Add Database, Didierstevens, Zimmerman and Sysinternals

reuteras · Nov 5, 2023 · aa7e047 · aa7e047
1 parent b52aae0
commit aa7e047
Showing 1 changed file with 20 additions and 2 deletions.
diff --git a/setup/start_sandbox.ps1 b/setup/start_sandbox.ps1
@@ -359,13 +359,18 @@ Remove-Item C:\Users\WDAGUtilityAccount\Desktop\PdfStreamDumper.exe.lnk
 mkdir "$HOME\Desktop\dfirws\Browsers"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Browsers\hindsight.lnk" -DestinationPath "C:\Tools\bin\hindsight_gui.exe"
 mkdir "$HOME\Desktop\dfirws\Cobalt Strike"
+mkdir "$HOME\Desktop\dfirws\Database"
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Database\SQLECmd.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop" -Iconlocation "C:\Tools\Zimmerman\SQLECmd\SQLECmd.exe"
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Database\sqlite3.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop" -Iconlocation "C:\Tools\sqlite\sqlite3.exe"
 mkdir "$HOME\Desktop\dfirws\Debuggers"
 if ($WSDFIR_X64DBG -eq "Yes") {
     Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Debuggers\x32dbg.lnk" -DestinationPath "$env:ProgramFiles\x64dbg\release\x32\x32dbg.exe"
     Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Debuggers\x64dbg.lnk" -DestinationPath "$env:ProgramFiles\x64dbg\release\x64\x64dbg.exe"
 }
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Debuggers\dnSpy32.lnk" -DestinationPath "C:\Tools\dnSpy32\dnSpy.exe"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Debuggers\dnSpy64.lnk" -DestinationPath "C:\Tools\dnSpy64\dnSpy.exe"
+# C:\Tools\DidierStevens
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Debuggers\DidierStevens.lnk" -DestinationPath "C:\Tools\DidierStevens"
 mkdir "$HOME\Desktop\dfirws\Editors"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Editors\Bytecode Viewer.lnk" -DestinationPath "C:\Tools\bin\bcv.bat"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Editors\HxD.lnk" -DestinationPath "$env:ProgramFiles\HxD\HxD.exe"
@@ -382,17 +387,22 @@ mkdir "$HOME\Desktop\dfirws\Extraction"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Extraction\bulk_extractor.lnk" -DestinationPath "C:\Tools\bulk_extractor\win64\bulk_extractor.exe"
 mkdir "$HOME\Desktop\dfirws\File"
 Add-shortcut -SourceLnk "$HOME\Desktop\dfirws\File\binlex.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop"
+Add-shortcut -SourceLnk "$HOME\Desktop\dfirws\File\densityscout.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\File\Detect It Easy.lnk" -DestinationPath "C:\Tools\die\die.exe"
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\File\trid.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop"
+mkdir "$HOME\Desktop\dfirws\Go"
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Go\GoReSym.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop"
 mkdir "$HOME\Desktop\dfirws\Java"
 if (($WSDFIR_JAVA -eq "Yes") -and ($WSDFIR_JAVA_JAVA -eq "Yes")) {
     Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Java\jadx-gui.lnk" -DestinationPath "$env:ProgramFiles\jadx\bin\jadx-gui.bat"
 }
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Java\jd-gui.lnk" -DestinationPath "C:Tools\jd-gui\jd-gui.exe"
 mkdir "$HOME\Desktop\dfirws\Network"
-Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Network\Fakenet.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "C:\Tools\fakenet" -Iconlocation C:\Tools\fakenet\fakenet.exe
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Network\Fakenet.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "C:\Tools\fakenet" -Iconlocation "C:\Tools\fakenet\fakenet.exe"
 mkdir "$HOME\Desktop\dfirws\Log"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Log\chainsaw.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Log\FullEventLogView.lnk" -DestinationPath "C:\Tools\FullEventLogView\FullEventLogView.exe"
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Log\hayabusa.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop"
 mkdir "$HOME\Desktop\dfirws\Office"
 mkdir "$HOME\Desktop\dfirws\PDF"
 if ($WSDFIR_PDFSTREAM -eq "Yes") {
@@ -408,7 +418,11 @@ mkdir "$HOME\Desktop\dfirws\Reverse Engineering"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Reverse Engineering\Cutter.lnk" -DestinationPath "C:\Tools\cutter\cutter.exe"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Reverse Engineering\ghidraRun.lnk" -DestinationPath "C:\Tools\ghidra\ghidraRun.bat"
 mkdir "$HOME\Desktop\dfirws\Shellcode"
-mkdir "$HOME\Desktop\dfirws\Unpacking"
+# "$HOME\Desktop\dfirws\Sysinternals"
+Add-shortcut -SourceLnk "$HOME\Desktop\dfirws\Sysinternals.lnk" -DestinationPath "C:\Tools\sysinternals"
+mkdir "$HOME\Desktop\dfirws\Unpack"
+Add-shortcut -SourceLnk "$HOME\Desktop\dfirws\Unpack\upx.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop"
+Add-shortcut -SourceLnk "$HOME\Desktop\dfirws\Unpack\zstd.lnk" -DestinationPath "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -WorkingDirectory "$HOME\Desktop"
 mkdir "$HOME\Desktop\dfirws\Utilities"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Utilities\bash.lnk" -DestinationPath "$env:ProgramFiles\Git\bin\bash.exe" -WorkingDirectory "$HOME\Desktop"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Utilities\cmder.lnk" -DestinationPath "$env:ProgramFiles\cmder\cmder.exe" -WorkingDirectory "$HOME\Desktop"
@@ -418,6 +432,10 @@ Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Utilities\floss.lnk" -DestinationP
 mkdir "$HOME\Desktop\dfirws\Windows"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Windows\Jumplist-Browser.lnk" -DestinationPath "C:\Tools\bin\JumplistBrowser.exe"
 Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Windows\Prefetch-Browser.lnk" -DestinationPath "C:\Tools\bin\PrefetchBrowser.exe"
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Windows\Thumbcache Viewer.lnk" -DestinationPath "C:\Tools\thumbcacheviewer\thumbcache_viewer.exe"
+# "$HOME\Desktop\dfirws\Zimmerman"
+Add-Shortcut -SourceLnk "$HOME\Desktop\dfirws\Zimmerman.lnk" -DestinationPath "C:\Tools\Zimmerman"
+
 Start-Transcript -Append "$TEMP\dfirws_log.txt"
 
 & "$env:ProgramFiles\7-Zip\7z.exe" x -pinfected "C:\downloads\signature.7z" -o"$env:ProgramFiles\loki"