,{0cce921f-69ae-11d9-bed3-505054503030},Success and Failure,,3 42 | ,System,Audit Other Object Access Events,{0cce9227-69ae-11d9-bed3-505054503030},Success and Failure,,3 43 | ,System,Audit Registry,{0cce921e-69ae-11d9-bed3-505054503030},Success and Failure,,3 44 | ,System,Audit Removable Storage,{0cce9245-69ae-11d9-bed3-505054503030},Success and Failure,,3 45 | ,System,Audit SAM,{0cce9220-69ae-11d9-bed3-505054503030},Success and Failure,,3 46 | ,System,Audit Central Access Policy Staging,{0cce9246-69ae-11d9-bed3-505054503030},Success and Failure,,3 47 | ,System,Audit Audit Policy Change,{0cce922f-69ae-11d9-bed3-505054503030},Success and Failure,,3 48 | ,System,Audit Authentication Policy Change,{0cce9230-69ae-11d9-bed3-505054503030},Success and Failure,,3 49 | ,System,Audit Authorization Policy Change,{0cce9231-69ae-11d9-bed3-505054503030},Success and Failure,,3 50 | ,System,Audit Filtering Platform Policy Change,{0cce9233-69ae-11d9-bed3-505054503030},Success and Failure,,3 51 | ,System,Audit MPSSVC Rule-Level Policy Change,{0cce9232-69ae-11d9-bed3-505054503030},Success and Failure,,3 52 | ,System,Audit Other Policy Change Events,{0cce9234-69ae-11d9-bed3-505054503030},Success and Failure,,3 53 | ,System,Audit Non Sensitive Privilege Use,{0cce9229-69ae-11d9-bed3-505054503030},Success and Failure,,3 54 | ,System,Audit Other Privilege Use Events,{0cce922a-69ae-11d9-bed3-505054503030},Success and Failure,,3 55 | ,System,Audit Sensitive Privilege Use,{0cce9228-69ae-11d9-bed3-505054503030},Success and Failure,,3 56 | ,System,Audit IPsec Driver,{0cce9213-69ae-11d9-bed3-505054503030},Success and Failure,,3 57 | ,System,Audit Other System Events,{0cce9214-69ae-11d9-bed3-505054503030},Success and Failure,,3 58 | ,System,Audit Security State Change,{0cce9210-69ae-11d9-bed3-505054503030},Success and Failure,,3 59 | ,System,Audit Security System Extension,{0cce9211-69ae-11d9-bed3-505054503030},Success and Failure,,3 60 | ,System,Audit System Integrity,{0cce9212-69ae-11d9-bed3-505054503030},Success and Failure,,3 61 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Audit Logs/{BF746D0E-E27A-4A48-800B-DF0577990EDF}/DomainSysvol/GPO/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Audit Logs/{BF746D0E-E27A-4A48-800B-DF0577990EDF}/DomainSysvol/GPO/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Audit Logs/{BF746D0E-E27A-4A48-800B-DF0577990EDF}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Audit Logs/{BF746D0E-E27A-4A48-800B-DF0577990EDF}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Audit Logs/{BF746D0E-E27A-4A48-800B-DF0577990EDF}/gpreport.xml -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Default Domain Controller Policy/manifest.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Default Domain Controller Policy/{EFF003BA-710D-45A5-9AD8-59CC94D2B6AE}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 34 01 0a 00 00 00 00 00 24 00 bd 00 0e 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 0a 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 00 24 00 bd 00 0e 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 07 02 00 00 00 0a 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 07 02 00 00 00 00 24 00 bd 00 0e 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Default Domain Controller Policy/{EFF003BA-710D-45A5-9AD8-59CC94D2B6AE}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Default Domain Controller Policy/{EFF003BA-710D-45A5-9AD8-59CC94D2B6AE}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Default Domain Controller Policy/{EFF003BA-710D-45A5-9AD8-59CC94D2B6AE}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Default Domain Controller Policy/{EFF003BA-710D-45A5-9AD8-59CC94D2B6AE}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Default Domain Controller Policy/{EFF003BA-710D-45A5-9AD8-59CC94D2B6AE}/gpreport.xml -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Automatic Updates/manifest.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Automatic Updates/{4B6E8D32-5005-4AFB-AFB9-F37531D20D26}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Automatic Updates/{4B6E8D32-5005-4AFB-AFB9-F37531D20D26}/DomainSysvol/GPO/Machine/comment.cmtx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Automatic Updates/{4B6E8D32-5005-4AFB-AFB9-F37531D20D26}/DomainSysvol/GPO/Machine/registry.pol: -------------------------------------------------------------------------------- 1 | PReg[Software\Policies\Microsoft\Windows\WindowsUpdate\AU;NoAutoUpdate;;;][Software\Policies\Microsoft\Windows\WindowsUpdate\AU;**del.AUOptions;;; ][Software\Policies\Microsoft\Windows\WindowsUpdate\AU;**del.AutomaticMaintenanceEnabled;;; ][Software\Policies\Microsoft\Windows\WindowsUpdate\AU;**del.ScheduledInstallDay;;; ][Software\Policies\Microsoft\Windows\WindowsUpdate\AU;**del.ScheduledInstallTime;;; ][Software\Policies\Microsoft\Windows\WindowsUpdate\AU;**del.AllowMUUpdateService;;; ] -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Automatic Updates/{4B6E8D32-5005-4AFB-AFB9-F37531D20D26}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Automatic Updates/{4B6E8D32-5005-4AFB-AFB9-F37531D20D26}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Disable Windows Automatic Updates/{4B6E8D32-5005-4AFB-AFB9-F37531D20D26}/gpreport.xml -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Defender/manifest.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Defender/{1909F880-2248-44AB-904C-F822D0AE725E}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 93 53 de 8b 2b d1 0d b4 26 73 05 9f 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 93 53 de 8b 2b d1 0d b4 26 73 05 9f 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 93 53 de 8b 2b d1 0d b4 26 73 05 9f 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Defender/{1909F880-2248-44AB-904C-F822D0AE725E}/DomainSysvol/GPO/Machine/comment.cmtx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Defender/{1909F880-2248-44AB-904C-F822D0AE725E}/DomainSysvol/GPO/Machine/registry.pol: -------------------------------------------------------------------------------- 1 | PReg[Software\Policies\Microsoft\Windows Defender;DisableAntiSpyware;;;][Software\Policies\Microsoft\Windows Defender\Real-Time Protection;DisableRealtimeMonitoring;;;] -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Defender/{1909F880-2248-44AB-904C-F822D0AE725E}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Defender/{1909F880-2248-44AB-904C-F822D0AE725E}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Disable Windows Defender/{1909F880-2248-44AB-904C-F822D0AE725E}/gpreport.xml -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Firewall/manifest.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Firewall/{78AEFEF1-511C-4B05-A344-A1EDFBB9EBCD}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Firewall/{78AEFEF1-511C-4B05-A344-A1EDFBB9EBCD}/DomainSysvol/GPO/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Disable Windows Firewall/{78AEFEF1-511C-4B05-A344-A1EDFBB9EBCD}/DomainSysvol/GPO/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Firewall/{78AEFEF1-511C-4B05-A344-A1EDFBB9EBCD}/DomainSysvol/GPO/Machine/registry.pol: -------------------------------------------------------------------------------- 1 | PReg[SOFTWARE\Policies\Microsoft\WindowsFirewall;PolicyVersion;;;][SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile;EnableFirewall;;;][SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile;EnableFirewall;;;][SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile;EnableFirewall;;;] -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Firewall/{78AEFEF1-511C-4B05-A344-A1EDFBB9EBCD}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Disable Windows Firewall/{78AEFEF1-511C-4B05-A344-A1EDFBB9EBCD}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Disable Windows Firewall/{78AEFEF1-511C-4B05-A344-A1EDFBB9EBCD}/gpreport.xml -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Powershell Logging/manifest.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Powershell Logging/{06081EF8-8D7F-4E1C-9325-523728C1995C}/Backup.xml: -------------------------------------------------------------------------------- 1 | 2 | 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 7c 57 ce 57 15 53 54 39 f2 2d a0 52 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Powershell Logging/{06081EF8-8D7F-4E1C-9325-523728C1995C}/DomainSysvol/GPO/Machine/comment.cmtx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Powershell Logging/{06081EF8-8D7F-4E1C-9325-523728C1995C}/DomainSysvol/GPO/Machine/registry.pol: -------------------------------------------------------------------------------- 1 | PReg[Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging;EnableScriptBlockLogging;;;][Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging;**del.EnableScriptBlockInvocationLogging;;; ] -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Powershell Logging/{06081EF8-8D7F-4E1C-9325-523728C1995C}/bkupInfo.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Earth-DC/GPOBackup/Powershell Logging/{06081EF8-8D7F-4E1C-9325-523728C1995C}/gpreport.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/Earth-DC/GPOBackup/Powershell Logging/{06081EF8-8D7F-4E1C-9325-523728C1995C}/gpreport.xml -------------------------------------------------------------------------------- /Earth-DC/Import-Marvel/README.md: -------------------------------------------------------------------------------- 1 | # Import-Marvel 2 | 3 | Powershell script and .CSV file that allows you to import Marvel characters as users into Active Directory 4 | 5 | 6 | 7 | 8 | 9 | Script: 10 | 1. Adds users into Active Directory 11 | 2. Adds users to appropriate groups based off of `marvel_users.csv`. 12 | 3. Sets Service Prinipal Names (SPN)'s for users `thor` and `ironman`. 13 | 14 | 15 | To run: 16 | 1. Download `import_marvel.ps1` and `marvel_users.csv`. 17 | 18 | 2. Change domain name to match personal enviroment's domain. 19 | 20 | **Note:** This will need to be done in both files. 21 | 22 | - Inside of `import_marvel.ps1` on line: 60, 79, & 80 23 | 24 | - Inside of `marvel_users.csv` for each user in the `ou` section 25 | 26 | **Example:** `"CN=thor,DC=example,DC=com"` if desired domain is `example.com` 27 | 28 | 3. Change the path to which `marvel_users.csv` is located on line 24 for `import_marvel.ps1`. 29 | 30 | 4. Change the path to which `quotes.txt` is located on line 83 for `import_marvel.ps1` 31 | 32 | 4. Run `.\import_marvel.ps1` 33 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /Earth-DC/Import-Marvel/marvel_users.csv: -------------------------------------------------------------------------------- 1 | firstname,lastname,username,identity,department,province,password,ou 2 | Thor,Odenson,thor,Domain Admins,Avenger,Asgard,GodofLightning1!,"CN=Users,DC=marvel,DC=local" 3 | 4 | Loki, ,loki,LocalAdmins,Villain,Asgard,Mischief$,"CN=Users,DC=marvel,DC=local" 5 | 6 | Carol,Danvers,cmarvel,Users,Avenger,Earth,HateKree!,"CN=Users,DC=marvel,DC=local" 7 | 8 | T'Challa, ,panther,LocalAdmins,Avenger,Earth,WakandaForever!,"CN=Users,DC=marvel,DC=local" 9 | 10 | Shuri,,shuri,Users,Wakanda,Earth,WakandaPrince$$,"CN=Users,DC=marvel,DC=local" 11 | 12 | Peter,Parker,spidy,LocalAdmins,Avenger,Earth,Web$hooter,"CN=Users,DC=marvel,DC=local" 13 | 14 | Tony,Stark,ironman,LocalAdmins,Avenger,Earth,$acrificed1T,"CN=Users,DC=marvel,DC=local" 15 | 16 | Pepper,Pots,pots,Users,Civilian,Earth,MrsIronman$1,"CN=Users,DC=marvel,DC=local" 17 | 18 | Bruce,Banner,hulk,Users,Avenger,Earth,$mashEverything!,"CN=Users,DC=marvel,DC=local" 19 | 20 | Clint,Barton,hawkeye,Users,Avenger,Earth,EagleEye1!,"CN=Users,DC=marvel,DC=local" 21 | 22 | Thanos, ,thanos,Domain Admins,Villain,Titan,InfinityStone$,"CN=Users,DC=marvel,DC=local" 23 | 24 | Vision, ,vision,Users,Avenger,Computer/Mind-Stone/Earth,Mind$tone,"CN=Users,DC=marvel,DC=local" 25 | 26 | Yon-Rogg, ,rogg,Users,Villain,Kree,BadGuy101,"CN=Users,DC=marvel,DC=local" 27 | 28 | Rocket,Racoon,rocket,Users,Guardian of Galaxy,Halfworld,NotaRat!,"CN=Users,DC=marvel,DC=local" 29 | 30 | Peter,Quill,starlord,Users,Guardian of Galaxy,Earth,Blue$ky!!72,"CN=Users,DC=marvel,DC=local" 31 | 32 | Groot,Groot,groot,Users,Guardian of Galaxy,PlanetX,IamGr00t!,"CN=Users,DC=marvel,DC=local" 33 | 34 | Yondu,Udonta,yondu,Users,Guardian of Galaxy,Earth-691,WhistleArrow!,"CN=Users,DC=marvel,DC=local" 35 | 36 | Drax,Destroyer,drax,Users,Guardian of Galaxy,Earth,KillThano$,"CN=Users,DC=marvel,DC=local" 37 | 38 | Gamora,Titan,gamora,Users,Guardian of Galaxy,Zehoberei,Soul$tone,"CN=Users,DC=marvel,DC=local" 39 | 40 | Nebula, ,nebula,Users,Guardian of Galaxy,Luphomoids,BadtoGood1,"CN=Users,DC=marvel,DC=local" 41 | 42 | Corvus,Glaive,corvus,Users,Black Order,Angargal,$killedWarror,"CN=Users,DC=marvel,DC=local" 43 | 44 | Proxima,Midnight,proxima,Users,Black Order,Angargal,EnergySpear!,"CN=Users,DC=marvel,DC=local" 45 | 46 | Cull,Obsidian,cull,Users,Black Order,Angargal,$trongCreature,"CN=Users,DC=marvel,DC=local" 47 | 48 | Ebony,Maw,ebony,Users,Black Order,Angargal,VoldemortWannaBe!,"CN=Users,DC=marvel,DC=local" 49 | 50 | Steven,Strange,drstrange,Users,Avenger,Earth,Time$tone,"CN=Users,DC=marvel,DC=local" 51 | 52 | Bucky,Barnes,wintersolider,Users,Avenger,Earth,MetalArm1!,"CN=Users,DC=marvel,DC=local" 53 | 54 | Sam,Wilson,falcon,Users,Avenger,Earth,NewCap!,"CN=Users,DC=marvel,DC=local" 55 | 56 | Steve,Rogers,captain,Users,Avenger,Earth,StarsandStripes!,"CN=Users,DC=marvel,DC=local" 57 | 58 | Wanda,Maximoff,witch,Users,Avenger,Earth,Vision$GF,"CN=Users,DC=marvel,DC=local" 59 | 60 | Nick,Fury,fury,Users,Shield,Earth,OneEye!,"CN=Users,DC=marvel,DC=local" 61 | 62 | Scott,Lang,antman,Users,Avenger,Earth,TinyDude!,"CN=Users,DC=marvel,DC=local" 63 | 64 | Hope,Pym,wasp,Users,Avenger,Earth,TinyGril!,"CN=Users,DC=marvel,DC=local" 65 | 66 | James,Rhodes,warmachine,Users,Avenger,Earth,BigGunRox!,"CN=Users,DC=marvel,DC=local" 67 | 68 | Valkyrie, ,valkyrie,Users,Valkyrie,Asgard,ChooseroftheSlain!,"CN=Users,DC=marvel,DC=local" 69 | 70 | Happy,Hogan,hogan,Users,Civilian,Earth,TonysAssistant!,"CN=Users,DC=marvel,DC=local" 71 | 72 | Odin,Odenson,odin,Users,King,Asgard,KingofAsgard!,"CN=Users,DC=marvel,DC=local" 73 | 74 | Ultron, ,ultron,Users,Villain,Computer,WhatamI?,"CN=Users,DC=marvel,DC=local" 75 | 76 | Ronan,Accuser,ronan,Users,Villain,Hala,KreeEmpire$,"CN=Users,DC=marvel,DC=local" 77 | 78 | Charles,Xavier,professorx,Users,X-Men,Earth,Telepath$,"CN=Users,DC=marvel,DC=local" 79 | 80 | Scott,Summers,cyclops,Users,X-Men,Earth,Lazer$aretheway,"CN=Users,DC=marvel,DC=local" 81 | 82 | Robert,Drake,iceman,Users,X-Men,Earth,IceIceBaby1,"CN=Users,DC=marvel,DC=local" 83 | 84 | Henry,McCoy,beast,Users,X-Men,Earth,ImaBea$t,"CN=Users,DC=marvel,DC=local" 85 | 86 | Logan,Howlett,wolverine,Users,X-Men,Earth,MetalClaw$,"CN=Users,DC=marvel,DC=local" 87 | 88 | Piotr,Rasputin,colossus,Users,X-Men,Earth,MetalMan!,"CN=Users,DC=marvel,DC=local" 89 | 90 | Jean,Grey,pheonix,Users,X-Men,Earth,PhoenixForce!,"CN=Users,DC=marvel,DC=local" 91 | 92 | Max,Eisenhardt,magneto,Users,Villain,Earth,MetalControl!,"CN=Users,DC=marvel,DC=local" 93 | 94 | Brianna,Hildebrands,warhead,Users,X-Men,Earth,TennageW@rH3ad,"CN=Users,DC=marvel,DC=local" 95 | 96 | Wade,Wilson,deadpool,Users,Independent,Earth,NotXmen!,"CN=Users,DC=marvel,DC=local" 97 | 98 | Natasha,Romanoff,widow,Users,Avenger,Earth,Hulk$mash,"CN=Users,DC=marvel,DC=local" 99 | 100 | Natahan,Summers,cable,Users,X-Force,Future,MetalControl!,"CN=Users,DC=marvel,DC=local" 101 | -------------------------------------------------------------------------------- /Earth-DC/Import-Marvel/quotes.txt: -------------------------------------------------------------------------------- 1 | "Part of the journey is the end." - Tony Stark 2 | "I can do this all day." - Steve Rogers 3 | "There’s no throne, there is no version of this, where you come out on top. Maybe your army comes and maybe it’s too much for us, but it’s all on you. Because if we can’t protect the Earth, you can be damned well sure we’ll avenge it." - Mr. 3000 aka Tony Stark 4 | "I am Groot" - Groot 5 | "Dude, you’re embarrassing me in front of the wizards." - Tony Stark 6 | "I went for the head." - Thor 7 | "You should have went for the head." - Thanos 8 | "You have my respect, Stark. When I'm done, half of humanity will still be alive. I hope they remember you." - Thanos 9 | "The hardest choices require the strongest wills." - Thanos 10 | "I am...inevitable." - Thanos 11 | "I never freeze." - T'Challa aka Black Panther 12 | "In times of crisis, the wise build bridges while the foolish build barriers" - T'Challa aka Black Panther -------------------------------------------------------------------------------- /Earth-DC/Initialize-MarvelDomain.ps1: -------------------------------------------------------------------------------- 1 | function Initialize-MarvelDomain { 2 | <# 3 | .SYNOPSIS 4 | Creates marvel domain. 