File tree Expand file tree Collapse file tree 1 file changed +0
-17
lines changed
Expand file tree Collapse file tree 1 file changed +0
-17
lines changed Original file line number Diff line number Diff line change 1- # Requires dependencies of software in vm as by:
2- # https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
3- # Windows 7 SP1, .NET at least 4.5, powershell 5 preferly over v4
4- # KB3109118 - Script block logging back port update for WMF4
5- # x64 - https://cuckoo.sh/vmcloak/Windows6.1-KB3109118-v4-x64.msu
6- # x32 - https://cuckoo.sh/vmcloak/Windows6.1-KB3109118-v4-x86.msu
7- # KB2819745 - WMF 4 (Windows Management Framework version 4) update for Windows 7
8- # x64 - https://cuckoo.sh/vmcloak/Windows6.1-KB2819745-x64-MultiPkg.msu
9- # x32 - https://cuckoo.sh/vmcloak/Windows6.1-KB2819745-x86-MultiPkg.msu
10- # KB3191566 - https://www.microsoft.com/en-us/download/details.aspx?id=54616
11- # You should create following registry entries
12- # reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" /v * /t REG_SZ /d * /f /reg:64
13- # reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" /v EnableScriptBlockLogging /t REG_DWORD /d 00000001 /f /reg:64
14- # reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription" /v EnableTranscripting /t REG_DWORD /d 00000001 /f /reg:64
15- # reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription" /v OutputDirectory /t REG_SZ /d C:\PSTranscipts /f /reg:64
16- # reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription" /v EnableInvocationHeader /t REG_DWORD /d 00000001 /f /reg:64
17-
181# Modules to be enabled or not inside of the VM
192[auxiliary_modules]
203browser = yes
You can’t perform that action at this time.
0 commit comments