-
-
Save dzervas/1455ace739c9871d1dcd06693d8ee874 to your computer and use it in GitHub Desktop.
Chocolatey script to setup Windows 10 malware analysis box.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # irm https://gist.github.com/dzervas/1455ace739c9871d1dcd06693d8ee874/raw | iex | |
| #Bypass Execution Policy | |
| Set-ExecutionPolicy Bypass -Scope CurrentUser -Force | |
| #Install boxstarter | |
| [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://boxstarter.org/bootstrapper.ps1')); Get-Boxstarter -Force | |
| #Disable UAC | |
| Disable-UAC | |
| #Disanle Micrsoft Update | |
| Disable-MicrosoftUpdate | |
| # Disable Windows Defender | |
| try { | |
| Get-Service WinDefend | Stop-Service -Force | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\WinDefend" -Name "Start" -Value 4 -Type DWORD -Force | |
| } catch { | |
| Write-Warning "Failed to disable WinDefend service" | |
| } | |
| try { | |
| New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft' -Name "Windows Defender" -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpyNetReporting" -Value 0 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesConsent" -Value 0 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\MRT" -Name "DontReportInfectionInformation" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend | |
| } catch { | |
| Write-Warning "Failed to disable Windows Defender" | |
| } | |
| # QoL | |
| Set-WindowsExplorerOptions -EnableShowHiddenFilesFoldersDrives -EnableShowProtectedOSFiles -EnableShowFileExtensions | |
| #Hex Editors | |
| choco install hxd -y | |
| #Debuggers | |
| choco install x64dbg.portable -y | |
| #choco install ida-free -y | |
| choco install apimonitor -y | |
| #Disassemblers | |
| #choco install ghidra -y | |
| choco install dnspyex -y | |
| #PE | |
| choco install resourcehacker.portable -y | |
| choco install pestudio -y | |
| #Networking | |
| choco install wireshark -y | |
| choco install network-miner -y | |
| choco install processhacker.install -y | |
| choco install fiddler -y | |
| choco install proxifier -y | |
| #Python | |
| choco install python2 -y | |
| choco install python3 -y | |
| pip3 install -U angr-management | |
| pip3 install -U frida-tools | |
| pip3 install -U frida | |
| #Utilities | |
| choco install 7zip -y | |
| choco install regshot -y | |
| choco install firefox -y | |
| choco install sysinternals -y | |
| choco install hashmyfiles -y | |
| choco install microsoft-windows-terminal -y | |
| #Text Editors | |
| choco install notepadplusplus -y | |
| #BinaryNinja LLDB | |
| #choco install llvm | |
| #lldb-server.exe platform --server --listen 0.0.0.0:31337 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment