- ONLY RUN THIS IN A VOLATILE VM
- These deployment scripts offers no added security against malware escaping the environment. Use at your own risk and understand what you are executing prior to triggering a payload.
- This is a sandbox vm prep script to be run within Windows Sandbox vm. Will use 10-20 GB of Free Space and clear when completed.
- The intended purpose is for malware analysis
- Written shell messages will be shown for any manual setup steps requiring interaction. These will be presented during pauses in the script.
- The process may seems stuck at times, but it's not. Look for other windows requiring steps. Read the shell it might offer a clue.
- DIE - Detect it Easy
- Floss - FLARE Obfuscated String Solver
- git
- Google Chrome
- Lockhunter
- PSPortable
- Python
- Retoolkit
- SysInternals
- Thunderbird
- Wireshark - winpcap
- vscode
If needing only a couple tools to examine a file, WingetUI can be used to quickly install those.
$url = "https://github.com/marticliment/WingetUI/releases/latest/download/WingetUI.Installer.exe"
$outputPath = "$env:userprofile\downloads\WingetUI.Installer.exe"
Start-BitsTransfer -Source $url -Destination $outputPath
. $outputPath /silent
- Run this in an Admin PowerShell Window
- ONLY RUN THIS IN A WINDOWS SANDBOX VM
New-Item $env:userprofile\desktop\logs -itemtype Directory
Start-Transcript $env:userprofile\desktop\logs\0-DeployFunction.log
Function Invoke-Deploy {
# Opening Statement
Write-Host " READ THESE NOTES" -ForegroundColor Yellow
Write-Host "
1. When all scripts finish running, it's best to close powershell, and use pwsh or shell of choice. This ensures all installed exe's are in path.
2. If asked to pick a default browser choose Chrome. Useful if using Nordvpn.
3. Be patient some steps take longer than others.
4. When presented install wizards or install choices interaction is required.
" -ForegroundColor Green
Pause
# Clone repo and scripts for running
Set-ExecutionPolicy Unrestricted -Confirm:$false -Force
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
New-Item $env:userprofile\desktop\Github -itemtype directory | out-null
(New-Object System.Net.WebClient).DownloadFile('https://github.com/TheTaylorLee/SandboxToolkit/archive/refs/heads/main.zip', "$env:userprofile\desktop\github\SandboxToolkit.zip")
Expand-Archive -Path $env:userprofile\desktop\github\SandboxToolkit.zip $env:userprofile\desktop\github\SandboxToolkit
Remove-Item $env:userprofile\desktop\github\SandboxToolkit.zip -force | out-null
#Runs scripts
Write-Host "Running Install Scripts" -foregroundcolor Green
start-process "powershell.exe" -ArgumentList "-executionpolicy unrestricted", "-File $env:userprofile\desktop\github\SandboxToolkit\SandboxToolkit-main\scripts\1-Install-PackageManagers.ps1" -wait
start-process "powershell.exe" -ArgumentList "-executionpolicy unrestricted", "-File $env:userprofile\desktop\github\SandboxToolkit\SandboxToolkit-main\scripts\2-Install-Packages.ps1"
Write-Warning "Don't close this window until you have completed the instructions or you have read and remebered them."
}; Clear-Host; Invoke-Deploy