5 | 6 | .DESCRIPTION 7 | Initialize-MarvelDomain creates the marvel.local domain. 8 | 9 | .PARAMETER HostName 10 | Name of the current machine. 11 | 12 | .PARAMETER DomainName 13 | Domain of the current machine. 14 | 15 | .PARAMETER ProjectFilePath 16 | Path of the Marvel-Lab directory. 17 | 18 | .PARAMETER UserCSVFilePath 19 | Path of the Marvel-Lab directory. 20 | 21 | .PARAMETER WallpaperFilePath 22 | Path to the wallpaper you want to use. 23 | 24 | .PARAMETER GPOFilePath 25 | Path to the GPO files. 26 | 27 | .PARAMETER Automate 28 | Switch statement to create scheduled task - New-DCAutomatedTask. 29 | 30 | .EXAMPLE 31 | Initialize-MarvelDomain -Password 'Changeme1!' 32 | 33 | .EXAMPLE 34 | Initialize-MarvelDomain -Password 'Changeme1!' -Automate 35 | #> 36 | param( 37 | [string] 38 | $HostName = (Get-WmiObject win32_computersystem).Name, 39 | 40 | [string] 41 | $DomainName = (Get-WmiObject win32_computersystem).Domain, 42 | 43 | [string] 44 | [ValidateNotNullOrEmpty()] 45 | $Password, 46 | 47 | [string] 48 | $ProjectFilePath = 'C:\Marvel-Lab', 49 | 50 | [string] 51 | $UserCSVFilePath = 'C:\Marvel-Lab\Earth-DC\Import-Marvel\marvel_users.csv', 52 | 53 | [string] 54 | $WallpaperFilePath = 'C:\Marvel-Lab\images\cap.jpg', 55 | 56 | [string] 57 | $GPOFilePath = 'C:\Marvel-Lab\Earth-DC\GPOBackup', 58 | 59 | [switch] 60 | $Automate 61 | 62 | ) 63 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Beginning of Initialize-MarvelDomain...." 64 | $AdminPassword = (ConvertTo-SecureString $Password -AsPlainText -Force) 65 | 66 | if ((Get-WmiObject win32_computersystem).PartOfDomain -eq $false) 67 | { 68 | Write-Host -fore green "[*] $HostName is not the domain controller yet. Creating forest now" 69 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] $HostName is not the domain controller yet. Creating forest now...." 70 | 71 | # Windows Features Installation 72 | Get-Command -Module ServerManager 73 | Write-Host -fore green "Installing Windows features:" 74 | $windows_features = @("AD-Domain-Services", "DNS") 75 | $windows_features.ForEach({ 76 | Write-Host -fore yello "[*] Installing $_ Windows feature.." 77 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Installing $_ Windows feature.." 78 | Install-WindowsFeature -name $_ -IncludeManagementTools 79 | }) 80 | 81 | # Creating Forest 82 | Write-Host -fore green "[*] Deploying a new forest and promoting $HostName to Domain Controller." 83 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Deploying a new forest and promoting $HostName to Domain Controller." 84 | 85 | Import-Module ADDSDeployment 86 | Install-ADDSForest ` 87 | -SafeModeAdministratorPassword $($AdminPassword) ` 88 | -CreateDnsDelegation:$false ` 89 | -DatabasePath "C:\Windows\NTDS" ` 90 | -DomainMode "WinThreshold" ` 91 | -DomainName "marvel.local" ` 92 | -DomainNetbiosName "MARVEL" ` 93 | -ForestMode "WinThreshold" ` 94 | -InstallDns:$true ` 95 | -LogPath "C:\Windows\NTDS" ` 96 | -NoRebootOnCompletion:$true ` 97 | -SysvolPath "C:\Windows\SYSVOL" ` 98 | -Force:$true 99 | 100 | } 101 | else 102 | { 103 | 104 | Write-Host -fore red "[*] Cannot create forest. $hostname is already either apart of $DomainName domain or is already the domain controller" 105 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Cannot create forest. $hostname is already either apart of $DomainName domain or is already the domain controller." 106 | } 107 | if ($Automate){ 108 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Creating ScheduledTask for New-DCAutomatedTask." 109 | $action = New-ScheduledTaskAction -Execute 'powershell' -Argument "Import-Module $ProjectFilePath\Marvel-Lab.psm1; New-DCAutomatedTask -UserCSVFilePath $UserCSVFilePath -WallpaperFilePath $WallpaperFilePath -GPOFilePath $GPOFilePath -Password $Password 2>&1 | tee -filePath $ProjectFilePath\scheduledtasklog.txt" 110 | $trigger = New-ScheduledTaskTrigger -AtLogOn 111 | $principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest 112 | $ScheduledTask = Register-ScheduledTask -Action $action -Trigger $trigger -Principal $Principal -TaskName New-DCAutomatedTask 113 | Unregister-ScheduledTask -TaskName Initialize-MarvelDomain -Confirm:$false 114 | } 115 | 116 | Restart-Computer -Force 117 | } -------------------------------------------------------------------------------- /Earth-DC/New-DCAutomatedTask.ps1: -------------------------------------------------------------------------------- 1 | function New-DCAutomatedTask { 2 | <# 3 | .SYNOPSIS 4 | Creates Update-Domain scheduled task. 5 | 6 | .DESCRIPTION 7 | New-DCAutomatedTask was designed to create a scheduled task for Update-Domain with the user marvel\Administrator. 8 | 9 | .PARAMETER ProjectFilePath 10 | Path of the Marvel-Lab directory. 11 | 12 | .PARAMETER UserCSVFilePath 13 | Path of the Marvel-Lab directory. 14 | 15 | .PARAMETER WallpaperFilePath 16 | Path to the wallpaper you want to use. 17 | 18 | .PARAMETER GPOFilePath 19 | Path to the GPO files. 20 | 21 | .PARAMETER Password 22 | Administrators password. 23 | 24 | .EXAMPLE 25 | New-DCAutomatedTask -Password 'Changeme1!' 26 | 27 | .EXAMPLE 28 | New-DCAutomatedTask -Password 'Changeme1!' -ProjectFilePath C:\Marvel-Lab 29 | #> 30 | 31 | param( 32 | [string] 33 | [ValidateNotNullOrEmpty()] 34 | $Password, 35 | 36 | [string] 37 | $ProjectFilePath = 'C:\Marvel-Lab', 38 | 39 | [string] 40 | $UserCSVFilePath = 'C:\Marvel-Lab\Earth-DC\Import-Marvel\marvel_users.csv', 41 | 42 | [string] 43 | $WallpaperFilePath = 'C:\Marvel-Lab\images\cap.jpg', 44 | 45 | [string] 46 | $GPOFilePath = 'C:\Marvel-Lab\Earth-DC\GPOBackup' 47 | ) 48 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Beginning of New-DCAutomatedTask...." 49 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Createing ScheduledTask for Update-Domain..." 50 | $action = New-ScheduledTaskAction -Execute 'powershell' -Argument "Import-Module $ProjectFilePath\Marvel-Lab.psm1; Update-Domain -UserCSVFilePath $UserCSVFilePath -WallpaperFilePath $WallpaperFilePath -GPOFilePath $GPOFilePath -ProjectFilePath $ProjectFilePath -Automate 2>&1 | tee -filePath $ProjectFilePath\scheduledtasklog.txt" 51 | $ScheduledTask = $ScheduledTask = Register-ScheduledTask -Action $action -User 'marvel\Administrator' -Password $Password -TaskName Update-Domain 52 | Start-ScheduledTask -TaskName Update-Domain 53 | Unregister-ScheduledTask -TaskName Initialize-MarvelDomain -Confirm:$false 54 | } 55 | -------------------------------------------------------------------------------- /Earth-DC/Rename-DC.ps1: -------------------------------------------------------------------------------- 1 | function Rename-DC { 2 | 3 | <# 4 | .SYNOPSIS 5 | Rename's the Domain Controller. 6 | 7 | .DESCRIPTION 8 | Rename-DC was designed to update the domain controller's name. 9 | 10 | .PARAMETER DomainControllerName 11 | The new name of the Domain Controller (Asgard-Wrkstn/Wakanda-Wrkstn) 12 | 13 | .PARAMETER ProjectFilePath 14 | Path of the Marvel-Lab directory. 15 | 16 | .PARAMETER Password 17 | Password of the current administrator 18 | 19 | .PARAMETER Automate 20 | Switch statement to create a scheduled task to run Initialize-MarvelDomain 21 | 22 | .EXAMPLE 23 | Rename-DC -Password 'Changeme1!' 24 | 25 | .EXAMPLE 26 | Rename-DC -Password 'Changeme1!' -Automate 27 | 28 | #> 29 | 30 | param( 31 | 32 | [string] 33 | $ProjectFilePath = 'C:\Marvel-Lab', 34 | 35 | [string] 36 | $DomainControllerName = 'Earth-DC', 37 | 38 | 39 | [string] 40 | [ValidateNotNullOrEmpty()] 41 | $Password, 42 | 43 | [switch] 44 | $Automate 45 | ) 46 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Beginning of Rename-DC...." 47 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Setting timezone to UTC...." 48 | Write-Output "[*] Setting timezone to UTC...." 49 | 50 | c:\windows\system32\tzutil.exe /s "UTC" 51 | 52 | Write-Output "[*] Renaming Host..." 53 | 54 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Renaming Host..." 55 | 56 | if ($Automate){ 57 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Creating ScheduledTask for Initialize-MarvelDomain" 58 | $action = New-ScheduledTaskAction -Execute 'powershell' -Argument "Import-Module $ProjectFilePath\Marvel-Lab.psm1; Initialize-MarvelDomain -Automate -Password $Password 2>&1 | tee -filePath $ProjectFilePath\scheduledtasklog.txt" 59 | $trigger = New-ScheduledTaskTrigger -AtLogOn 60 | $principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest 61 | $ScheduledTask = Register-ScheduledTask -Action $action -Trigger $trigger -Principal $Principal -TaskName Initialize-MarvelDomain 62 | } 63 | 64 | $Rename = Rename-computer -ComputerName $env:COMPUTERNAME -NewName $DomainControllerName -Force -Restart 65 | } -------------------------------------------------------------------------------- /Earth-DC/Update-Domain.ps1: -------------------------------------------------------------------------------- 1 | function Update-Domain { 2 | 3 | <# 4 | .SYNOPSIS 5 | Updates domain controllers AD Groups, GPOs, and AD Users. 6 | 7 | .DESCRIPTION 8 | Update-Domain updates the domain controllers users, settings, and policies. 9 | 10 | .PARAMETER ProjectFilePath 11 | Path of the Marvel-Lab directory. 12 | 13 | .PARAMETER UserCSVFilePath 14 | Path of the Marvel-Lab directory. 15 | 16 | .PARAMETER WallpaperFilePath 17 | Path to the wallpaper you want to use. 18 | 19 | .PARAMETER GPOFilePath 20 | Path to the GPO files. 21 | 22 | .PARAMETER Automate 23 | Switch statement to remove previous scheduled tasks. 24 | 25 | .EXAMPLE 26 | Update-Domain 27 | 28 | .EXAMPLE 29 | Update-Workstation -Automate 30 | 31 | .EXAMPLE 32 | Update-Workstation $UserCSVFilePath C:\marvel_users.csv -Automate 33 | #> 34 | 35 | param( 36 | [string] 37 | $UserCSVFilePath = 'C:\Marvel-Lab\Earth-DC\Import-Marvel\marvel_users.csv', 38 | 39 | [string] 40 | $WallpaperFilePath = 'C:\Marvel-Lab\images\cap.jpg', 41 | 42 | [string] 43 | $ProjectFilePath = 'C:\Marvel-Lab', 44 | 45 | [string] 46 | $GPOFilePath = 'C:\Marvel-Lab\Earth-DC\GPOBackup', 47 | 48 | [switch] 49 | $Automate 50 | ) 51 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Beginning of Update-Domain" 52 | Import-Module ActiveDirectory 53 | $ADUsers = Import-CSV $UserCSVFilePath 54 | #Adding AD Group for Local Admins on Workstations 55 | New-ADGroup -Name "Local Admins" -SamAccountName LocalAdmins -GroupCategory Security -GroupScope Global -DisplayName "Local Admins" -Path "CN=Users,DC=marvel,DC=local" -Description "Members of this group are Local Administrators on Workstations" 56 | 57 | foreach ($User in $ADUsers) 58 | 59 | { 60 | $username = $User.username 61 | $password = $User.password 62 | $firstname = $User.firstname 63 | $lastname = $User.lastname 64 | $ou = $User.ou 65 | $province = $User.province 66 | $department = $User.department 67 | $password = $User.Password 68 | $identity = $User.identity 69 | 70 | if (Get-ADUser -F {SamAccountName -eq $Username }) 71 | { 72 | Write-Warning "$username already exists." 73 | } 74 | 75 | else 76 | { 77 | 78 | New-ADUser ` 79 | -SamAccountName $Username ` 80 | -UserPrincipalName "$username@marvel.local" ` 81 | -Name "$firstname $lastname" ` 82 | -GivenName $firstname ` 83 | -Surname $lastname ` 84 | -Enabled $True ` 85 | -DisplayName "$firstname $lastname" ` 86 | -Path $ou ` 87 | -state $province ` 88 | -Department $department ` 89 | -AccountPassword (convertto-securestring $password -AsPlainText -Force) -PasswordNeverExpires $True 90 | 91 | 92 | Add-ADGroupMember ` 93 | -Members $username ` 94 | -Identity $identity ` 95 | } 96 | 97 | Write-Output "$username has been to the domain and added to the $identity group" 98 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] $username has been to the domain and added to the $identity group" 99 | 100 | } 101 | #Setting SPNs for Domain 102 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Setting SPNs" 103 | setspn -a mjolnir/marvel.local marvel\thor 104 | setspn -a mr3000/marvel.local marvel\ironman 105 | 106 | New-ADOrganizationalUnit -Name "Workstations" -Path "DC=MARVEL,DC=LOCAL" 107 | 108 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Setting Wallpaper" 109 | New-Item HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\ -Name System 110 | Set-ItemProperty -path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name Wallpaper -value $WallpaperFilePath 111 | Set-ItemProperty -path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name WallpaperStyle -value "4" 112 | 113 | 114 | #Adding GPOs 115 | #Audit Logs 116 | $GPOName = 'Audit Logs' 117 | $OU = "ou=Workstations,dc=marvel,dc=local" 118 | $OU1 = "ou=Domain Controllers,dc=marvel,dc=local" 119 | Write-Host "Importing $GPOName..." 120 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Importing $GPOName..." 121 | Import-GPO -BackupGpoName $GPOName -Path $GPOFilePath\$GPOName -TargetName $GPOName -CreateIfNeeded 122 | $gpLinks = $null 123 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions 124 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU1 -Properties name,distinguishedName, gPLink, gPOptions 125 | $GPO = Get-GPO -Name $GPOName 126 | If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) 127 | { 128 | New-GPLink -Name $GPOName -Target $OU -Enforced yes 129 | New-GPLink -Name $GPOName -Target $OU1 -Enforced yes 130 | } 131 | else 132 | { 133 | Write-Host "GpLink $GPOName already linked on $OU. Moving On." 134 | Write-Host "GpLink $GPOName already linked on $OU1. Moving On." 135 | } 136 | 137 | #Disable Windows Firewall 138 | $GPOName = 'Disable Windows Firewall' 139 | $OU = "ou=Workstations,dc=marvel,dc=local" 140 | $OU1 = "ou=Domain Controllers,dc=marvel,dc=local" 141 | Write-Host "Importing $GPOName..." 142 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Importing $GPOName..." 143 | Import-GPO -BackupGpoName $GPOName -Path $GPOFilePath\$GPOName -TargetName $GPOName -CreateIfNeeded 144 | $gpLinks = $null 145 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions 146 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU1 -Properties name,distinguishedName, gPLink, gPOptions 147 | $GPO = Get-GPO -Name $GPOName 148 | If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) 149 | { 150 | New-GPLink -Name $GPOName -Target $OU -Enforced yes 151 | New-GPLink -Name $GPOName -Target $OU1 -Enforced yes 152 | } 153 | else 154 | { 155 | Write-Host "GpLink $GPOName already linked on $OU. Moving On." 156 | Write-Host "GpLink $GPOName already linked on $OU1. Moving On." 157 | } 158 | 159 | #Disable Windows Defender 160 | $GPOName = 'Disable Windows Defender' 161 | $OU = "ou=Workstations,dc=marvel,dc=local" 162 | $OU1 = "ou=Domain Controllers,dc=marvel,dc=local" 163 | Write-Host "Importing $GPOName..." 