2*yo 2xyo

## win10.log
vagrant up dc wef win10
Bringing machine 'dc' up with 'virtualbox' provider...
Bringing machine 'wef' up with 'virtualbox' provider...
Bringing machine 'win10' up with 'virtualbox' provider...
==> dc: Clearing any previously set forwarded ports...
==> dc: Fixed port collision for 22 => 2222. Now on port 2200.
==> dc: Clearing any previously set network interfaces...
==> dc: Preparing network interfaces based on configuration...
    dc: Adapter 1: nat
    dc: Adapter 2: hostonly

## vagrant_up_logger.log
$ vagrant up logger

Bringing machine 'logger' up with 'virtualbox' provider...
==> logger: Importing base box 'bento/ubuntu-18.04'...
==> logger: Matching MAC address for NAT networking...
==> logger: Checking if box 'bento/ubuntu-18.04' version '202002.14.0' is up to date...
==> logger: Setting the name of the VM: logger
==> logger: Clearing any previously set network interfaces...
==> logger: Preparing network interfaces based on configuration...
    logger: Adapter 1: nat

## vagrant_up_logger.log
Bringing machine 'logger' up with 'virtualbox' provider...
==> logger: Box 'bento/ubuntu-18.04' could not be found. Attempting to find and install...
    logger: Box Provider: virtualbox
    logger: Box Version: >= 0
==> logger: Loading metadata for box 'bento/ubuntu-18.04'
    logger: URL: https://vagrantcloud.com/bento/ubuntu-18.04
==> logger: Adding box 'bento/ubuntu-18.04' (v202002.14.0) for provider: virtualbox
    logger: Downloading: https://vagrantcloud.com/bento/boxes/ubuntu-18.04/versions/202002.14.0/providers/virtualbox.box

[K    logger: Progress: 0% (Rate: 0*/s, Estimated time remaining: --:--:--)

## test.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                2xyo
                / test.md
            
            
              Created
              February 13, 2020 14:35
            
          
## create.py
# coding: utf-8

import datetime
from dateutil.parser import parse
from pprint import pprint
from pycti import OpenCTIApiClient

api_url = "https://demo.opencti.io"
api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
opencti_api_client = OpenCTIApiClient(api_url, api_token)

## 00_OpenCTI_install_Ubuntu.sh
# Fresh Ubuntu 18.04 with Virtualbox 6.1.2
# Download https://ubuntu.com/download/desktop/thank-you?version=18.04.3&architecture=amd64 - ubuntu-18.04.3-desktop-amd64.iso
## Config
### 4 vCPU
### 4Go RAM
### 64Mo graphic card
### 50Go HDD

##
###Boot CD

## docker.sh
apt autoremove -y
apt purge $( dpkg --list | grep -P -o "linux-image-\d\S+" | grep -v $(uname -r | grep -P -o ".+\d") )
apt update && apt upgrade -y

apt remove docker docker-engine docker.io containerd runc

apt install \
    apt-transport-https \
    ca-certificates \
    curl \

## setup-volatility3.py
import setuptools

setuptools.setup(
    name="volatility3",
    version="0.0.2",
    author="volatilityfoundation",
    author_email="info@volatilityfoundation.org",
    description="Volatility 3: The volatile memory extraction framework. DUMMY PACKAGE. DO NOT USE.",
    long_description="This is a dummy package. The official project website is available at https://github.com/volatilityfoundation/volatility3",
    url="https://github.com/volatilityfoundation/volatility3",

## docker.sh
docker build \
       --build-arg http_proxy=$http_proxy \
       --build-arg HTTP_PROXY=$http_proxy \
       --build-arg https_proxy=$https_proxy \
       --build-arg HTTPS_PROXY=$https_proxy \
       --build-arg no_proxy=$no_proxy \
       --build-arg NO_PROXY=$no_proxy \
       -t tag:version .


