- ONLY RUN THIS IN A VOLATILE VM
- These deployment scripts offers no added security against malware escaping the environment. Use at your own risk and understand what you are executing prior to triggering a payload.
- This is a sandbox vm prep script to be run within Windows Sandbox vm. Will use 10-20 GB of Free Space and clear when completed.
- The intended purpose is for malware analysis
- Written shell messages will be shown for any manual setup steps requiring interaction. These will be presented during pauses in the script.
- Scripts are ordered in such a way as to avoid issues with any dependencies.
- The process may seems stuck at times, but it's not. Look for other windows requiring steps. Read the shell it might offer a clue.
- DIE - Detect it Easy
- Floss - FLARE Obfuscated String Solver
- git
- Google Chrome
- Lockhunter
- Nordvpn
- Oh-My-Posh
- Python
- Retoolkit
- SysInternals
- Thunderbird
- Wireshark - winpcap
- vscode
- Run this in an Admin Powershell Window
- ONLY RUN THIS IN A WINDOWS SANDBOX VM
New-Item $env:userprofile\desktop\logs -itemtype Directory
Start-Transcript $env:userprofile\desktop\logs\0-DeployFunction.log
Function Invoke-Deploy {
# Opening Statement
Write-Host " READ THESE NOTES" -ForegroundColor Yellow
Write-Host "
1. After font install, set meslo font as the default font for the shell
2. When all scripts finish running, it's best to close powershell, and use pwsh or shell of choice. This ensures all installed exe's are in path.
3. When asked to pick a default browser choose Chrome. Useful if using Nordvpn.
4. Be patient some steps take longer than others.
5. When presented install wizards, click through
" -ForegroundColor Green
Pause
# Clone repo and scripts for running
Set-ExecutionPolicy Unrestricted -Confirm:$false -Force
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
New-Item $env:userprofile\desktop\Github -itemtype directory | out-null
(New-Object System.Net.WebClient).DownloadFile('https://github.com/TheTaylorLee/SandboxToolkit/archive/refs/heads/main.zip', "$env:userprofile\desktop\github\SandboxToolkit.zip")
Expand-Archive -Path $env:userprofile\desktop\github\SandboxToolkit.zip $env:userprofile\desktop\github\SandboxToolkit
Remove-Item $env:userprofile\desktop\github\SandboxToolkit.zip -force | out-null
#Runs scripts
Write-Host "Running Install Scripts" -foregroundcolor Green
start-process "powershell.exe" -ArgumentList "-executionpolicy unrestricted", "-File $env:userprofile\desktop\github\SandboxToolkit\SandboxToolkit-main\scripts\1-Install-PSPortable.ps1" -wait
start-process "powershell.exe" -ArgumentList "-executionpolicy unrestricted", "-File $env:userprofile\desktop\github\SandboxToolkit\SandboxToolkit-main\scripts\2-Install-PackageManagers.ps1" -wait
start-process "powershell.exe" -ArgumentList "-executionpolicy unrestricted", "-File $env:userprofile\desktop\github\SandboxToolkit\SandboxToolkit-main\scripts\3-Install-Packages.ps1"
Write-Warning "Don't close this window until you have completed the instructions or you have read and remebered them."
}; Clear-Host; Invoke-Deploy
If needing only a couple tools to examine a file, WingetUI can be used to quickly install those.
$url = "https://github.com/marticliment/WingetUI/releases/latest/download/WingetUI.Installer.exe"
$outputPath = "$env:userprofile\downloads\WingetUI.Installer.exe"
Start-BitsTransfer -Source $url -Destination $outputPath
. $outputPath /silent