164 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Importing $GPOName..." 165 | Import-GPO -BackupGpoName $GPOName -Path $GPOFilePath\$GPOName -TargetName $GPOName -CreateIfNeeded 166 | $gpLinks = $null 167 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions 168 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU1 -Properties name,distinguishedName, gPLink, gPOptions 169 | $GPO = Get-GPO -Name $GPOName 170 | If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) 171 | { 172 | New-GPLink -Name $GPOName -Target $OU -Enforced yes 173 | New-GPLink -Name $GPOName -Target $OU1 -Enforced yes 174 | } 175 | else 176 | { 177 | Write-Host "GpLink $GPOName already linked on $OU. Moving On." 178 | Write-Host "GpLink $GPOName already linked on $OU1. Moving On." 179 | } 180 | 181 | #Disable Windows Automatic Updates 182 | $GPOName = 'Disable Windows Automatic Updates' 183 | $OU = "ou=Workstations,dc=marvel,dc=local" 184 | $OU1 = "ou=Domain Controllers,dc=marvel,dc=local" 185 | Write-Host "Importing $GPOName..." 186 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Importing $GPOName..." 187 | Import-GPO -BackupGpoName $GPOName -Path $GPOFilePath\$GPOName -TargetName $GPOName -CreateIfNeeded 188 | $gpLinks = $null 189 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions 190 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU1 -Properties name,distinguishedName, gPLink, gPOptions 191 | $GPO = Get-GPO -Name $GPOName 192 | If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) 193 | { 194 | New-GPLink -Name $GPOName -Target $OU -Enforced yes 195 | New-GPLink -Name $GPOName -Target $OU1 -Enforced yes 196 | } 197 | else 198 | { 199 | Write-Host "GpLink $GPOName already linked on $OU. Moving On." 200 | Write-Host "GpLink $GPOName already linked on $OU1. Moving On." 201 | } 202 | 203 | #Powershell Logging 204 | $GPOName = 'Powershell Logging' 205 | $OU = "ou=Workstations,dc=marvel,dc=local" 206 | $OU1 = "ou=Domain Controllers,dc=marvel,dc=local" 207 | Write-Host "Importing $GPOName..." 208 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Importing $GPOName..." 209 | Import-GPO -BackupGpoName $GPOName -Path $GPOFilePath\$GPOName -TargetName $GPOName -CreateIfNeeded 210 | $gpLinks = $null 211 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions 212 | $gPLinks = Get-ADOrganizationalUnit -Identity $OU1 -Properties name,distinguishedName, gPLink, gPOptions 213 | $GPO = Get-GPO -Name $GPOName 214 | If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) 215 | { 216 | New-GPLink -Name $GPOName -Target $OU -Enforced yes 217 | New-GPLink -Name $GPOName -Target $OU1 -Enforced yes 218 | } 219 | else 220 | { 221 | Write-Host "GpLink $GPOName already linked on $OU. Moving On." 222 | Write-Host "GpLink $GPOName already linked on $OU1. Moving On." 223 | } 224 | if($Automate){ 225 | Unregister-ScheduledTask -TaskName New-DCAutomatedTask -Confirm:$false 226 | Unregister-ScheduledTask -TaskName Update-Domain -Confirm:$false 227 | } 228 | 229 | } -------------------------------------------------------------------------------- /Logging/.env: -------------------------------------------------------------------------------- 1 | # These are the latest versions tested to work with Marvel Lab. Feel free to upgrade if you wish 2 | # This allows us to update the docker-compose files without breaking containers like splunk 3 | 4 | PORTAINER_VER=latest 5 | JUPYTER_VER=latest 6 | TRAEFIK_VER=v2.8.3 -------------------------------------------------------------------------------- /Logging/Config/Windows/inputs.conf: -------------------------------------------------------------------------------- 1 | [WinEventLog://Application] 2 | index = Windows 3 | sourcetype = Application 4 | disabled = 0 5 | start_from = oldest 6 | evt_resolve_ad_obj = 1 7 | checkpointInterval = 5 8 | 9 | [WinEventLog://Security] 10 | index = Windows 11 | sourcetype = Security 12 | blacklist1 = EventCode="4688" Message="New Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)" 13 | blacklist2 = EventCode="4689" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)" 14 | 15 | disabled = 0 16 | start_from = oldest 17 | evt_resolve_ad_obj = 1 18 | checkpointInterval = 5 19 | 20 | [WinEventLog://System] 21 | index = Windows 22 | sourcetype = System 23 | disabled = 0 24 | start_from = oldest 25 | evt_resolve_ad_obj = 1 26 | checkpointInterval = 5 27 | 28 | [WinEventLog://Setup] 29 | index = Windows 30 | sourcetype = Setup 31 | disabled = 0 32 | start_from = oldest 33 | evt_resolve_ad_obj = 1 34 | checkpointInterval = 5 35 | 36 | [WinEventLog://Microsoft-Windows-Sysmon/Operational] 37 | index = Windows 38 | sourcetype = Sysmon 39 | checkpointInterval = 5 40 | current_only = 0 41 | disabled = 0 42 | start_from = oldest 43 | 44 | [WinEventLog://Microsoft-Windows-PowerShell/Operational] 45 | checkpointInterval = 5 46 | current_only = 0 47 | disabled = 0 48 | index = Windows 49 | sourcetype = Powershell 50 | start_from = oldest 51 | -------------------------------------------------------------------------------- /Logging/Config/elasticstack/.env: -------------------------------------------------------------------------------- 1 | # Password for the 'elastic' user (at least 6 characters) 2 | ELASTIC_PASSWORD= 3 | 4 | # Password for the 'kibana_system' user (at least 6 characters) 5 | KIBANA_PASSWORD= 6 | 7 | # Version of Elastic products 8 | STACK_VERSION=8.3.3 9 | 10 | # Set the cluster name 11 | CLUSTER_NAME=Marvel-Lab 12 | 13 | # Set to 'basic' or 'trial' to automatically start the 30-day trial 14 | LICENSE=basic 15 | #LICENSE=trial 16 | 17 | # Port to expose Elasticsearch HTTP API to the host 18 | ES_PORT=9200 19 | #ES_PORT=127.0.0.1:9200 20 | 21 | # Port to expose Kibana to the host 22 | KIBANA_PORT=5601 23 | #KIBANA_PORT=80 24 | 25 | # Increase or decrease based on the available host memory (in bytes) 26 | MEM_LIMIT=1073741824 27 | 28 | # Project namespace (defaults to the current folder name if not set) 29 | #COMPOSE_PROJECT_NAME=myproject -------------------------------------------------------------------------------- /Logging/Config/elasticstack/elasticstack-compose.yml: -------------------------------------------------------------------------------- 1 | # Taken from: 2 | # https://elastic.co/guide/en/elasticsearch/reference/current/docker.html 3 | 4 | 5 | services: 6 | setup: 7 | image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} 8 | volumes: 9 | - ./certs:/usr/share/elasticsearch/config/certs 10 | user: "0" 11 | command: > 12 | bash -c ' 13 | if [ x${ELASTIC_PASSWORD} == x ]; then 14 | echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; 15 | exit 1; 16 | elif [ x${KIBANA_PASSWORD} == x ]; then 17 | echo "Set the KIBANA_PASSWORD environment variable in the .env file"; 18 | exit 1; 19 | fi; 20 | if [ ! -f config/certs/ca.zip ]; then 21 | echo "Creating CA"; 22 | bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; 23 | unzip config/certs/ca.zip -d config/certs; 24 | fi; 25 | if [ ! -f config/certs/certs.zip ]; then 26 | echo "Creating certs"; 27 | echo -ne \ 28 | "instances:\n"\ 29 | " - name: es01\n"\ 30 | " dns:\n"\ 31 | " - es01\n"\ 32 | " - localhost\n"\ 33 | " ip:\n"\ 34 | " - 127.0.0.1\n"\ 35 | > config/certs/instances.yml; 36 | bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; 37 | unzip config/certs/certs.zip -d config/certs; 38 | fi; 39 | echo "Setting file permissions" 40 | chown -R root:root config/certs; 41 | find . -type d -exec chmod 750 \{\} \;; 42 | find . -type f -exec chmod 640 \{\} \;; 43 | echo "Waiting for Elasticsearch availability"; 44 | until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done; 45 | echo "Setting kibana_system password"; 46 | until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; 47 | echo "All done!"; 48 | ' 49 | healthcheck: 50 | test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"] 51 | interval: 1s 52 | timeout: 5s 53 | retries: 120 54 | 55 | es01: 56 | depends_on: 57 | setup: 58 | condition: service_healthy 59 | image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} 60 | volumes: 61 | - ./certs:/usr/share/elasticsearch/config/certs 62 | - esdata01:/usr/share/elasticsearch/data 63 | ports: 64 | - ${ES_PORT}:9200 65 | environment: 66 | - node.name=es01 67 | - cluster.name=${CLUSTER_NAME} 68 | - cluster.initial_master_nodes=es01 69 | - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} 70 | - bootstrap.memory_lock=true 71 | - xpack.security.enabled=true 72 | - xpack.security.http.ssl.enabled=true 73 | - xpack.security.http.ssl.key=certs/es01/es01.key 74 | - xpack.security.http.ssl.certificate=certs/es01/es01.crt 75 | - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt 76 | - xpack.security.http.ssl.verification_mode=certificate 77 | - xpack.security.transport.ssl.enabled=true 78 | - xpack.security.transport.ssl.key=certs/es01/es01.key 79 | - xpack.security.transport.ssl.certificate=certs/es01/es01.crt 80 | - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt 81 | - xpack.security.transport.ssl.verification_mode=certificate 82 | - xpack.license.self_generated.type=${LICENSE} 83 | mem_limit: ${MEM_LIMIT} 84 | ulimits: 85 | memlock: 86 | soft: -1 87 | hard: -1 88 | healthcheck: 89 | test: 90 | [ 91 | "CMD-SHELL", 92 | "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", 93 | ] 94 | interval: 10s 95 | timeout: 10s 96 | retries: 120 97 | restart: always 98 | 99 | kibana: 100 | depends_on: 101 | es01: 102 | condition: service_healthy 103 | image: docker.elastic.co/kibana/kibana:${STACK_VERSION} 104 | volumes: 105 | - ./certs:/usr/share/kibana/config/certs 106 | - kibanadata:/usr/share/kibana/data 107 | ports: 108 | - ${KIBANA_PORT}:5601 109 | environment: 110 | - SERVERNAME=kibana 111 | - ELASTICSEARCH_HOSTS=https://es01:9200 112 | - ELASTICSEARCH_USERNAME=kibana_system 113 | - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} 114 | - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt 115 | mem_limit: ${MEM_LIMIT} 116 | healthcheck: 117 | test: 118 | [ 119 | "CMD-SHELL", 120 | "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", 121 | ] 122 | interval: 10s 123 | timeout: 10s 124 | retries: 120 125 | restart: always 126 | 127 | volumes: 128 | esdata01: 129 | driver: local 130 | kibanadata: 131 | driver: local -------------------------------------------------------------------------------- /Logging/Config/splunk/.env: -------------------------------------------------------------------------------- 1 | SPLUNK_PASSWORD= 2 | SPLUNK_VER=8.2.7 3 | JUPYTER_VER=2022-09-21 -------------------------------------------------------------------------------- /Logging/Config/splunk/indexes.conf: -------------------------------------------------------------------------------- 1 | [windows] 2 | homePath = $SPLUNK_DB/windows/db 3 | coldPath = $SPLUNK_DB/windows/colddb 4 | thawedPath = $SPLUNK_DB/windows/thaweddb 5 | 6 | [macos] 7 | homePath = $SPLUNK_DB/macos/db 8 | coldPath = $SPLUNK_DB/macos/colddb 9 | thawedPath = $SPLUNK_DB/macos/thaweddb 10 | 11 | [zeek] 12 | homePath = $SPLUNK_DB/zeek/db 13 | coldPath = $SPLUNK_DB/zeek/colddb 14 | thawedPath = $SPLUNK_DB/zeek/thaweddb 15 | -------------------------------------------------------------------------------- /Logging/Config/splunk/inputs.conf: -------------------------------------------------------------------------------- 1 | [monitor:///logs/zeek-logs] 2 | index=Zeek 3 | disabled = false 4 | host = splunk 5 | 6 | [monitor:///logs/osquery] 7 | index=Windows 8 | sourcetype=windows-osquery 9 | disabled = false 10 | host = splunk 11 | 12 | [splunktcp://9997] 13 | disabled = 0 14 | -------------------------------------------------------------------------------- /Logging/Config/splunk/splunk-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | splunk: 3 | container_name: splunk 4 | image: splunk/splunk:${SPLUNK_VER} 5 | ports: 6 | - 9997:9997 7 | - 8089:8089 8 | - 8000:8000 9 | environment: 10 | SPLUNK_PASSWORD: $SPLUNK_PASSWORD 11 | SPLUNK_START_ARGS: '--accept-license' 12 | #SPLUNK_UPGRADE: 'true' # Only use when upgrading splunk. Modify SPLUNK_VER in .env to the version you want 13 | volumes: 14 | - splunk_etc:/opt/splunk/etc 15 | - splunk_var:/opt/splunk/var 16 | - ./web.conf:/opt/splunk/etc/system/local/web.conf 17 | - ../zeek/zeek-logs/:/logs/zeek-logs/ 18 | labels: 19 | - "traefik.http.routers.splunk.rule=PathPrefix(`/splunk`)" 20 | - "traefik.http.routers.splunk.middlewares=https-redirect" 21 | - "traefik.http.routers.splunk-secure.tls=true" 22 | - "traefik.http.routers.splunk-secure.rule=PathPrefix(`/splunk`)" 23 | - "traefik.http.services.splunk.loadbalancer.server.port=8000" 24 | restart: unless-stopped 25 | 26 | jupyter-notebooks: 27 | container_name: jupyter-notebooks 28 | image: jupyter/all-spark-notebook:${JUPYTER_VER} 29 | ports: 30 | - "8888:8888" 31 | environment: 32 | - NB_UID=1001 33 | - NB_GID=1001 34 | - JUPYTER_ENABLE_LAB=yes 35 | - NB_USER=splunk 36 | - CHOWN_EXTRA=/home/splunk 37 | depends_on: 38 | - "splunk" 39 | volumes: 40 | - splunk_etc:/home/splunk/etc 41 | - splunk_var:/home/splunk/var 42 | - jupyter-notebooks:/home/jovyan 43 | labels: 44 | - "traefik.http.routers.jupyter.rule=PathPrefix(`/jupyter`)" 45 | - "traefik.http.routers.jupyter.middlewares=https-redirect" 46 | - "traefik.http.routers.jupyter-secure.tls=true" 47 | - "traefik.http.routers.jupyter-secure.rule=PathPrefix(`/jupyter`)" 48 | - "traefik.http.services.jupyter.loadbalancer.server.port=8888" 49 | restart: always 50 | 51 | volumes: 52 | jupyter-notebooks: 53 | splunk_etc: 54 | splunk_var: -------------------------------------------------------------------------------- /Logging/Config/splunk/web.conf: -------------------------------------------------------------------------------- 1 | [settings] 2 | enableSplunkWebSSL = 0 3 | root_endpoint=/splunk 4 | -------------------------------------------------------------------------------- /Logging/Config/zeek/.env: -------------------------------------------------------------------------------- 1 | INTERFACE= -------------------------------------------------------------------------------- /Logging/Config/zeek/__load__.zeek: -------------------------------------------------------------------------------- 1 | @load ./zeek.bif.zeek 2 | @load ./stats.bif.zeek 3 | @load ./event.bif.zeek 4 | @load ./const.bif.zeek 5 | @load ./types.bif.zeek 6 | @load ./strings.bif.zeek 7 | @load ./reporter.bif.zeek 8 | @load ./option.bif.zeek 9 | @load ./analyzer.bif.zeek 10 | @load ./comm.bif.zeek 11 | @load ./data.bif.zeek 12 | @load ./messaging.bif.zeek 13 | @load ./store.bif.zeek 14 | @load ./zeekygen.bif.zeek 15 | @load ./file_analysis.bif.zeek 16 | @load ./input.bif.zeek 17 | @load ./pcap.bif.zeek 18 | @load ./logging.bif.zeek 19 | @load ./bloom-filter.bif.zeek 20 | @load ./cardinality-counter.bif.zeek 21 | @load ./top-k.bif.zeek 22 | @load /usr/local/zeek/share/zeek/policy/tuning/json-logs.zeek 23 | -------------------------------------------------------------------------------- /Logging/Config/zeek/zeek-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | zeek: 3 | container_name: zeek 4 | image: blacktop/zeek:latest 5 | restart: always 6 | network_mode: host 7 | cap_add: 8 | - NET_RAW 9 | volumes: 10 | - ./zeek-logs/:/pcap:rw 11 | - ./__load__.zeek:/usr/local/zeek/share/zeek/base/bif/__load__.zeek 12 | command: 13 | - -i ${INTERFACE} -C -------------------------------------------------------------------------------- /Logging/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | portainer: 3 | container_name: portainer 4 | image: portainer/portainer-ce:${PORTAINER_VER} 5 | volumes: 6 | - /var/run/docker.sock:/var/run/docker.sock 7 | - portainer:/data 8 | labels: 9 | - "traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)" 10 | - "traefik.http.routers.portainer.middlewares=https-redirect" 11 | - "traefik.http.routers.portainer-secure.tls=true" 12 | - "traefik.http.routers.portainer-secure.rule=PathPrefix(`/portainer/`)" 13 | - "traefik.http.routers.portainer-secure.middlewares=portainer-stripprefix" 14 | - "traefik.http.middlewares.portainer-stripprefix.stripprefix.prefixes=/portainer/" 15 | - "traefik.http.services.portainer.loadbalancer.server.port=9000" 16 | restart: always 17 | 18 | traefik: 19 | container_name: traefik 20 | image: traefik:${TRAEFIK_VER} 21 | command: 22 | - --providers.docker=true 23 | - --serversTransport.insecureSkipVerify=true 24 | - --entrypoints.web.address=:80 25 | - --entrypoints.web-secure.address=:443 26 | ports: 27 | - "80:80" 28 | - "443:443" 29 | volumes: 30 | - /var/run/docker.sock:/var/run/docker.sock:ro 31 | labels: 32 | - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" 33 | - "traefik.http.routers.api.service=api@internal" 34 | - "traefik.http.routers.api.middlewares=https-redirect" 35 | - "traefik.http.routers.api-secure.tls=true" 36 | - "traefik.http.routers.api-secure.