Created
November 24, 2020 01:15
-
-
Save macostag/78519ce9fed1f7c35cfc89e82801b303 to your computer and use it in GitHub Desktop.
Chocolatey script to setup Windows 10 malware analysis box.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Bypass Execution Policy | |
| Set-ExecutionPolicy Bypass -Scope CurrentUser -Force | |
| #Install boxstarter | |
| [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://boxstarter.org/bootstrapper.ps1')); Get-Boxstarter -Force | |
| #Disable UAC | |
| Disable-UAC | |
| #Disanle Micrsoft Update | |
| Disable-MicrosoftUpdate | |
| # Disable Windows Defender | |
| try { | |
| Get-Service WinDefend | Stop-Service -Force | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\WinDefend" -Name "Start" -Value 4 -Type DWORD -Force | |
| } catch { | |
| Write-Warning "Failed to disable WinDefend service" | |
| } | |
| try { | |
| New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft' -Name "Windows Defender" -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpyNetReporting" -Value 0 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesConsent" -Value 0 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\MRT" -Name "DontReportInfectionInformation" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null | |
| Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend | |
| } catch { | |
| Write-Warning "Failed to disable Windows Defender" | |
| } | |
| #Hex Editors | |
| choco install hxd -y | |
| #Debuggers | |
| choco install x64dbg.portable -y | |
| choco install ida-free -y | |
| #Disassemblers | |
| choco install ghidra -y | |
| #PE | |
| choco install resourcehacker.portable -y | |
| choco install pestudio -y | |
| #Networking | |
| choco install wireshark -y | |
| choco install network-miner -y | |
| choco install processhacker -y | |
| #Python | |
| choco install python2 -y | |
| choco install python3 -y | |
| #Utilities | |
| choco install 7zip -y | |
| choco install regshot -y | |
| choco install GoogleChrome -y | |
| choco install firefox -y | |
| choco install sysinternals -y | |
| choco install hashmyfiles -y | |
| #Text Editors | |
| choco install notepadplusplus -y | |
| choco install sublimetext3.app -y | |
| #IDE | |
| choco install visualstudio2019community -y | |
| choco install vscode.install -y |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment