Our repository needs a license so that external users can use our content.

Please add the "Apache License 2.0" to the repo.

We need a lab demonstrating how and why we automate TTPs.
Enter "Lab 4.3 - Automating TTPs."
This lab will immediately follow Lab 4.2 where the student implements APT 29 TTPs manually (.LNK payload).

Use the Lab 4.2 document on SharePoint as your standard template.

Hi,

Can you please help with Office365BusinessInstaller hanging and failing?

Add console output to xor python script in lab 4.2

Our written labs direct the user to CD into the adversary emulation folder from the desktop; however, the setup scripts do not copy the folder to the desktop.

Please update the setup scripts to duplicate the AdvEmu folder on the attacker desktop.

cd ~/Desktop/AdversaryEmulation/labs/lab_4.2/

Some module 2 content does not consistently use the term "TTP Outline", instead it uses "Scenario Outline."
TTP Outline is the preferred term, as it is less ambiguous than Scenario, and also aligned with ATT&CK vernacular.

Module 2 slides 38 and 39 need to be changed, and correpsonding videos need to be edited.

On the Kali VM, the attacker user must enter the password to invoke sudo commands.

While this is a desirable security configuration, it degrades the student experience by slowing the pace and detracting from the interesting adversary emulation content.

Can we configure the the attacker user to not require a password for all sudo commands?

This configuration should be made in our automated setup scripts.

The MAD desktop background appears to be missing on login as the attacker user to the Kali VM.

This poses no immediate impact to students, but I would like to fix it for consistency when possible.

Can we investigate and fix?

@garunagiri
Please create a launch release of this repository after resolving the remaining issues.
This should happen no later than March 31st.

We need to update / revise the lab 4.2 Implementing Adversary TTPs walkthrough PDF.

Once the walkthrough PDF is finalized, please upload it to the labs/lab_4.2 folder.

Presently our setup procedure has students cloning the repo and running shell scripts.

We would like to elevate the process to utilize a more professional solution, such as Vagrant and Packer.

The desired end state is for students to be able to stand up our lab environment in a trivial number of steps, for example:

vagrant up --provider=virtualbox

See DetectionLab for example implementations:

https://github.com/clong/DetectionLab

Microsoft Teams spawns immediately on login to the Windows Server 2019 system.

It is a minor nuisance to students; can we disable it in our setup scripts?

Our VM setup scripts need to be able to change the desktop backgrounds.

The desired end state is that the user logs in and sees a unique background for the attacker VM, and a unique background for the target VM.

We don't have the final desktop images yet, so for now, I'll suggest you make two simple desktops with black background and overlay text.

The text should say:

MITRE ATT&CK Defender
ATT&CK Adversary Emulation
Hostname: < attacker > or < target >

I highly recommend using AWS EC2s to follow the lab instructions if your mac is having issues setting up with Windows & Kali VM's due to the well documented error of "This virtual machine cannot be powered on because it requires the X86 machine architecture, which is incompatible with this Arm machine architecture host."

The Windows_Server-2019-English-Full-Base is the EC2 with a GUI is the best option that has worked for me after launching several AMI's

Create a lab that demonstrates how to examine TTPs to identify detections and mitigations.

Please add a README to the automation folder that explains how to use the project and state the purpose of each script.

winpcapinstall.ahk generating errors.
Illegal character in expression,etc

Lab 1.3 features terminal hotkey commands like "ctrl + shift + t" to open a new tab.

The problem is those hotkeys don't work when accessing VM's inside a web browser, as is the case in the Cybrary range.

We need to provide alternative guidance using the GUI to achieve the same effect as the terminal hotkeys.

I receive a no such file or directory error when opening the terminal after setup.

Steps to reproduce:

1. Download this repo from the releases page to the kali user downloads folders
2. Rename folder to /home/kali/Downloads/AdversaryEmulation/
3. Run setup scripts
4. Reboot
5. Login as attacker user
6. Open terminal

Please update instructions to account for users downloading the AdversaryEmulation repo in unpredictable locations.

We would like project README's to guide external users through our content.
The desired end state is for our README's to make the project to look professional while being easy-to-use for our external users.

At a minimum we should have README's for these folders:

1. AdversaryEmulation
2. vm_setup_scripts
3. labs

Here are some general sections I would like to see; use your discretion to alter format/content if it makes sense for the particular section you're working on.

1. An intro explaining the purpose of this project or folder.
2. Instructions so external users know how to use our content.
3. Malware warning on the root README (copy the language from lab 4.2 on Sharepoint)
4. Instructions for people to submit git issues
5. Instructions for people to submit changes / contributions

Add Remarks for recommended VM configuration under the vm_setup_scripts folder:

• 2 core CPU
• 50 GB disk space
• 8 GB RAM
• Kali and Windows VM should be networked / able to ping each other
• Kali and Windows VM should have Internet access
• Install VMWare Tools / VirtualBox Extensions for copy/paste between host and VMs

Malware Warning text - list this on the front page of our repo:

Fundamentally, this course entails executing publicly known adversary TTPs so that we can assess and improve cybersecurity. As a result, many of our tools and resources will likely be flagged malicious by security products. We make every effort to ensure that our adversary emulation content is trusted and safe for the purpose of offensive security testing.  
  
As a precaution, you should not perform these labs on any system that contains sensitive data. Additionally, you should never use capabilities and/or techniques taught in this course without first obtaining explicit written permission from the system/network owner(s).  

The Windows DC setup script appears to be defective.

Steps to reproduce:

1. Download/install Windows Server 2019 (trial) in VirtualBox
2. Download AdversaryEmulation folder to desktop of Administrator user
3. execute setup-dc.ps1