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" 37 | - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https" 38 | restart: always 39 | 40 | volumes: 41 | portainer: -------------------------------------------------------------------------------- /Logging/setup_logging.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Authors: Jonathan Johnson & Ben Shell 3 | #References: https://stackoverflow.com/ && https://github.com/target/huntlib.git 4 | 5 | SETUP_SPLUNK="False" 6 | SETUP_ELASTIC="True" 7 | SETUP_ZEEK="True" 8 | 9 | HOST_IP="" 10 | 11 | # Checking to see if script is running as root 12 | if [[ $EUID -ne 0 ]]; then 13 | echo -e "\x1B[01;31m[X] Script Must Be Run As ROOT\x1B[0m" 14 | exit 1 15 | fi 16 | 17 | echo -e "\x1B[01;34m[*] Setting timezone to UTC...\x1B[0m" 18 | timedatectl set-timezone UTC 19 | 20 | # Checking Docker 21 | echo -e "\x1B[01;34m[*] Checking to see if Docker is installed...\x1B[0m" 22 | 23 | if [[ $(which docker) && $(docker compose version) ]]; then 24 | echo -e "\x1B[01;32m[*] Docker Compose is installed\x1B[0m" 25 | else 26 | echo -e "\x1B[01;31m[*] Docker was not found. See the Read the Docs installation documentation (https://marvel-lab.readthedocs.io/en/latest/subpages/build_steps.html#logging) \x1B[0m" 27 | exit 0 28 | fi 29 | 30 | # Enabling docker service: 31 | echo -e "\x1B[01;34m[*] Checking for the Docker service...\x1B[0m" 32 | if [[ $(systemctl list-unit-files --state=enabled | grep docker.service) ]]; then 33 | echo -e "\x1B[01;32m[*] Docker service already enabled\x1B[0m" 34 | else 35 | systemctl enable docker.service 36 | fi 37 | 38 | # Starting containers 39 | echo -e "\x1B[01;34m[*] Starting containers\x1B[0m" 40 | docker compose up -d 41 | 42 | # Zeek 43 | if [ "$SETUP_ZEEK" = "True" ]; then 44 | export $(grep -v '^#' Config/zeek/.env | xargs) 45 | echo -e "Zeek needs a network interface to monitor. The currently configured interface is '${INTERFACE}'." 46 | read -r -p "Would you like to change the selected interface? You'll need to set the interface if this is the first time running this script. Otherwise you can set it in Config/zeek/.env [y/N] " response1 47 | 48 | if [[ "$response1" =~ ^([yY][eE][sS]|[yY])$ ]]; then 49 | 50 | read -r -p "Would you like to print out your interfaces to see which one to monitor? [y/N] " response2 51 | 52 | if [[ "$response2" =~ ^([yY][eE][sS]|[yY])$ ]]; then 53 | if hash ifconfig 2>/dev/null; then 54 | ifconfig 55 | else 56 | ip address 57 | fi 58 | else 59 | echo -e "\x1B[01;34m[*] Moving on...\x1B[0m" 60 | fi 61 | 62 | read -p 'Input the network interface you would like Zeek to monitor and press [ENTER]: ' INTERFACE 63 | 64 | echo -e "\x1B[01;34m[*] Writing desired interface to Config/zeek/.env\x1B[0m" 65 | echo "INTERFACE=${INTERFACE}" > ./Config/zeek/.env 66 | fi 67 | 68 | echo -e "\x1B[01;34m[*] Creating Zeek:\x1B[0m" 69 | docker compose -f ./Config/zeek/zeek-compose.yml up -d 70 | fi 71 | 72 | # Elastic 73 | if [ "$SETUP_ELASTIC" = "True" ]; then 74 | export $(grep -v '^#' Config/elasticstack/.env | xargs) 75 | 76 | if [ "$ELASTIC_PASSWORD" = '' ]; then 77 | echo -e "\x1B[01;34m[*] Elastic and Kibana need a password. You can enter it here, or close this script and configure in Config/elasticstack/.env\x1B[0m" 78 | read -p 'Enter your desired password: ' NEW_ELASTIC_PASSWORD 79 | sed -i "s/ELASTIC_PASSWORD=/ELASTIC_PASSWORD=$NEW_ELASTIC_PASSWORD/" Config/elasticstack/.env 80 | sed -i "s/KIBANA_PASSWORD=/KIBANA_PASSWORD=$NEW_ELASTIC_PASSWORD/" Config/elasticstack/.env 81 | fi 82 | 83 | echo -e "\x1B[01;34m[*] Checking vm.max_map_count\x1B[0m" 84 | if [[ "$(sysctl vm.max_map_count)" != "vm.max_map_count = 262144" ]]; then 85 | echo -e "\x1B[01;34m[*] Updating vm.max_map_count in /etc/sysctl.conf\x1B[0m" 86 | echo "vm.max_map_count=262144" >> /etc/sysctl.conf 87 | sysctl -p 88 | fi 89 | 90 | echo -e "\x1B[01;34m[*] Creating Elastic Stack:\x1B[0m" 91 | docker compose -f ./Config/elasticstack/elasticstack-compose.yml up -d 92 | fi 93 | 94 | # Splunk 95 | if [ "$SETUP_SPLUNK" = "True" ]; then 96 | # Define healthcheck function for splunk 97 | splunk_healthcheck(){ 98 | echo -e "\x1B[01;32m[*] Waiting for splunk...\x1B[0m" 99 | SPLUNK_STATUS="" 100 | while [[ "$SPLUNK_STATUS" != "\"healthy"\" ]] 101 | do 102 | sleep 3 103 | SPLUNK_STATUS=$(docker inspect --format='{{json .State.Health.Status}}' splunk) 104 | done 105 | } 106 | 107 | export $(grep -v '^#' Config/splunk/.env | xargs) 108 | 109 | if [ "$SPLUNK_PASSWORD" = '' ]; then 110 | echo -e "\x1B[01;34m[*] Splunk needs a password. You can enter it here, or close this script and configure in Config/splunk/.env\x1B[0m" 111 | read -p 'Enter your desired password: ' NEW_SPLUNK_PASSWORD 112 | sed -i "s/SPLUNK_PASSWORD=/SPLUNK_PASSWORD=$NEW_SPLUNK_PASSWORD/" Config/splunk/.env 113 | fi 114 | 115 | 116 | # Start Splunk 117 | docker compose -f ./Config/splunk/splunk-compose.yml up -d 118 | 119 | # Wait for splunk to finish installing 120 | splunk_healthcheck 121 | 122 | # The 'docker cp' commands are needed after Splunk install, otherwise our custom config would be overwritten 123 | docker cp Config/splunk/inputs.conf splunk:/opt/splunk/etc/system/local/inputs.conf 124 | docker cp Config/splunk/indexes.conf splunk:/opt/splunk/etc/system/local/indexes.conf 125 | echo -e "\x1B[01;32m[*] Restarting splunk to apply inputs.conf and indexes.conf\x1B[0m" 126 | docker restart splunk 127 | splunk_healthcheck 128 | 129 | # Checking Jupyter Notebooks 130 | echo -e "\x1B[01;34m[*] Checking Jupyter Notebooks...\x1B[0m" 131 | sleep 10 132 | token="$(docker logs jupyter-notebooks 2>&1 | grep "ServerApp] or http" | cut -d "?" -f 2)" 133 | 134 | echo -e "\x1B[01;32m[*] Access Splunk at http://$HOST_IP:8000 with the username 'admin'\x1B[0m" 135 | echo -e "\x1B[01;32m[*] Access Jupyter Notebook at: http://$HOST_IP:8888/lab?$token \x1B[0m" 136 | fi 137 | 138 | # Print out info 139 | echo -e "\x1B[01;32m[*] Access Portainer at https://$HOST_IP/portainer/ \x1B[0m" -------------------------------------------------------------------------------- /Marvel-Lab.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | 3 | # Script module or binary module file associated with this manifest. 4 | RootModule = 'Marvel-Lab.psm1' 5 | 6 | # Version number of this module. 7 | ModuleVersion = '1.0.0.0' 8 | 9 | # ID used to uniquely identify this module 10 | GUID = 'e64fed17-ab66-4c15-bcd4-c8bae84298eb' 11 | 12 | # Author of this module 13 | Author = 'Jonathan Johnson, Ben Shell' 14 | 15 | # Company or vendor of this module 16 | CompanyName = '' 17 | 18 | # Copyright statement for this module 19 | Copyright = 'BSD 3-Clause unless explicitly noted otherwise' 20 | 21 | # Description of the functionality provided by this module 22 | Description = 'A module to facilitate the automation of a defensive testing lab based off of Marvel characters' 23 | 24 | # Minimum version of the Windows PowerShell engine required by this module 25 | PowerShellVersion = '5.0' 26 | 27 | # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. 28 | FunctionsToExport = 'Rename-DC', 29 | 'Initialize-MarvelDomain', 30 | 'New-DCAutomatedTask', 31 | 'Update-Domain', 32 | 'Rename-Workstation', 33 | 'Join-Domain', 34 | 'Update-Workstation', 35 | 'New-WorkstationAutomatedTask', 36 | 'Get-Tools', 37 | 'Install-Logging', 38 | 'Uninstall-Logging' 39 | 40 | 41 | 42 | # Cmdlets to export from this module 43 | CmdletsToExport = '' 44 | 45 | # Variables to export from this module 46 | VariablesToExport = '' 47 | 48 | # Aliases to export from this module 49 | AliasesToExport = '' 50 | } -------------------------------------------------------------------------------- /Marvel-Lab.psm1: -------------------------------------------------------------------------------- 1 | # Read in all ps1 files expect those in the Lib folder 2 | Get-ChildItem $PSScriptRoot | 3 | ? {$_.PSIsContainer -and ($_.Name -ne 'Lib')} | 4 | % {Get-ChildItem "$($_.FullName)\*" -Include '*.ps1'} | 5 | % {. $_.FullName} -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Marvel-Lab 2.0 2 | A collection of scripts that will help automate the build process for a Marvel domain. 3 | 4 | 5 | 6 | **These scripts assume the path to the folder is C:\Marvel-Lab. If this isn't the path of the repo, the scripts will error out.** 7 | 8 | ## Documentation: 9 | Documentation on the project can be found project's [ReadTheDocs](https://marvel-lab.readthedocs.io/en/latest/) 10 | 11 | ## Support: 12 | 13 | * Windows 10+ 14 | * Windows Server 2016 + 15 | * Ubuntu 22.04+ 16 | 17 | # Authors: 18 | * [Jonathan Johnson](https://twitter.com/jsecurity101) 19 | * [Ben Shell](https://twitter.com/UsernameIsBen) 20 | 21 | 22 | # To Do List: 23 | 24 | * Add box resource suggestions 25 | -------------------------------------------------------------------------------- /Workstations/Join-Domain.ps1: -------------------------------------------------------------------------------- 1 | function Join-Domain { 2 | 3 | <# 4 | .SYNOPSIS 5 | Joins workstation to marvel domain. 6 | 7 | .DESCRIPTION 8 | Join-Domain was designed to add the current workstation to the marvel domain. 9 | 10 | .PARAMETER ProjectFilePath 11 | Path of the Marvel-Lab directory. 12 | 13 | .PARAMETER Automate 14 | Switch statement to create a scheduled task to run New-WorkstationAutomatedTask 15 | 16 | .EXAMPLE 17 | Join-Domain 18 | 19 | .EXAMPLE 20 | Join-Domain -ProjectFilePath C:\Marvel-Lab -Automate 21 | #> 22 | 23 | param( 24 | [string] 25 | $ProjectFilePath = 'C:\Marvel-Lab', 26 | 27 | [switch] 28 | $Automate 29 | ) 30 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Beginning of Join-Domain" 31 | $DomainUser = "marvel.local\loki" 32 | $DomainPassword = ConvertTo-SecureString -String "Mischief$" -AsPlainText -Force 33 | $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $DomainUser, $DomainPassword 34 | Write-Host "Joining Domain..." -ForegroundColor Green 35 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Joining Domain..." 36 | Add-Computer -DomainName "marvel.local" -OUPath "OU=Workstations,DC=marvel,DC=local" -Credential $Credential -Force 37 | if ($Automate){ 38 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Creating Scheduled Task for New-WorkstationAutomatedTask" 39 | $action = New-ScheduledTaskAction -Execute 'powershell' -Argument "Import-Module $ProjectFilePath\Marvel-Lab.psm1; New-WorkstationAutomatedTask -ProjectFilePath $ProjectFilePath" 40 | $trigger = New-ScheduledTaskTrigger -AtLogOn 41 | $principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest 42 | $ScheduledTask = Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName New-WorkstationAutomatedTask 43 | Unregister-ScheduledTask -TaskName Join-Domain -Confirm:$false 44 | } 45 | Restart-Computer -Force 46 | } -------------------------------------------------------------------------------- /Workstations/New-WorkstationAutomatedTask.ps1: -------------------------------------------------------------------------------- 1 | function New-WorkstationAutomatedTask { 2 | 3 | <# 4 | .SYNOPSIS 5 | Creates Update-Workstation scheduled task. 6 | 7 | .DESCRIPTION 8 | New-WorkstationAutomatedTask was designed to create a scheduled task for Update-Workstation with the user marvel\thor. 9 | 10 | .PARAMETER ProjectFilePath 11 | Path of the Marvel-Lab directory. 12 | 13 | .EXAMPLE 14 | New-WorkstationAutomatedTask 15 | 16 | .EXAMPLE 17 | New-WorkstationAutomatedTask -ProjectFilePath C:\Marvel-Lab 18 | #> 19 | 20 | param( 21 | [string] 22 | $ProjectFilePath = 'C:\Marvel-Lab' 23 | ) 24 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Beginning of New-WorkstationAutomatedTask" 25 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Creating Scheduled Task for Update-Workstation" 26 | $action = New-ScheduledTaskAction -Execute 'powershell' -Argument "Import-Module $ProjectFilePath\Marvel-Lab.psm1; Update-Workstation -ProjectFilePath $ProjectFilePath -Automate" 27 | $ScheduledTask = Register-ScheduledTask -Action $action -User 'marvel\thor' -Password 'GodofLightning1!' -TaskName Update-Workstation 28 | Start-ScheduledTask -TaskName Update-Workstation 29 | } -------------------------------------------------------------------------------- /Workstations/Rename-Workstation.ps1: -------------------------------------------------------------------------------- 1 | function Rename-Workstation { 2 | 3 | <# 4 | .SYNOPSIS 5 | Rename's the workstation. 6 | 7 | .DESCRIPTION 8 | Rename-Workstation was designed to update the workstations name to Asgard-Wrkstn or Wakanda-Wrkstn. 9 | 10 | .PARAMETER WorkstationName 11 | The new name of the workstation (Asgard-Wrkstn/Wakanda-Wrkstn) 12 | 13 | .PARAMETER ProjectFilePath 14 | Path of the Marvel-Lab directory. 15 | 16 | .PARAMETER Automate 17 | Switch statement to create a scheduled task to run Join-Domain 18 | 19 | .EXAMPLE 20 | Rename-Workstation 21 | 22 | .EXAMPLE 23 | Rename-Workstation -WorkstationName 'Wakanda-Wrkstn' -Automate 24 | 25 | .EXAMPLE 26 | Rename-Workstation -ProjectFilePath C:\Marvel-Lab -Automate 27 | #> 28 | 29 | param( 30 | [string] 31 | [ValidateSet('Asgard-Wrkstn', 'Wakanda-Wrkstn')] 32 | $WorkstationName = 'Asgard-Wrkstn', 33 | 34 | [string] 35 | $ProjectFilePath = 'C:\Marvel-Lab', 36 | 37 | [switch] 38 | $Automate 39 | ) 40 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Beginning of Rename-Workstation" 41 | Write-Output "Setting timezone to UTC...." 42 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Setting timezone to UTC...." 43 | c:\windows\system32\tzutil.exe /s "UTC" 44 | 45 | Write-Output "Renaming Host..." 46 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Renaming Host...." 47 | if ($Automate){ 48 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Creating Scheduled Task for Join-Domain" 49 | $action = New-ScheduledTaskAction -Execute 'powershell' -Argument "Import-Module $ProjectFilePath\Marvel-Lab.psm1; Join-Domain -ProjectFilePath $ProjectFilePath -Automate" 50 | $trigger = New-ScheduledTaskTrigger -AtStartup 51 | $principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest 52 | $ScheduledTask = Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName Join-Domain 53 | } 54 | 55 | $Rename = Rename-computer -ComputerName $env:COMPUTERNAME -NewName $WorkstationName -Force -Restart 56 | } -------------------------------------------------------------------------------- /Workstations/Update-Workstation.ps1: -------------------------------------------------------------------------------- 1 | function Update-Workstation { 2 | 3 | <# 4 | .SYNOPSIS 5 | Updates workstation's administators/RDP group. 6 | 7 | .DESCRIPTION 8 | Update-Workstation was designed to update various workstation settings/policies. 