## ping.json
{
  "_index": "sysmon-2017.11.24",
  "_type": "sysmon_process",
  "_id": "AV_v1-kZAnLqT_pijW1u",
  "_score": 1,
  "_source": {
    "Task": 1,
    "ParentImage": "C:\\Windows\\System32\\cmd.exe",
    "LogonGuid": "{6B166207-852C-5A18-0000-00200D6D0100}",
    "EventType": "INFO",
	vagrant up dc wef win10
	Bringing machine 'dc' up with 'virtualbox' provider...
	Bringing machine 'wef' up with 'virtualbox' provider...
	Bringing machine 'win10' up with 'virtualbox' provider...
	==> dc: Clearing any previously set forwarded ports...
	==> dc: Fixed port collision for 22 => 2222. Now on port 2200.
	==> dc: Clearing any previously set network interfaces...
	==> dc: Preparing network interfaces based on configuration...
	dc: Adapter 1: nat
	dc: Adapter 2: hostonly
	$ vagrant up logger

	Bringing machine 'logger' up with 'virtualbox' provider...
	==> logger: Importing base box 'bento/ubuntu-18.04'...
	==> logger: Matching MAC address for NAT networking...
	==> logger: Checking if box 'bento/ubuntu-18.04' version '202002.14.0' is up to date...
	==> logger: Setting the name of the VM: logger
	==> logger: Clearing any previously set network interfaces...
	==> logger: Preparing network interfaces based on configuration...
	logger: Adapter 1: nat
	Bringing machine 'logger' up with 'virtualbox' provider...
	==> logger: Box 'bento/ubuntu-18.04' could not be found. Attempting to find and install...
	logger: Box Provider: virtualbox
	logger: Box Version: >= 0
	==> logger: Loading metadata for box 'bento/ubuntu-18.04'
	logger: URL: https://vagrantcloud.com/bento/ubuntu-18.04
	==> logger: Adding box 'bento/ubuntu-18.04' (v202002.14.0) for provider: virtualbox
	logger: Downloading: https://vagrantcloud.com/bento/boxes/ubuntu-18.04/versions/202002.14.0/providers/virtualbox.box

	[K logger: Progress: 0% (Rate: 0*/s, Estimated time remaining: --:--:--)
	# coding: utf-8

	import datetime
	from dateutil.parser import parse
	from pprint import pprint
	from pycti import OpenCTIApiClient

	api_url = "https://demo.opencti.io"
	api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
	opencti_api_client = OpenCTIApiClient(api_url, api_token)
	# Fresh Ubuntu 18.04 with Virtualbox 6.1.2
	# Download https://ubuntu.com/download/desktop/thank-you?version=18.04.3&architecture=amd64 - ubuntu-18.04.3-desktop-amd64.iso
	## Config
	### 4 vCPU
	### 4Go RAM
	### 64Mo graphic card
	### 50Go HDD

	##
	###Boot CD
	apt autoremove -y
	apt purge $( dpkg --list \| grep -P -o "linux-image-\d\S+" \| grep -v $(uname -r \| grep -P -o ".+\d") )
	apt update && apt upgrade -y

	apt remove docker docker-engine docker.io containerd runc

	apt install \
	apt-transport-https \
	ca-certificates \
	curl \
	import setuptools

	setuptools.setup(
	name="volatility3",
	version="0.0.2",
	author="volatilityfoundation",
	author_email="info@volatilityfoundation.org",
	description="Volatility 3: The volatile memory extraction framework. DUMMY PACKAGE. DO NOT USE.",
	long_description="This is a dummy package. The official project website is available at https://github.com/volatilityfoundation/volatility3",
	url="https://github.com/volatilityfoundation/volatility3",
	docker build \
	--build-arg http_proxy=$http_proxy \
	--build-arg HTTP_PROXY=$http_proxy \
	--build-arg https_proxy=$https_proxy \
	--build-arg HTTPS_PROXY=$https_proxy \
	--build-arg no_proxy=$no_proxy \
	--build-arg NO_PROXY=$no_proxy \
	-t tag:version .
	{
	"_index": "sysmon-2017.11.24",
	"_type": "sysmon_process",
	"_id": "AV_v1-kZAnLqT_pijW1u",
	"_score": 1,
	"_source": {
	"Task": 1,
	"ParentImage": "C:\\Windows\\System32\\cmd.exe",
	"LogonGuid": "{6B166207-852C-5A18-0000-00200D6D0100}",
	"EventType": "INFO",