Merge branch 'master' into monitor_eth0_eth1

HyperV/hyperv-create-nat-switch.ps1

@@ -1,32 +1,40 @@
 # See: https://www.petri.com/using-nat-virtual-switch-hyper-v
 
-If ("NATSwitch" -in (Get-VMSwitch | Select-Object -ExpandProperty Name) -eq $FALSE) {
-    'Creating Internal-only switch named "NATSwitch" on Windows Hyper-V host...'
+$NATHostIP = "192.168.38.1"
+$NATNetPrefixLength = 24
+$NATNet = "192.168.38.0/$NATNetPrefixLength"
+$NATNetName = "NATNetwork"
+$NATSwitchName = "NATSwitch"
+$NATSwitchNameAlias = "vEthernet ($NATSwitchName)"
+
+# Check our NAT switch exists, create it and configure it if it doesn't.
+If ("$NATSwitchName" -in (Get-VMSwitch | Select-Object -ExpandProperty Name) -eq $FALSE) {
+    "Creating Internal-only switch named ""$NatSwitchName"" on Windows Hyper-V host..."
+
+    New-VMSwitch -SwitchName $NATSwitchName -SwitchType Internal
+    New-NetIPAddress -IPAddress $NATHostIP -PrefixLength $NATNetPrefixLength -InterfaceAlias $NATSwitchNameAlias
+    New-NetNAT -Name $NATNetName -InternalIPInterfaceAddressPrefix $NATNet
+
+} else {
+    """$NATSwitchName"" VM Switch on Hyper-V host for guest static IP configuration already exists; skipping..."
+}
 
-    New-VMSwitch -SwitchName "NATSwitch" -SwitchType Internal
+# Check that our Hyper-V host has the proper gateway address for the NAT Network.
+If (@(Get-NetIPAddress | Where-Object {$_.IPAddress -eq "$NATHostIP" -and $_.InterfaceAlias -eq "$NATSwitchNameAlias"}).Count -eq 1) {
+    "Registering new IP address $NATHostIP on Windows Hyper-V host..."
 
-    New-NetIPAddress -IPAddress 192.168.38.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"
+    New-NetIPAddress -IPAddress $NATHostIP -PrefixLength $NATNetPrefixLength -InterfaceAlias $NATSwitchNameAlias
 
-    New-NetNAT -Name "NATNetwork" -InternalIPInterfaceAddressPrefix 192.168.38.0/24
-}
-else {
-    '"NATSwitch" for static IP configuration already exists; skipping'
+} else {
+    """$NATHostIP"" Hyper-V host gateway address for guest static IP configuration already registered; skipping..."
 }
 
-If ("192.168.38.1" -in (Get-NetIPAddress | Select-Object -ExpandProperty IPAddress) -eq $FALSE) {
-    'Registering new IP address 192.168.38.1 on Windows Hyper-V host...'
-
-    New-NetIPAddress -IPAddress 192.168.38.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"
-}
-else {
-    '"192.168.38.1" for static IP configuration already registered; skipping'
-}
+# Check that our Hyper-V host has the proper NAT Network setup
+If ("$NATNet" -in (Get-NetNAT | Select-Object -ExpandProperty InternalIPInterfaceAddressPrefix) -eq $FALSE) {
+    "Registering new NAT adapter for $NATNet on Windows Hyper-V host..."
 
-If ("192.168.38.0/24" -in (Get-NetNAT | Select-Object -ExpandProperty InternalIPInterfaceAddressPrefix) -eq $FALSE) {
-    'Registering new NAT adapter for 192.168.38.0/24 on Windows Hyper-V host...'
+    New-NetNAT -Name $NATNetName -InternalIPInterfaceAddressPrefix $NATNet
 
-    New-NetNAT -Name "NATNetwork" -InternalIPInterfaceAddressPrefix 192.168.38.0/24
-}
-else {
-    '"192.168.38.0/24" for static IP configuration already registered; skipping'
+} else {
+    """$NATNet"" Hyper-V host NAT Network for guest static IP configuration already registered; skipping"
 }

README.md

@@ -6,9 +6,10 @@ DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to
 [![CircleCI](https://circleci.com/gh/clong/DetectionLab/tree/master.svg?style=shield)](https://circleci.com/gh/clong/DetectionLab/tree/master)
 ![Lint Code Base](https://github.com/clong/DetectionLab/workflows/Lint%20Code%20Base/badge.svg)
 [![license](https://img.shields.io/github/license/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/blob/master/license.md)
-![Maintenance](https://img.shields.io/maintenance/yes/2020.svg?style=flat-square)
+![Maintenance](https://img.shields.io/maintenance/yes/2021.svg?style=flat-square)
 [![GitHub last commit](https://img.shields.io/github/last-commit/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/commit/master)
 [![Twitter](https://img.shields.io/twitter/follow/DetectionLab.svg?style=social)](https://twitter.com/DetectionLab)
+[![Slack](https://img.shields.io/badge/Slack-DetectionLab-blue)](https://join.slack.com/t/cl0ng/shared_invite/zt-kjwgkldg-BqB1TyrUX0dSjDPe44tKRg)
 
 #### Donate to the project:
 
@@ -103,13 +104,13 @@ A sizable percentage of this code was borrowed and adapted from [Stefan Scherer]
 * [EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES)
 
 # DetectionLab Sponsors
-#### Lated updated: 9/16/2020
+#### Lated updated: 12/31/2020
 I would like to extend thanks to the following sponsors for funding DetectionLab development. If you are interested in becoming a sponsor, please visit the [sponsors page](https://github.com/sponsors/clong).
 
 ### Diamond Sponsors:
 * [Veramine](https://github.com/veramine)
 * [Thinkst](https://github.com/ThinkstAppliedResearch)
-* [csterner82](https://github.com/csterner82)
+* [kungskal](https://github.com/kungskal)
 * [swizzlez](https://github.com/swizzlez)
 * [CyDefUnicorn](https://github.com/CyDefUnicorn)
 * [olliencc](https://github.com/olliencc)
@@ -118,17 +119,18 @@ I would like to extend thanks to the following sponsors for funding DetectionLab
 * [mikeesparza](https://github.com/mikeesparza)
 * [dlee35](https://github.com/dlee35)
 * [chrissanders](https://github.com/chrissanders)
-* [punchdrunktux](https://github.com/punchdrunktux)
 * [jaredhaight](https://github.com/jaredhaight)
 * [iamfuntime](https://github.com/iamfuntime)
 * [Luct0r](https://github.com/Luct0r)
+* [zhuma549](https://github.com/zhuma549)
+* +1 private sponsor
 
 ### Standard Sponsors:
-* [dtonomy](https://github.com/dtonomy)
 * [braimee](https://github.com/braimee)
-* [iLoC0dez](https://github.com/iLoC0dez)
 * [defensivedepth](https://github.com/defensivedepth)
-* [elreydetoda](https://github.com/elreydetoda)
 * [kafkaesqu3](https://github.com/kafkaesqu3)
 * [anthonysecurity](https://github.com/anthonysecurity)
+* [ealaney](https://github.com/ealaney)
+* [elreydetoda](https://github.com/elreydetoda)
+* [DevBits1702](https://github.com/DevBits1702)
 * +2 private sponsors