9 | 10 | .PARAMETER ProjectFilePath 11 | Path of the Marvel-Lab directory. 12 | 13 | .PARAMETER Automate 14 | Switch statement to create a scheduled task to run Get-Tools 15 | 16 | .EXAMPLE 17 | Update-Workstation 18 | 19 | .EXAMPLE 20 | Update-Workstation -Automate 21 | 22 | .EXAMPLE 23 | Update-Workstation -ProjectFilePath C:\Marvel-Lab -Automate 24 | #> 25 | 26 | 27 | param( 28 | [string] 29 | $ProjectFilePath = 'C:\Marvel-Lab', 30 | 31 | [switch] 32 | $Automate 33 | ) 34 | 35 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Beginning of Update-Workstation" 36 | 37 | Write-Output "[*] Adding users to Local Administrators Group" 38 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Adding users to Local Administrators Group" 39 | Add-LocalGroupMember -Group "Administrators" -Member "marvel.local\loki" 40 | Add-LocalGroupMember -Group "Administrators" -Member "marvel.local\panther" 41 | Add-LocalGroupMember -Group "Administrators" -Member "marvel.local\spidy" 42 | Add-LocalGroupMember -Group "Administrators" -Member "marvel.local\ironman" 43 | 44 | Write-Host "[*] Allowing RDP" 45 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Allowing RDP" 46 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 47 | 48 | Write-Host "[*] Adding users to Remote Desktop Users Group" 49 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Adding users to Remote Desktop Users Group" 50 | Add-LocalGroupMember -Group "Remote Desktop Users" -Member "marvel.local\loki" 51 | Add-LocalGroupMember -Group "Remote Desktop Users" -Member "marvel.local\panther" 52 | Add-LocalGroupMember -Group "Remote Desktop Users" -Member "marvel.local\spidy" 53 | Add-LocalGroupMember -Group "Remote Desktop Users" -Member "marvel.local\ironman" 54 | 55 | Write-Host "[*] Setting Wallpaper" 56 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Setting Wallpaper" 57 | New-Item HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\ -Name System 58 | Set-ItemProperty -path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\\System' -name Wallpaper -value "C:\Marvel-Lab\images\thor.jpg" 59 | Set-ItemProperty -path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\\System' -name WallpaperStyle -value "4" 60 | 61 | if ($Automate){ 62 | Add-Content $ProjectFilePath\Deploymentlog.txt "[*] Adding ScheduledTask for Get-Tools" 63 | $action = New-ScheduledTaskAction -Execute 'powershell' -Argument "Import-Module $ProjectFilePath\Marvel-Lab.psm1; Get-Tools -ProjectFilePath $ProjectFilePath -Automate" 64 | $ScheduledTask = Register-ScheduledTask -Action $action -User 'marvel\thor' -Password 'GodofLightning1!' -TaskName Get-Tools 65 | $RunTask = Start-ScheduledTask -TaskName Get-Tools 66 | $Unregister = Unregister-ScheduledTask -TaskName New-WorkstationAutomatedTask -Confirm:$false 67 | } 68 | 69 | } 70 | -------------------------------------------------------------------------------- /docs/.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "esbonio.sphinx.confDir": "" 3 | } -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # Minimal makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line, and also 5 | # from the environment for the first two. 6 | SPHINXOPTS ?= 7 | SPHINXBUILD ?= sphinx-build 8 | SOURCEDIR = . 9 | BUILDDIR = build 10 | 11 | # Put it first so that "make" without argument is like "make help". 12 | help: 13 | @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) 14 | 15 | .PHONY: help Makefile 16 | 17 | # Catch-all target: route all unknown targets to Sphinx using the new 18 | # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). 19 | %: Makefile 20 | @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) -------------------------------------------------------------------------------- /docs/build/doctrees/environment.pickle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/doctrees/environment.pickle -------------------------------------------------------------------------------- /docs/build/doctrees/index.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/doctrees/index.doctree -------------------------------------------------------------------------------- /docs/build/doctrees/subpages/build_steps.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/doctrees/subpages/build_steps.doctree -------------------------------------------------------------------------------- /docs/build/html/.buildinfo: -------------------------------------------------------------------------------- 1 | # Sphinx build info version 1 2 | # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. 3 | config: c02b9f5bca93ab7c84a9c70e6ff7403e 4 | tags: 645f666f9bcd5a90fca523b33c5a78b7 5 | -------------------------------------------------------------------------------- /docs/build/html/.nojekyll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/.nojekyll -------------------------------------------------------------------------------- /docs/build/html/_images/thor-rocket.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_images/thor-rocket.gif -------------------------------------------------------------------------------- /docs/build/html/_sources/index.rst.txt: -------------------------------------------------------------------------------- 1 | Marvel Lab 2 | ======================================= 3 | 4 | .. meta:: 5 | description lang=en: A collection of scripts that will help automate the build process for a Marvel domain. 6 | 7 | .. image:: /images/thor-rocket.gif 8 | :align: center 9 | :width: 300px 10 | :alt: Mjölnir 11 | 12 | :doc:`Build Steps ` 13 | ------------------------------ 14 | 15 | 16 | References 17 | ------------------------------ 18 | 19 | 20 | .. toctree:: 21 | :maxdepth: 2 22 | :hidden: 23 | :caption: Build Steps 24 | 25 | subpages/build_steps 26 | 27 | -------------------------------------------------------------------------------- /docs/build/html/_sources/subpages/build_steps.rst.txt: -------------------------------------------------------------------------------- 1 | Build Steps 2 | ======================================= -------------------------------------------------------------------------------- /docs/build/html/_static/css/badge_only.css: -------------------------------------------------------------------------------- 1 | .fa:before{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}} -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/Roboto-Slab-Bold.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/Roboto-Slab-Bold.woff -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/Roboto-Slab-Bold.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/Roboto-Slab-Bold.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/Roboto-Slab-Regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/Roboto-Slab-Regular.woff -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/Roboto-Slab-Regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/Roboto-Slab-Regular.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/fontawesome-webfont.eot -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/fontawesome-webfont.woff -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/fontawesome-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/fontawesome-webfont.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/lato-bold-italic.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/lato-bold-italic.woff -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/lato-bold-italic.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/lato-bold-italic.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/lato-bold.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/lato-bold.woff -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/lato-bold.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/lato-bold.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/lato-normal-italic.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/lato-normal-italic.woff -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/lato-normal-italic.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/lato-normal-italic.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/lato-normal.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/lato-normal.woff -------------------------------------------------------------------------------- /docs/build/html/_static/css/fonts/lato-normal.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/css/fonts/lato-normal.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/doctools.js: -------------------------------------------------------------------------------- 1 | /* 2 | * doctools.js 3 | * ~~~~~~~~~~~ 4 | * 5 | * Sphinx JavaScript utilities for all documentation. 6 | * 7 | * :copyright: Copyright 2007-2020 by the Sphinx team, see AUTHORS. 8 | * :license: BSD, see LICENSE for details. 9 | * 10 | */ 11 | 12 | /** 13 | * select a different prefix for underscore 14 | */ 15 | $u = _.noConflict(); 16 | 17 | /** 18 | * make the code below compatible with browsers without 19 | * an installed firebug like debugger 20 | if (!window.console || !console.firebug) { 21 | var names = ["log", "debug", "info", "warn", "error", "assert", "dir", 22 | "dirxml", "group", "groupEnd", "time", "timeEnd", "count", "trace", 23 | "profile", "profileEnd"]; 24 | window.console = {}; 25 | for (var i = 0; i < names.length; ++i) 26 | window.console[names[i]] = function() {}; 27 | } 28 | */ 29 | 30 | /** 31 | * small helper function to urldecode strings 32 | */ 33 | jQuery.urldecode = function(x) { 34 | return decodeURIComponent(x).replace(/\+/g, ' '); 35 | }; 36 | 37 | /** 38 | * small helper function to urlencode strings 39 | */ 40 | jQuery.urlencode = encodeURIComponent; 41 | 42 | /** 43 | * This function returns the parsed url parameters of the 44 | * current request. Multiple values per key are supported, 45 | * it will always return arrays of strings for the value parts. 46 | */ 47 | jQuery.getQueryParameters = function(s) { 48 | if (typeof s === 'undefined') 49 | s = document.location.search; 50 | var parts = s.substr(s.indexOf('?') + 1).split('&'); 51 | var result = {}; 52 | for (var i = 0; i < parts.length; i++) { 53 | var tmp = parts[i].split('=', 2); 54 | var key = jQuery.urldecode(tmp[0]); 55 | var value = jQuery.urldecode(tmp[1]); 56 | if (key in result) 57 | result[key].push(value); 58 | else 59 | result[key] = [value]; 60 | } 61 | return result; 62 | }; 63 | 64 | /** 65 | * highlight a given string on a jquery object by wrapping it in 66 | * span elements with the given class name. 67 | */ 68 | jQuery.fn.highlightText = function(text, className) { 69 | function highlight(node, addItems) { 70 | if (node.nodeType === 3) { 71 | var val = node.nodeValue; 72 | var pos = val.toLowerCase().indexOf(text); 73 | if (pos >= 0 && 74 | !jQuery(node.parentNode).hasClass(className) && 75 | !jQuery(node.parentNode).hasClass("nohighlight")) { 76 | var span; 77 | var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg"); 78 | if (isInSVG) { 79 | span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); 80 | } else { 81 | span = document.createElement("span"); 82 | span.className = className; 83 | } 84 | span.appendChild(document.createTextNode(val.substr(pos, text.length))); 85 | node.parentNode.insertBefore(span, node.parentNode.insertBefore( 86 | document.createTextNode(val.substr(pos + text.length)), 87 | node.nextSibling)); 88 | node.nodeValue = val.substr(0, pos); 89 | if (isInSVG) { 90 | var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect"); 91 | var bbox = node.parentElement.getBBox(); 92 | rect.x.baseVal.value = bbox.x; 93 | rect.y.baseVal.value = bbox.y; 94 | rect.width.baseVal.value = bbox.width; 95 | rect.height.baseVal.value = bbox.height; 96 | rect.setAttribute('class', className); 97 | addItems.push({ 98 | "parent": node.parentNode, 99 | "target": rect}); 100 | } 101 | } 102 | } 103 | else if (!jQuery(node).is("button, select, textarea")) { 104 | jQuery.each(node.childNodes, function() { 105 | highlight(this, addItems); 106 | }); 107 | } 108 | } 109 | var addItems = []; 110 | var result = this.each(function() { 111 | highlight(this, addItems); 112 | }); 113 | for (var i = 0; i < addItems.length; ++i) { 114 | jQuery(addItems[i].parent).before(addItems[i].target); 115 | } 116 | return result; 117 | }; 118 | 119 | /* 120 | * backward compatibility for jQuery.browser 121 | * This will be supported until firefox bug is fixed. 122 | */ 123 | if (!jQuery.browser) { 124 | jQuery.uaMatch = function(ua) { 125 | ua = ua.toLowerCase(); 126 | 127 | var match = /(chrome)[ \/]([\w.]+)/.exec(ua) || 128 | /(webkit)[ \/]([\w.]+)/.exec(ua) || 129 | /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) || 130 | /(msie) ([\w.]+)/.exec(ua) || 131 | ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) || 132 | []; 133 | 134 | return { 135 | browser: match[ 1 ] || "", 136 | version: match[ 2 ] || "0" 137 | }; 138 | }; 139 | jQuery.browser = {}; 140 | jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true; 141 | } 142 | 143 | /** 144 | * Small JavaScript module for the documentation. 145 | */ 146 | var Documentation = { 147 | 148 | init : function() { 149 | this.fixFirefoxAnchorBug(); 150 | this.highlightSearchWords(); 151 | this.initIndexTable(); 152 | if (DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) { 153 | this.initOnKeyListeners(); 154 | } 155 | }, 156 | 157 | /** 158 | * i18n support 159 | */ 160 | TRANSLATIONS : {}, 161 | PLURAL_EXPR : function(n) { return n === 1 ? 0 : 1; }, 162 | LOCALE : 'unknown', 163 | 164 | // gettext and ngettext don't access this so that the functions 165 | // can safely bound to a different name (_ = Documentation.gettext) 166 | gettext : function(string) { 167 | var translated = Documentation.TRANSLATIONS[string]; 168 | if (typeof translated === 'undefined') 169 | return string; 170 | return (typeof translated === 'string') ? translated : translated[0]; 171 | }, 172 | 173 | ngettext : function(singular, plural, n) { 174 | var translated = Documentation.TRANSLATIONS[singular]; 175 | if (typeof translated === 'undefined') 176 | return (n == 1) ? singular : plural; 177 | return translated[Documentation.PLURALEXPR(n)]; 178 | }, 179 | 180 | addTranslations : function(catalog) { 181 | for (var key in catalog.messages) 182 | this.TRANSLATIONS[key] = catalog.messages[key]; 183 | this.PLURAL_EXPR = new Function('n', 'return +(' + catalog.plural_expr + ')'); 184 | this.LOCALE = catalog.locale; 185 | }, 186 | 187 | /** 188 | * add context elements like header anchor links 189 | */ 190 | addContextElements : function() { 191 | $('div[id] > :header:first').each(function() { 192 | $('\u00B6'). 193 | attr('href', '#' + this.id). 194 | attr('title', _('Permalink to this headline')). 195 | appendTo(this); 196 | }); 197 | $('dt[id]').each(function() { 198 | $('\u00B6'). 199 | attr('href', '#' + this.id). 200 | attr('title', _('Permalink to this definition')). 201 | appendTo(this); 202 | }); 203 | }, 204 | 205 | /** 206 | * workaround a firefox stupidity 207 | * see: https://bugzilla.mozilla.org/show_bug.cgi?id=645075 208 | */ 209 | fixFirefoxAnchorBug : function() { 210 | if (document.location.hash && $.browser.mozilla) 211 | window.setTimeout(function() { 212 | document.location.href += ''; 213 | }, 10); 214 | }, 215 | 216 | /** 217 | * highlight the search words provided in the url in the text 218 | */ 219 | highlightSearchWords : function() { 220 | var params = $.getQueryParameters(); 221 | var terms = (params.highlight) ? params.highlight[0].split(/\s+/) : []; 222 | if (terms.length) { 223 | var body = $('div.body'); 224 | if (!body.length) { 225 | body = $('body'); 226 | } 227 | window.setTimeout(function() { 228 | $.each(terms, function() { 229 | body.highlightText(this.toLowerCase(), 'highlighted'); 230 | }); 231 | }, 10); 232 | $('

' + _('Hide Search Matches') + '

') 234 | .appendTo($('#searchbox')); 235 | } 236 | }, 237 | 238 | /** 239 | * init the domain index toggle buttons 240 | */ 241 | initIndexTable : function() { 242 | var togglers = $('img.toggler').click(function() { 243 | var src = $(this).attr('src'); 244 | var idnum = $(this).attr('id').substr(7); 245 | $('tr.cg-' + idnum).toggle(); 246 | if (src.substr(-9) === 'minus.png') 247 | $(this).attr('src', src.substr(0, src.length-9) + 'plus.png'); 248 | else 249 | $(this).attr('src', src.substr(0, src.length-8) + 'minus.png'); 250 | }).css('display', ''); 251 | if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) { 252 | togglers.click(); 253 | } 254 | }, 255 | 256 | /** 257 | * helper function to hide the search marks again 258 | */ 259 | hideSearchWords : function() { 260 | $('#searchbox .highlight-link').fadeOut(300); 261 | $('span.highlighted').removeClass('highlighted'); 262 | }, 263 | 264 | /** 265 | * make the url absolute 266 | */ 267 | makeURL : function(relativeURL) { 268 | return DOCUMENTATION_OPTIONS.URL_ROOT + '/' + relativeURL; 269 | }, 270 | 271 | /** 272 | * get the current relative url 273 | */ 274 | getCurrentURL : function() { 275 | var path = document.location.pathname; 276 | var parts = path.split(/\//); 277 | $.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//), function() { 278 | if (this === '..') 279 | parts.pop(); 280 | }); 281 | var url = parts.join('/'); 282 | return path.substring(url.lastIndexOf('/') + 1, path.length - 1); 283 | }, 284 | 285 | initOnKeyListeners: function() { 286 | $(document).keydown(function(event) { 287 | var activeElementType = document.activeElement.tagName; 288 | // don't navigate when in search box or textarea 289 | if (activeElementType !== 'TEXTAREA' && activeElementType !== 'INPUT' && activeElementType !== 'SELECT' 290 | && !event.altKey && !event.ctrlKey && !event.metaKey && !event.shiftKey) { 291 | switch (event.keyCode) { 292 | case 37: // left 293 | var prevHref = $('link[rel="prev"]').prop('href'); 294 | if (prevHref) { 295 | window.location.href = prevHref; 296 | return false; 297 | } 298 | case 39: // right 299 | var nextHref = $('link[rel="next"]').prop('href'); 300 | if (nextHref) { 301 | window.location.href = nextHref; 302 | return false; 303 | } 304 | } 305 | } 306 | }); 307 | } 308 | }; 309 | 310 | // quick alias for translations 311 | _ = Documentation.gettext; 312 | 313 | $(document).ready(function() { 314 | Documentation.init(); 315 | }); 316 | -------------------------------------------------------------------------------- /docs/build/html/_static/documentation_options.js: -------------------------------------------------------------------------------- 1 | var DOCUMENTATION_OPTIONS = { 2 | URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), 3 | VERSION: '0.0.1', 4 | LANGUAGE: 'None', 5 | COLLAPSE_INDEX: false, 6 | BUILDER: 'html', 7 | FILE_SUFFIX: '.html', 8 | LINK_SUFFIX: '.html', 9 | HAS_SOURCE: true, 10 | SOURCELINK_SUFFIX: '.txt', 11 | NAVIGATION_WITH_KEYS: false 12 | }; -------------------------------------------------------------------------------- /docs/build/html/_static/file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/file.png -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/FontAwesome.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/FontAwesome.otf -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-bold.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-bold.eot -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-bold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-bold.ttf -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-bold.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-bold.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-bold.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-bold.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-bolditalic.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-bolditalic.eot -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-bolditalic.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-bolditalic.ttf -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-bolditalic.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-bolditalic.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-bolditalic.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-bolditalic.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-italic.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-italic.eot -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-italic.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-italic.ttf -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-italic.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-italic.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-italic.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-italic.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-regular.eot -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-regular.ttf -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-regular.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Lato/lato-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Lato/lato-regular.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Roboto-Slab-Bold.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Roboto-Slab-Bold.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Roboto-Slab-Bold.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Roboto-Slab-Bold.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Roboto-Slab-Light.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Roboto-Slab-Light.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Roboto-Slab-Light.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Roboto-Slab-Light.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Roboto-Slab-Regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Roboto-Slab-Regular.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Roboto-Slab-Regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Roboto-Slab-Regular.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Roboto-Slab-Thin.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Roboto-Slab-Thin.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/Roboto-Slab-Thin.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/Roboto-Slab-Thin.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/fontawesome-webfont.eot -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/fontawesome-webfont.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/fontawesome-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/fontawesome-webfont.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/lato-bold-italic.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/lato-bold-italic.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/lato-bold-italic.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/lato-bold-italic.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/lato-bold.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/lato-bold.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/lato-bold.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/lato-bold.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/lato-normal-italic.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/lato-normal-italic.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/lato-normal-italic.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/lato-normal-italic.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/lato-normal.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/lato-normal.woff -------------------------------------------------------------------------------- /docs/build/html/_static/fonts/lato-normal.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/_static/fonts/lato-normal.woff2 -------------------------------------------------------------------------------- /docs/build/html/_static/js/badge_only.js: -------------------------------------------------------------------------------- 1 | !function(e){var t={};function r(n){if(t[n])return t[n].exports;var o=t[n]={i:n,l:!1,exports:{}};return e[n].call(o.exports,o,o.exports,r),o.l=!0,o.exports}r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)r.d(n,o,function(t){return e[t]}.bind(null,o));return n},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"a",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="",r(r.s=4)}({4:function(e,t,r){}}); -------------------------------------------------------------------------------- /docs/build/html/_static/js/html5shiv-printshiv.min.js: -------------------------------------------------------------------------------- 1 | /** 2 | * @preserve HTML5 Shiv 3.7.3-pre | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed 3 | */ 4 | !function(a,b){function c(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x",d.insertBefore(c.lastChild,d.firstChild)}function d(){var a=y.elements;return"string"==typeof a?a.split(" "):a}function e(a,b){var c=y.elements;"string"!=typeof c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),y.elements=c+" "+a,j(b)}function f(a){var b=x[a[v]];return b||(b={},w++,a[v]=w,x[w]=b),b}function g(a,c,d){if(c||(c=b),q)return c.createElement(a);d||(d=f(c));var e;return e=d.cache[a]?d.cache[a].cloneNode():u.test(a)?(d.cache[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.canHaveChildren||t.test(a)||e.tagUrn?e:d.frag.appendChild(e)}function h(a,c){if(a||(a=b),q)return a.createDocumentFragment();c=c||f(a);for(var e=c.frag.cloneNode(),g=0,h=d(),i=h.length;i>g;g++)e.createElement(h[g]);return e}function i(a,b){b.cache||(b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag()),a.createElement=function(c){return y.shivMethods?g(c,a,b):b.createElem(c)},a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+d().join().replace(/[\w\-:]+/g,function(a){return b.createElem(a),b.frag.createElement(a),'c("'+a+'")'})+");return n}")(y,b.frag)}function j(a){a||(a=b);var d=f(a);return!y.shivCSS||p||d.hasCSS||(d.hasCSS=!!c(a,"article,aside,dialog,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}mark{background:#FF0;color:#000}template{display:none}")),q||i(a,d),a}function k(a){for(var b,c=a.getElementsByTagName("*"),e=c.length,f=RegExp("^(?:"+d().join("|")+")$","i"),g=[];e--;)b=c[e],f.test(b.nodeName)&&g.push(b.applyElement(l(b)));return g}function l(a){for(var b,c=a.attributes,d=c.length,e=a.ownerDocument.createElement(A+":"+a.nodeName);d--;)b=c[d],b.specified&&e.setAttribute(b.nodeName,b.nodeValue);return e.style.cssText=a.style.cssText,e}function m(a){for(var b,c=a.split("{"),e=c.length,f=RegExp("(^|[\\s,>+~])("+d().join("|")+")(?=[[\\s,>+~#.:]|$)","gi"),g="$1"+A+"\\:$2";e--;)b=c[e]=c[e].split("}"),b[b.length-1]=b[b.length-1].replace(f,g),c[e]=b.join("}");return c.join("{")}function n(a){for(var b=a.length;b--;)a[b].removeNode()}function o(a){function b(){clearTimeout(g._removeSheetTimer),d&&d.removeNode(!0),d=null}var d,e,g=f(a),h=a.namespaces,i=a.parentWindow;return!B||a.printShived?a:("undefined"==typeof h[A]&&h.add(A),i.attachEvent("onbeforeprint",function(){b();for(var f,g,h,i=a.styleSheets,j=[],l=i.length,n=Array(l);l--;)n[l]=i[l];for(;h=n.pop();)if(!h.disabled&&z.test(h.media)){try{f=h.imports,g=f.length}catch(o){g=0}for(l=0;g>l;l++)n.push(f[l]);try{j.push(h.cssText)}catch(o){}}j=m(j.reverse().join("")),e=k(a),d=c(a,j)}),i.attachEvent("onafterprint",function(){n(e),clearTimeout(g._removeSheetTimer),g._removeSheetTimer=setTimeout(b,500)}),a.printShived=!0,a)}var p,q,r="3.7.3",s=a.html5||{},t=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,u=/^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i,v="_html5shiv",w=0,x={};!function(){try{var a=b.createElement("a");a.innerHTML="",p="hidden"in a,q=1==a.childNodes.length||function(){b.createElement("a");var a=b.createDocumentFragment();return"undefined"==typeof a.cloneNode||"undefined"==typeof a.createDocumentFragment||"undefined"==typeof a.createElement}()}catch(c){p=!0,q=!0}}();var y={elements:s.elements||"abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output picture progress section summary template time video",version:r,shivCSS:s.shivCSS!==!1,supportsUnknownElements:q,shivMethods:s.shivMethods!==!1,type:"default",shivDocument:j,createElement:g,createDocumentFragment:h,addElements:e};a.html5=y,j(b);var z=/^$|\b(?:all|print)\b/,A="html5shiv",B=!q&&function(){var c=b.documentElement;return!("undefined"==typeof b.namespaces||"undefined"==typeof b.parentWindow||"undefined"==typeof c.applyElement||"undefined"==typeof c.removeNode||"undefined"==typeof a.attachEvent)}();y.type+=" print",y.shivPrint=o,o(b),"object"==typeof module&&module.exports&&(module.exports=y)}("undefined"!=typeof window?window:this,document); -------------------------------------------------------------------------------- /docs/build/html/_static/js/html5shiv.min.js: -------------------------------------------------------------------------------- 1 | /** 2 | * @preserve HTML5 Shiv 3.7.3 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed 3 | */ 4 | !function(a,b){function c(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x",d.insertBefore(c.lastChild,d.firstChild)}function d(){var a=t.elements;return"string"==typeof a?a.split(" "):a}function e(a,b){var c=t.elements;"string"!=typeof c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),t.elements=c+" "+a,j(b)}function f(a){var b=s[a[q]];return b||(b={},r++,a[q]=r,s[r]=b),b}function g(a,c,d){if(c||(c=b),l)return c.createElement(a);d||(d=f(c));var e;return e=d.cache[a]?d.cache[a].cloneNode():p.test(a)?(d.cache[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.canHaveChildren||o.test(a)||e.tagUrn?e:d.frag.appendChild(e)}function h(a,c){if(a||(a=b),l)return a.createDocumentFragment();c=c||f(a);for(var e=c.frag.cloneNode(),g=0,h=d(),i=h.length;i>g;g++)e.createElement(h[g]);return e}function i(a,b){b.cache||(b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag()),a.createElement=function(c){return t.shivMethods?g(c,a,b):b.createElem(c)},a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+d().join().replace(/[\w\-:]+/g,function(a){return b.createElem(a),b.frag.createElement(a),'c("'+a+'")'})+");return n}")(t,b.frag)}function j(a){a||(a=b);var d=f(a);return!t.shivCSS||k||d.hasCSS||(d.hasCSS=!!c(a,"article,aside,dialog,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}mark{background:#FF0;color:#000}template{display:none}")),l||i(a,d),a}var k,l,m="3.7.3-pre",n=a.html5||{},o=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,p=/^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i,q="_html5shiv",r=0,s={};!function(){try{var a=b.createElement("a");a.innerHTML="",k="hidden"in a,l=1==a.childNodes.length||function(){b.createElement("a");var a=b.createDocumentFragment();return"undefined"==typeof a.cloneNode||"undefined"==typeof a.createDocumentFragment||"undefined"==typeof a.createElement}()}catch(c){k=!0,l=!0}}();var t={elements:n.elements||"abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output picture progress section summary template time video",version:m,shivCSS:n.shivCSS!==!1,supportsUnknownElements:l,shivMethods:n.shivMethods!==!1,type:"default",shivDocument:j,createElement:g,createDocumentFragment:h,addElements:e};a.html5=t,j(b),"object"==typeof module&&module.exports&&(module.exports=t)}("undefined"!=typeof window?window:this,document); -------------------------------------------------------------------------------- /docs/build/html/_static/js/theme.js: -------------------------------------------------------------------------------- 1 | !function(n){var e={};function t(i){if(e[i])return e[i].exports;var o=e[i]={i:i,l:!1,exports:{}};return n[i].call(o.exports,o,o.exports,t),o.l=!0,o.exports}t.m=n,t.c=e,t.d=function(n,e,i){t.o(n,e)||Object.defineProperty(n,e,{enumerable:!0,get:i})},t.r=function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"__esModule",{value:!0})},t.t=function(n,e){if(1&e&&(n=t(n)),8&e)return n;if(4&e&&"object"==typeof n&&n&&n.__esModule)return n;var i=Object.create(null);if(t.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:n}),2&e&&"string"!=typeof n)for(var o in n)t.d(i,o,function(e){return n[e]}.bind(null,o));return i},t.n=function(n){var e=n&&n.__esModule?function(){return n.default}:function(){return n};return t.d(e,"a",e),e},t.o=function(n,e){return Object.prototype.hasOwnProperty.call(n,e)},t.p="",t(t.s=0)}([function(n,e,t){t(1),n.exports=t(3)},function(n,e,t){(function(){var e="undefined"!=typeof window?window.jQuery:t(2);n.exports.ThemeNav={navBar:null,win:null,winScroll:!1,winResize:!1,linkScroll:!1,winPosition:0,winHeight:null,docHeight:null,isRunning:!1,enable:function(n){var t=this;void 0===n&&(n=!0),t.isRunning||(t.isRunning=!0,e((function(e){t.init(e),t.reset(),t.win.on("hashchange",t.reset),n&&t.win.on("scroll",(function(){t.linkScroll||t.winScroll||(t.winScroll=!0,requestAnimationFrame((function(){t.onScroll()})))})),t.win.on("resize",(function(){t.winResize||(t.winResize=!0,requestAnimationFrame((function(){t.onResize()})))})),t.onResize()})))},enableSticky:function(){this.enable(!0)},init:function(n){n(document);var e=this;this.navBar=n("div.wy-side-scroll:first"),this.win=n(window),n(document).on("click","[data-toggle='wy-nav-top']",(function(){n("[data-toggle='wy-nav-shift']").toggleClass("shift"),n("[data-toggle='rst-versions']").toggleClass("shift")})).on("click",".wy-menu-vertical .current ul li a",(function(){var t=n(this);n("[data-toggle='wy-nav-shift']").removeClass("shift"),n("[data-toggle='rst-versions']").toggleClass("shift"),e.toggleCurrent(t),e.hashChange()})).on("click","[data-toggle='rst-current-version']",(function(){n("[data-toggle='rst-versions']").toggleClass("shift-up")})),n("table.docutils:not(.field-list,.footnote,.citation)").wrap("
"),n("table.docutils.footnote").wrap("
"),n("table.docutils.citation").wrap("
"),n(".wy-menu-vertical ul").not(".simple").siblings("a").each((function(){var t=n(this);expand=n(''),expand.on("click",(function(n){return e.toggleCurrent(t),n.stopPropagation(),!1})),t.prepend(expand)}))},reset:function(){var n=encodeURI(window.location.hash)||"#";try{var e=$(".wy-menu-vertical"),t=e.find('[href="'+n+'"]');if(0===t.length){var i=$('.document [id="'+n.substring(1)+'"]').closest("div.section");0===(t=e.find('[href="#'+i.attr("id")+'"]')).length&&(t=e.find('[href="#"]'))}t.length>0&&($(".wy-menu-vertical .current").removeClass("current"),t.addClass("current"),t.closest("li.toctree-l1").addClass("current"),t.closest("li.toctree-l1").parent().addClass("current"),t.closest("li.toctree-l1").addClass("current"),t.closest("li.toctree-l2").addClass("current"),t.closest("li.toctree-l3").addClass("current"),t.closest("li.toctree-l4").addClass("current"),t.closest("li.toctree-l5").addClass("current"),t[0].scrollIntoView())}catch(n){console.log("Error expanding nav for anchor",n)}},onScroll:function(){this.winScroll=!1;var n=this.win.scrollTop(),e=n+this.winHeight,t=this.navBar.scrollTop()+(n-this.winPosition);n<0||e>this.docHeight||(this.navBar.scrollTop(t),this.winPosition=n)},onResize:function(){this.winResize=!1,this.winHeight=this.win.height(),this.docHeight=$(document).height()},hashChange:function(){this.linkScroll=!0,this.win.one("hashchange",(function(){this.linkScroll=!1}))},toggleCurrent:function(n){var e=n.closest("li");e.siblings("li.current").removeClass("current"),e.siblings().find("li.current").removeClass("current"),e.find("> ul li.current").removeClass("current"),e.toggleClass("current")}},"undefined"!=typeof window&&(window.SphinxRtdTheme={Navigation:n.exports.ThemeNav,StickyNav:n.exports.ThemeNav}),function(){for(var n=0,e=["ms","moz","webkit","o"],t=0;t 4 | 5 | 6 | 7 | 8 | 9 | 10 | Index — Marvel Lab 0.0.1 documentation 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 |
45 | 46 | 94 | 95 |
96 | 97 | 98 | 104 | 105 | 106 |
107 | 108 |
109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 |
127 | 128 |
    129 | 130 |
  • »
    • 131 | 132 |
  • Index
    • 133 | 134 | 135 |
  • 136 | 137 | 138 | 139 |
    • 140 | 141 |
142 | 143 | 144 |
145 |
146 |
147 |
148 | 149 | 150 |

Index

151 | 152 |
153 | 154 |
155 | 156 | 157 |
158 | 159 |
160 |
161 | 162 | 163 |
164 | 165 |
166 |

167 | 168 | © Copyright 2020, Jonathan Johnson 169 | 170 |

171 |
172 | 173 | 174 | 175 | Built with Sphinx using a 176 | 177 | theme 178 | 179 | provided by Read the Docs. 180 | 181 |
182 | 183 |
184 |
185 | 186 |
187 | 188 |
189 | 190 | 191 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | -------------------------------------------------------------------------------- /docs/build/html/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Marvel Lab — Marvel Lab 0.0.1 documentation 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 |
46 | 47 | 95 | 96 |
97 | 98 | 99 | 105 | 106 | 107 |
108 | 109 |
110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 |
128 | 129 |
    130 | 131 |
  • »
    • 132 | 133 |
  • Marvel Lab
    • 134 | 135 | 136 |
  • 137 | 138 | 139 | View page source 140 | 141 | 142 |
    • 143 | 144 |
145 | 146 | 147 |
148 |
149 |
150 |
151 | 152 |
153 |

Marvel Lab

154 | Mjölnir 155 |
156 |

Build Steps

157 |
158 |
159 |

References

160 |
161 |
162 |
163 |
164 | 165 | 166 |
167 | 168 |
169 |
170 | 171 | 177 | 178 | 179 |
180 | 181 |
182 |

183 | 184 | © Copyright 2020, Jonathan Johnson 185 | 186 |

187 |
188 | 189 | 190 | 191 | Built with Sphinx using a 192 | 193 | theme 194 | 195 | provided by Read the Docs. 196 | 197 |
198 | 199 |
200 |
201 | 202 |
203 | 204 |
205 | 206 | 207 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | -------------------------------------------------------------------------------- /docs/build/html/objects.inv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/build/html/objects.inv -------------------------------------------------------------------------------- /docs/build/html/search.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Search — Marvel Lab 0.0.1 documentation 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 |
47 | 48 | 96 | 97 |
98 | 99 | 100 | 106 | 107 | 108 |
109 | 110 |
111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 |
129 | 130 |
    131 | 132 |
  • »
    • 133 | 134 |
  • Search
    • 135 | 136 | 137 |
  • 138 | 139 | 140 | 141 |
    • 142 | 143 |
144 | 145 | 146 |
147 |
148 |
149 |
150 | 151 | 158 | 159 | 160 |
161 | 162 |
163 | 164 |
165 | 166 |
167 |
168 | 169 | 170 |
171 | 172 |
173 |

174 | 175 | © Copyright 2020, Jonathan Johnson 176 | 177 |

178 |
179 | 180 | 181 | 182 | Built with Sphinx using a 183 | 184 | theme 185 | 186 | provided by Read the Docs. 187 | 188 |
189 | 190 |
191 |
192 | 193 |
194 | 195 |
196 | 197 | 198 | 203 | 204 | 205 | 206 | 207 | 208 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | -------------------------------------------------------------------------------- /docs/build/html/searchindex.js: -------------------------------------------------------------------------------- 1 | Search.setIndex({docnames:["index","subpages/build_steps"],envversion:{"sphinx.domains.c":2,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":3,"sphinx.domains.index":1,"sphinx.domains.javascript":2,"sphinx.domains.math":2,"sphinx.domains.python":2,"sphinx.domains.rst":2,"sphinx.domains.std":1,"sphinx.ext.viewcode":1,sphinx:56},filenames:["index.rst","subpages/build_steps.rst"],objects:{},objnames:{},objtypes:{},terms:{},titles:["Marvel Lab","Build Steps"],titleterms:{build:[0,1],lab:0,marvel:0,refer:0,step:[0,1]}}) -------------------------------------------------------------------------------- /docs/build/html/subpages/build_steps.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Build Steps — Marvel Lab 0.0.1 documentation 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 |
46 | 47 | 95 | 96 |
97 | 98 | 99 | 105 | 106 | 107 |
108 | 109 |
110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 |
128 | 129 |
    130 | 131 |
  • »
    • 132 | 133 |
  • Build Steps
    • 134 | 135 | 136 |
  • 137 | 138 | 139 | View page source 140 | 141 | 142 |
    • 143 | 144 |
145 | 146 | 147 |
148 |
149 |
150 |
151 | 152 |
153 |

Build Steps

154 |
155 | 156 | 157 |
158 | 159 |
160 |
161 | 162 | 168 | 169 | 170 |
171 | 172 |
173 |

174 | 175 | © Copyright 2020, Jonathan Johnson 176 | 177 |

178 |
179 | 180 | 181 | 182 | Built with Sphinx using a 183 | 184 | theme 185 | 186 | provided by Read the Docs. 187 | 188 |
189 | 190 |
191 |
192 | 193 |
194 | 195 |
196 | 197 | 198 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- 1 | # Configuration file for the Sphinx documentation builder. 2 | # 3 | # This file only contains a selection of the most common options. For a full 4 | # list see the documentation: 5 | # https://www.sphinx-doc.org/en/master/usage/configuration.html 6 | 7 | # -- Path setup -------------------------------------------------------------- 8 | 9 | # If extensions (or modules to document with autodoc) are in another directory, 10 | # add these directories to sys.path here. If the directory is relative to the 11 | # documentation root, use os.path.abspath to make it absolute, like shown here. 12 | # 13 | # import os 14 | # import sys 15 | # sys.path.insert(0, os.path.abspath('.')) 16 | 17 | 18 | # -- Project information ----------------------------------------------------- 19 | 20 | project = 'Marvel Lab' 21 | copyright = '2020, Jonathan Johnson, Ben Shell' 22 | author = 'Jonathan Johnson, Ben Shell' 23 | 24 | # The full version, including alpha/beta/rc tags 25 | release = '0.0.1' 26 | 27 | 28 | # -- General configuration --------------------------------------------------- 29 | 30 | # Add any Sphinx extension module names here, as strings. They can be 31 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 32 | # ones. 33 | extensions = [ 34 | 'sphinx.ext.autodoc', 35 | 'sphinx.ext.viewcode', 36 | 'sphinx.ext.githubpages', 37 | ] 38 | 39 | # Add any paths that contain templates here, relative to this directory. 40 | templates_path = ['_templates'] 41 | 42 | # List of patterns, relative to source directory, that match files and 43 | # directories to ignore when looking for source files. 44 | # This pattern also affects html_static_path and html_extra_path. 45 | exclude_patterns = [] 46 | 47 | 48 | # -- Options for HTML output ------------------------------------------------- 49 | 50 | # The theme to use for HTML and HTML Help pages. See the documentation for 51 | # a list of builtin themes. 52 | # 53 | #html_theme = 'alabaster' 54 | html_theme = 'sphinx_rtd_theme' 55 | 56 | # Add any paths that contain custom static files (such as style sheets) here, 57 | # relative to this directory. They are copied after the builtin static files, 58 | # so a file named "default.css" will overwrite the builtin "default.css". 59 | html_static_path = ['_static'] 60 | 61 | # The master toctree document. 62 | master_doc = 'index' 63 | -------------------------------------------------------------------------------- /docs/images/thor-rocket.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/images/thor-rocket.gif -------------------------------------------------------------------------------- /docs/images/tonystark.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/docs/images/tonystark.gif -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- 1 | *********** 2 | Marvel Lab 3 | *********** 4 | Unsupported, but still stable version: 5 | :doc:`v1.0 ` 6 | 7 | 8 | Supported version: 9 | :doc:`v2.0 ` -------------------------------------------------------------------------------- /docs/subpages/v1-build_steps.rst: -------------------------------------------------------------------------------- 1 | *********** 2 | Build Steps 3 | *********** 4 | 5 | Domain Controller: 6 | ################## 7 | 8 | 1. Build stock Windows Server VM. 9 | 2. Go into Server and download this repo into the ``C:\`` directory. If 10 | you downloaded the .zip of the repo, move the child folder to the 11 | C: directory and rename to ``Marvel-Lab``. 12 | 3. Go into the ``Earth-DC`` folder. 13 | 4. Run these scripts in order: 14 | 15 | - ``rename-dc.ps1`` 16 | - ``deploying-marvel-forest.ps1`` 17 | - ``import-marvel-users.ps1`` 18 | - ``add-ou.ps1`` 19 | - ``Import-GPOBackup.ps1`` 20 | - Install Logging. Go to **Logging** below and follow steps. 21 | 22 | Workstations (Windows): 23 | ############# 24 | 25 | 1. Build Windows 10 VM. 26 | 2. Go into one of the Windows VMs and download this repo into the 27 | ``C:\`` directory. If you downloaded the .zip of the repo, move the 28 | child folder to the C: directory and rename to ``Marvel-Lab``. 29 | 3. Go into one of the Workstaion folders. This project supports two 30 | different Workstations. 31 | 4. Run these scripts in order: 32 | 33 | - ``rename-workstation.ps1`` 34 | - ``join-domain.ps1`` 35 | - ``updating-groups.ps1`` 36 | - ``Tools.ps1`` 37 | - Install Logging. Go to **Logging** below and follow steps. 38 | 39 | **Note:** If ``join-domain.ps1`` fails, make sure that the host is 40 | pointing to Earth-DC’s IP for DNS. 41 | 42 | Workstations (MacOS): 43 | ############# 44 | 45 | 1. Build Mac VM. 46 | 2. Pull down the Marvel-Lab repo 47 | 3. Go into the ``Marvel-Lab/Workstations/MacOS/`` directory 48 | 4. Run these scripts in order: 49 | 50 | - ``build.sh`` 51 | - ``tools.sh`` 52 | - Install Logging. Go to **Logging** below and follow steps. 53 | 54 | **Note:** If ``build.sh`` fails, make sure that the host is 55 | pointing to Earth-DC’s IP for DNS. 56 | 57 | Adding Earth-DC's IP: ``System Preferences -> Network -> Ethernet Adapter -> Advanced -> DNS -> Add the IP of Earth-DC under DNS Servers`` 58 | 59 | Adding domain name to ``Search Domains``: ``System Preferences -> Network -> Ethernet Adapter -> Advanced -> DNS -> Add marvel.local in the Search Domains`` 60 | 61 | 62 | Logging: 63 | ######## 64 | 65 | Steps to get logging set up: 66 | **************************** 67 | 68 | If you plan on using Splunk/Jupyter Notebooks/OSQuery/Kolide - install the required scripts on the Ubuntu box first before setting up logging on the endpoints. 69 | 70 | 71 | On Ubuntu box: 72 | ************** 73 | 74 | 1. Install Docker by following these steps, assuming you’re on Ubuntu: https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository. 75 | 2. Install Docker Compose by following the documentation here: https://docs.docker.com/compose/install/. 76 | 3. On the Ubuntu machine download the Marvel-Lab repository. 77 | 4. Go into ``Marvel-Lab\Logging\splunk`` and run ``splunk_logging.sh``. 78 | 79 | **Note**: Only Ubuntu 22.04+ is supported for this script. 80 | 81 | 82 | On Windows Workstation and DC: 83 | ****************************** 84 | 85 | **Note**: In order to receive logs in Splunk, the ``splunk_logging.sh`` script must have succeeded on the Logger box (Ubuntu). 86 | 87 | 1. Download the Marvel-Lab repository in the ``C:\`` directory. (If you 88 | downloaded the .zip of the repo, move the child folder to the 89 | C:\ directory and rename to ``Marvel-Lab``). 90 | 2. Go to KolideIP:8443, set up Username/Password. 91 | 3. Set Organization Name to ``Marvel Lab``. You don't have to do the URL. When it shows you the fleet web address, press Submit, then Finish. 92 | 4. Go into ``Marvel-Lab\Set-Logging`` and run ``Set-Logging.ps1``. 93 | 94 | **Note:** The Sysmon configuration is up to date with version - 11.0. 95 | FileDelete Events will only be logged within the 96 | ``\Downloads`` folder of each user. Deletions are saved within 97 | the ``C:\ArchivedFiles`` folder. 98 | 99 | 100 | 101 | On MacOS Workstation: 102 | ********************* 103 | 1. Run ``logging.sh`` 104 | 2. During installation there will be some prompt that will need to be filled in when accepting the Splunk License. Exact steps are below: 105 | - Press Enter 106 | - Press q 107 | - Press y, then Enter 108 | - Enter admin username/password of your choice (You might have to do this twice) -------------------------------------------------------------------------------- /docs/subpages/v1-logging.rst: -------------------------------------------------------------------------------- 1 | ******************* 2 | Telemetry/Logging Information 3 | ******************* 4 | 5 | .. image:: ../images/tonystark.gif 6 | :align: center 7 | :alt: tonystark 8 | 9 | Data Sensors Available: 10 | ####################### 11 | 12 | - Window Event Logs (Application, Security, System, Setup) 13 | 14 | - Security events are being configured/audited via GPO. 15 | 16 | - `Sysmon`_ 17 | 18 | - Configuration is being pulled from Olaf Hartong's `sysmon-modular`_ project 19 | 20 | - `Zeek`_ 21 | 22 | - Logs are stored within the Marvel-Lab directory you created under: 23 | ``Marvel-Lab/Logging/splunk/zeek/zeek-logs`` 24 | 25 | - `OSQuery`_ (Mac and Windows) 26 | 27 | - Configs are coming from: https://github.com/palantir/osquery-configuration 28 | 29 | Analytic Platforms: 30 | ################### 31 | 32 | - Splunk 33 | 34 | - We recommend getting the Developer License Splunk offers and 35 | applying it within this lab due to the robustness of logs being 36 | collected. 37 | 38 | - Jupyter Notebooks 39 | 40 | Current data sources being shipped to Splunk: 41 | ############################################# 42 | 43 | - Windows Events (Window Event Logs (Application, Security, System, 44 | Setup) (Windows Workstations) 45 | - Sysmon (Windows Workstations) 46 | - Zeek 47 | - OSQuery (Windows/MacOS Workstations) 48 | 49 | .. _Sysmon: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon 50 | .. _sysmon-modular: https://github.com/olafhartong/sysmon-modular 51 | .. _Zeek: https://zeek.org/ 52 | .. _OSQuery: https://osquery.readthedocs.io/en/latest/ 53 | 54 | Splunk Universal Forwarder: 55 | ############################################# 56 | 57 | The Forwarder currently has some exclusions set within the `inputs.conf`. These can be found below: 58 | 59 | Event ID 4688: 60 | :: 61 | 62 | blacklist1=EventCode="4688" Message="New Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)" 63 | 64 | Rule was borrowed from: https://gist.github.com/automine/a3915d5238e2967c8d44b0ebcfb66147 65 | 66 | Event ID 4689: 67 | :: 68 | 69 | blacklist2=EventCode="4689" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)" 70 | 71 | Rule was borrowed from: https://gist.github.com/automine/a3915d5238e2967c8d44b0ebcfb66147 72 | 73 | Event ID 5156: 74 | :: 75 | 76 | blacklist3=EventCode="5156" Message="(?ms)Application\sName:\s.*\\windows\\system32\\svchost.exe." 77 | 78 | -------------------------------------------------------------------------------- /docs/subpages/v1-script_explanations.rst: -------------------------------------------------------------------------------- 1 | ******************** 2 | Script Explanations 3 | ******************** 4 | - ``rename-dc.ps1`` 5 | 6 | - Powershell script that will rename the computer name of the Domain 7 | Controller to: Earth-DC. 8 | 9 | - ``deploying-marvel-forest.ps1`` 10 | 11 | - Powershell script that will create and deploy a forest with the 12 | domain name of: marvel.local 13 | 14 | - ``import-marvel-users.ps1`` 15 | 16 | - Powershell script that imports marvel characters from a csv into 17 | the AD infrastructure. This script will assign groups to domain 18 | users as well. 19 | 20 | - ``add-ou.ps1`` 21 | 22 | - Powershell script that will add the Workstation organizational 23 | unit to the AD infrastructure. 24 | 25 | - ``Import-GPOBackup.ps1`` 26 | 27 | - Powershell script that will import mulitple Group Policy Objects 28 | (GPOs) into the group policy management. GPO’s will be linked and 29 | enforced with this script as well. 30 | 31 | - ``rename-workstation.ps1`` 32 | 33 | - Powershell script that will rename the computer name of the Win10 34 | workstation to either: Asgard-WrkStn or Wakanda-Wrkstn 35 | 36 | - ``join-domain.ps1`` 37 | 38 | - Powershell script that will join the workstation to the 39 | marvel.local. 40 | 41 | - ``updating-groups.ps1`` 42 | 43 | - Powershell script that will add users within the LocalAdmin group 44 | in AD to the Local Administrators and Remote Desktop Users groups 45 | on the host. 46 | - This script will also set a wallpaper for the current user NOT all users. If you want to update the wallpaper per user run this following: 47 | 48 | :: 49 | 50 | New-Item HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\ -Name System 51 | 52 | 53 | :: 54 | 55 | Set-ItemProperty -path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\\System' -name Wallpaper -value "C:\Marvel-Lab\images\.jpg" 56 | 57 | :: 58 | 59 | Set-ItemProperty -path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\\System' -name WallpaperStyle -value "4" 60 | 61 | - ``Logging.ps1`` 62 | 63 | - Powershell script will give 3 options for endpoint logging: 64 | 65 | 1) Just to install `Sysmon`_. 66 | 2) To install Sysmon and send logs to a `HELK`_ build (we do not 67 | build this for you, it assumes you already have it built). 68 | 3) To install Sysmon and send logs to Splunk. 69 | 70 | - ``Tools.ps1`` 71 | 72 | - Powershell script that will install various different Red-Team 73 | tools and Wireshark. 74 | 75 | - ``splunk_logging.sh`` 76 | 77 | - Bash script that will build out Splunk, Portainer, and Jupyter 78 | Notebooks within a docker container. 79 | 80 | - ``fleet-pack.sh`` 81 | - Sets up osquery packs in fleet. 82 | 83 | - ``build.sh`` 84 | - Rename hostname of MacOS Workstation and binds host to the domain - marvel.local. 85 | 86 | - ``tools.sh`` 87 | - Install Homebrew/Wget on MacOS Workstation. 88 | 89 | - ``logging.sh`` 90 | - Installs OSQuery/Splunk Forwarder. 91 | - Configures OSQuery and Splunk Forwarder. 92 | 93 | .. _Sysmon: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon 94 | .. _HELK: https://github.com/Cyb3rWard0g/HELK -------------------------------------------------------------------------------- /docs/subpages/v1-tools.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Tools 3 | ******* 4 | Red: 5 | ##### 6 | 7 | - `Powersploit`_ 8 | 9 | - `Rubeus`_ 10 | 11 | - `PowershellArsenal`_ 12 | 13 | - `GhostPack Seatbelt`_ 14 | 15 | - `Mimikatz`_ 16 | 17 | Blue: 18 | ##### 19 | 20 | - `Wireshark`_ 21 | - `Sysinternals`_ 22 | 23 | Debugging: 24 | ########## 25 | 26 | - `Windows SDK`_ 27 | - `IDA Pro`_ 28 | - `API Monitor`_ 29 | - `DNSpy`_ 30 | 31 | Misc: 32 | ##### 33 | 34 | - Git 35 | 36 | - Google Chrome 37 | 38 | - Chocolatey 39 | 40 | .. _Powersploit: https://github.com/PowerShellMafia/PowerSploit 41 | .. _Rubeus: https://github.com/GhostPack/Rubeus 42 | .. _PowershellArsenal: https://github.com/mattifestation/PowerShellArsenal 43 | .. _GhostPack Seatbelt: https://github.com/GhostPack/Seatbelt 44 | .. _Mimikatz: https://github.com/gentilkiwi/mimikatz 45 | .. _Wireshark: https://www.wireshark.org/ 46 | .. _Sysinternals: https://docs.microsoft.com/en-us/sysinternals/ 47 | .. _Windows SDK: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk/ 48 | .. _IDA Pro: https://www.hex-rays.com/products/ida/ 49 | .. _API Monitor: http://www.rohitab.com/apimonitor#:~:text=API%20Monitor%20is%20a%20free,have%20in%20your%20own%20applications. 50 | .. _DNSpy: https://github.com/0xd4d/dnSpy#:~:text=dnSpy%20is%20a%20debugger%20and,Debug%20. -------------------------------------------------------------------------------- /docs/subpages/v1-troubleshooting.rst: -------------------------------------------------------------------------------- 1 | ********************* 2 | Troubleshooting Steps 3 | ********************* 4 | 5 | 1. If the docker containers are not starting correctly after reboot, run 6 | ``sudo docker ps`` on the splunk box. Make sure the containers were 7 | started. 8 | 9 | 2. If you do not see the GPO’s are being properly pushed to your 10 | workstation, go to workstation open powershell.exe and run: 11 | ``gpupate /force``. -------------------------------------------------------------------------------- /docs/subpages/v1.0.rst: -------------------------------------------------------------------------------- 1 | *********** 2 | Marvel Lab 3 | *********** 4 | 5 | .. meta:: 6 | description lang=en: A collection of scripts that will help automate the build process for a Marvel domain. 7 | 8 | .. image:: /images/thor-rocket.gif 9 | :align: center 10 | :alt: thor-rocket 11 | 12 | Installation: 13 | ------------- 14 | Go see - :doc:`Build Steps <.\v1-build_steps>`. 15 | 16 | Logging: 17 | -------- 18 | This lab is meant to be used for research and detection development. The logging information for this lab is held within the - :doc:`Logging ` page. If there is any other telemtry you would like to see, let us know! 19 | 20 | Troubleshooting: 21 | ---------------- 22 | Before creating an issue within the Github, please check out the - :doc:`Troubleshooting ` page. 23 | 24 | Scripts: 25 | -------- 26 | Many scripts are being used for this build, for explanations on these scripts please see - :doc:`Script Explanations `. 27 | 28 | 29 | Tools: 30 | ------ 31 | Tools for red-teaming, blue-teaming, and debugging are installed. To see the full list, visit the - :doc:`Tools ` page. If there is any other tools you'd like to see, let us know! 32 | 33 | Acknowledgements: 34 | ------- 35 | 36 | - `Olaf Hartong`_'s Sysmon Modular `Config`_ 37 | 38 | 39 | .. _Config: https://github.com/olafhartong/sysmon-modular 40 | .. _Olaf Hartong: https://twitter.com/olafhartong -------------------------------------------------------------------------------- /docs/subpages/v2-build_steps.rst: -------------------------------------------------------------------------------- 1 | *********** 2 | Build Steps 3 | *********** 4 | 5 | Domain Controller: 6 | ################## 7 | 8 | 1. Build stock Windows Server VM. 9 | 2. Go into Server and download this repo into the ``C:\`` directory. If 10 | you downloaded the .zip of the repo, move the child folder to the 11 | C: directory and rename to ``Marvel-Lab``. 12 | 3. Go into the ``Marvel-Lab`` folder. 13 | 4. Import Marvel-Lab Module - ``Import-Module Marvel-Lab.psd1`` 14 | 5. You can either run the scripts separately or automate the process: 15 | 16 | Automated: 17 | ``Rename-DC -Password -Automate`` 18 | **Note:** If you choose to perform the build in an automated fashion, you will need to log into the box after the Rename-DC module runs and restarts the box. 19 | 20 | Separately: 21 | - ``Rename-DC`` 22 | - ``Initialize-MarvelDomain -Password 'Changeme1!'`` 23 | - ``Update-Workstation`` 24 | 25 | 26 | - Install Logging. Go to **Logging** below and follow steps. 27 | - Build logs will be stored in ``C:\Marvel-Lab\DeploymentLog.txt``. 28 | 29 | Workstations (Windows): 30 | ############# 31 | 32 | 1. Build Windows 10 VM. 33 | 2. Go into Server and download this repo into the ``C:\`` directory. If 34 | you downloaded the .zip of the repo, move the child folder to the 35 | C: directory and rename to ``Marvel-Lab``. 36 | 3. Go into the ``Marvel-Lab`` folder. 37 | 4. Import Marvel-Lab Module - ``Import-Module Marvel-Lab.psd1`` 38 | 5. Go into network adapters and set the DNS to the DC's IP. If you can't ping ``marvel.local`` the domain joining script will fail. 39 | 6. You can either run the scripts separately or automate the process: 40 | 41 | Automated: 42 | ``Rename-Workstation -Automate`` 43 | **Note:** If you choose to perform the build in an automated fashion, you will need to log into the box after the Rename-DC module runs and restarts the box. 44 | 45 | Separately: 46 | - ``Rename-Workstation`` 47 | - ``Join-Domain`` 48 | - ``Update-Workstation`` 49 | - ``Get-Tools`` 50 | 51 | - Install Logging. Go to **Logging** below and follow steps. 52 | - Build logs will be stored in ``C:\Marvel-Lab\DeploymentLog.txt``. 53 | 54 | Logging: 55 | ######## 56 | 57 | Steps to get logging set up: 58 | **************************** 59 | 60 | Install the required scripts on the Ubuntu box first before setting up logging on endpoints. 61 | 62 | 63 | On Ubuntu box: 64 | ************** 65 | 66 | 1. Install Docker by following these steps, assuming you’re on Ubuntu: https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository. 67 | 2. Install Docker Compose by following the documentation here: https://docs.docker.com/compose/install/. 68 | 3. On the Ubuntu machine download the Marvel-Lab repository. 69 | 4. Go into ``Marvel-Lab\Logging\`` and run ``setup_logging.sh``. 70 | 71 | **Note**: Only Ubuntu 22.04+ is supported for this script. 72 | 73 | 74 | On Windows Workstation and DC: 75 | ****************************** 76 | 77 | **Note**: In order to receive logs in Splunk, the ``setup_logging.sh`` script must have succeeded on the Logger box (Ubuntu). 78 | 79 | 1. Go into the Server and download this repo into the ``C:\`` directory. If you downloaded the .zip of the repo, move the child folder to the C:\ directory and rename to ``Marvel-Lab``. 80 | 2. Go into the ``Marvel-Lab`` folder. 81 | 3. Import Marvel-Lab Module - ``Import-Module Marvel-Lab.psd1`` 82 | 4. Logging supports ELK and Splunk 83 | * For ELK: 84 | - Pull the ``elk.cert`` from the Ubuntu box. 85 | ``Install-Logging -SIEM_IP 127.0.0.1 -ELK -ELK_Cert_Path C:\elk.crt`` 86 | 87 | * For Splunk: 88 | ``Install-Logging -SIEM_IP 127.0.0.1 -Splunk`` 89 | 90 | **Note:** The Sysmon configuration is up to date with version - 14.0. 91 | FileDelete Events will only be logged within the 92 | ``\Downloads`` folder of each user. Deletions are saved within 93 | the ``C:\ArchivedFiles`` folder. 94 | 95 | -------------------------------------------------------------------------------- /docs/subpages/v2-logging.rst: -------------------------------------------------------------------------------- 1 | ******************* 2 | Telemetry/Logging Information 3 | ******************* 4 | 5 | .. image:: ../images/tonystark.gif 6 | :align: center 7 | :alt: tonystark 8 | 9 | Data Sensors Available: 10 | ####################### 11 | 12 | - Window Event Logs (Application, Security, System, Setup) 13 | 14 | - Security events are being configured/audited via GPO. 15 | 16 | - `Sysmon`_ 17 | 18 | - Configuration is being pulled from Olaf Hartong's `sysmon-modular`_ project 19 | 20 | - `Zeek`_ 21 | 22 | - Logs are stored within the Marvel-Lab directory you created under: 23 | ``Marvel-Lab/Logging/Config/zeek/zeek-logs`` 24 | 25 | Analytic Platforms: 26 | ################### 27 | 28 | - ELK 29 | 30 | - Splunk 31 | 32 | - We recommend getting the Developer License Splunk offers and 33 | applying it within this lab due to the robustness of logs being 34 | collected. 35 | 36 | - Jupyter Notebooks 37 | 38 | Current data sources being shipped to ELK: 39 | ############################################# 40 | 41 | - Windows Events (Window Event Logs (Application, Security, System, Setup)) 42 | - Sysmon 43 | 44 | Current data sources being shipped to Splunk: 45 | ############################################# 46 | 47 | - Windows Events (Window Event Logs (Application, Security, System, Setup)) 48 | - Sysmon 49 | - Zeek 50 | 51 | .. _Sysmon: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon 52 | .. _sysmon-modular: https://github.com/olafhartong/sysmon-modular 53 | .. _Zeek: https://zeek.org/ 54 | 55 | Splunk Universal Forwarder: 56 | ############################################# 57 | 58 | The Forwarder currently has some exclusions set within the `inputs.conf`. These can be found below: 59 | 60 | Event ID 4688: 61 | :: 62 | 63 | blacklist1=EventCode="4688" Message="New Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)" 64 | 65 | Rule was borrowed from: https://gist.github.com/automine/a3915d5238e2967c8d44b0ebcfb66147 66 | 67 | Event ID 4689: 68 | :: 69 | 70 | blacklist2=EventCode="4689" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)" 71 | 72 | Rule was borrowed from: https://gist.github.com/automine/a3915d5238e2967c8d44b0ebcfb66147 73 | 74 | Event ID 5156: 75 | :: 76 | 77 | blacklist3=EventCode="5156" Message="(?ms)Application\sName:\s.*\\windows\\system32\\svchost.exe." 78 | 79 | -------------------------------------------------------------------------------- /docs/subpages/v2-tools.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Tools 3 | ******* 4 | Red: 5 | ##### 6 | 7 | - `Powersploit`_ 8 | 9 | - `Rubeus`_ 10 | 11 | - `PowershellArsenal`_ 12 | 13 | - `GhostPack Seatbelt`_ 14 | 15 | - `Mimikatz`_ 16 | 17 | - `AtomicRedTeam`_ 18 | 19 | - `AtomicTestHarnesses`_ 20 | 21 | Blue: 22 | ##### 23 | 24 | - `Wireshark`_ 25 | - `Sysinternals`_ 26 | 27 | Debugging: 28 | ########## 29 | 30 | - `Windows SDK`_ 31 | - `IDA Pro`_ 32 | - `API Monitor`_ 33 | - `DNSpy`_ 34 | 35 | Misc: 36 | ##### 37 | 38 | - Git 39 | 40 | - Google Chrome 41 | 42 | - Chocolatey 43 | 44 | .. _Powersploit: https://github.com/PowerShellMafia/PowerSploit 45 | .. _Rubeus: https://github.com/GhostPack/Rubeus 46 | .. _PowershellArsenal: https://github.com/mattifestation/PowerShellArsenal 47 | .. _GhostPack Seatbelt: https://github.com/GhostPack/Seatbelt 48 | .. _Mimikatz: https://github.com/gentilkiwi/mimikatz 49 | .. _AtomicRedTeam: https://github.com/redcanaryco/atomic-red-team 50 | .. _AtomicTestHarnesses: https://github.com/redcanaryco/AtomicTestHarnesses 51 | .. _Wireshark: https://www.wireshark.org/ 52 | .. _Sysinternals: https://docs.microsoft.com/en-us/sysinternals/ 53 | .. _Windows SDK: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk/ 54 | .. _IDA Pro: https://www.hex-rays.com/products/ida/ 55 | .. _API Monitor: http://www.rohitab.com/apimonitor#:~:text=API%20Monitor%20is%20a%20free,have%20in%20your%20own%20applications. 56 | .. _DNSpy: https://github.com/0xd4d/dnSpy#:~:text=dnSpy%20is%20a%20debugger%20and,Debug%20. -------------------------------------------------------------------------------- /docs/subpages/v2.0.rst: -------------------------------------------------------------------------------- 1 | *********** 2 | Marvel Lab 3 | *********** 4 | 5 | .. meta:: 6 | description lang=en: A collection of functions that will help automate the build process for a Marvel domain. 7 | 8 | .. image:: /images/thor-rocket.gif 9 | :align: center 10 | :alt: thor-rocket 11 | 12 | Installation: 13 | ------------- 14 | Go see - :doc:`Build Steps `. 15 | 16 | Logging: 17 | -------- 18 | This lab is meant to be used for research and detection development. The logging information for this lab is held within the - :doc:`Logging ` page. If there is any other telemetry you would like to see, let us know! 19 | 20 | Troubleshooting: 21 | ---------------- 22 | Before creating an issue within the Github, please check out the - :doc:`Troubleshooting ` page. 23 | 24 | Tools: 25 | ------ 26 | Tools for red-teaming, blue-teaming, and debugging are installed. To see the full list, visit the - :doc:`Tools ` page. If there is any other tools you'd like to see, let us know! 27 | 28 | Acknowledgements: 29 | ------- 30 | 31 | - `Olaf Hartong`_'s Sysmon Modular `Config`_ 32 | 33 | .. _Config: https://github.com/olafhartong/sysmon-modular 34 | .. _Olaf Hartong: https://twitter.com/olafhartong -------------------------------------------------------------------------------- /images/LocalAdmin.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/images/LocalAdmin.PNG -------------------------------------------------------------------------------- /images/RDP.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/images/RDP.PNG -------------------------------------------------------------------------------- /images/blackpanther.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/images/blackpanther.jpg -------------------------------------------------------------------------------- /images/marvel.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/images/marvel.jpg -------------------------------------------------------------------------------- /images/thor.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jsecurity101/Marvel-Lab/d1b0378eab123f2142e85675c667daf9a3cb3fc3/images/thor.jpg --------------------------------------------------------------------------------