Boxstarter
Author: l | 2025-04-23
r/boxstarter: Unofficial Boxstarter Subreddit. Boxstarter is build on top of chocolatey, the windows package manager, and enables you to fully Boxstarter version 3.0 marks the beginning of a new era of Boxstarter and Chocolatey. Join Gary and Manfred as they unbox the best features of Boxstarter liv
Orcomp/Boxstarter: Boxstarter scripts - GitHub
New-MachineThis repo contains several small PowerShell scripts that utilize Chocolatey and BoxStarter to setup new machines to my preferences. I've found golden images to go out of date extremely quickly, to the point of making it pointless. These scripts help grab the latest versions of many of my daily use applications, so that I can hit the ground running on new machines.Important Note!This is mostly crafted based on my own use cases and work that I do. I built but no longer use the Windows 10 images, so they may not work as expected anymore. My current preferred working image is Windows Server 2022.Creating a Bootable USBUse Rufus -- I had a PowerShell script but it failed a few times. Use the tools!Building an ImageThe Windows-2022.json Packer file references a copy of the Windows Server 2022 ISO. I grabbed it off of MSDN and put it into the same folder -- ideally, it would download this from a public source before building.You can build the image via:packer build windows-2022.jsonVagrant InfoMost of my builds now target Hyper-V as my hypervisor of choice, but should generally still work with VirtualBox or another target. Check out Packer Post-Processors for modifying for other targets [ on OS, follow instructions at vagrantup.com for installing + VirtualBox.Windows via Chocolatey:choco install virtualboxchoco install vagrantvagrant box add {url} --name {name}vagrant init {name}The folder that you run initialize from, or that contains the vagrantfile that you use, will be imported into the Virtual Machine and available at c:\vagrant. Do note that I've noticed issues running IIS or Visual Studio from code in this folder.You can modify the Vagrantfile generated during vagrant init to modify VM settings, such as the amount of RAM allocated (defaults to 8gigs) or more CPUs: config.vm.provider :virtualbox do |v, override| v.gui = false v.memory = 8192 v.cpus = 2 endvagrant upvagrant powershell (from Windows)vagrant RDP -- Doesn't seem to work on OS-X reliably, use Remote Desktop client and point it to localhost with the allocated port.You can also open your Remote Desktop client of choice and point it to localhost:4000 (we remapped the RDP port
RobCannon/boxstarter: My boxstarter - GitHub
To provide unique insights for defense and offenseAkin to both FLARE-VM and Commando VM, ThreatPursuit VM uses Boxstarter, Chocolatey and MyGet packages to install software that facilitates the many aspects related to roles performed by analysts. The tools installed provide easy access to a broad range of tooling, including, but not limited to, threat analytics, statistics, visualisation, threat hunting, malware triage, adversarial emulation, and threat modelling. Here are some of the tools, but there are many more:MISPOpenCTIElasticsearch, Kibana, LogstashSplunkThreat Hunter PlaybookCSIRO Data61 ConstellationMaltegoRStudioMITRE CALDERAJupyter NotebookPythonSilkETWFor a full list of tools, please visit our GitHub repository.InstallationSimilar to FLARE-VM and Commando VM, it's recommended to install ThreatPursuit VM in a virtual machine. The following is an overview of the minimal and recommended installation requirements.RequirementsWindows 10 1903 or greater60 GB Hard Drive4 GB RAMRecommendedWindows 10 190380+ GB Hard Drive6+ GB RAM1 network adapterOpenGL Graphics Card 1024mbEnable Virtualization support for VMRequired for Docker (MISP, OpenCTI)Standard InstallThe easiest way to install ThreatPursuit VM is to use the following steps. This will install all the default tools and get you finding evil in no time!Create and configure a new Windows 10 VM with the aforementioned requirements.Ensure VM is updated completely. You may need to check for updates, reboot and check again until no more remain.Install your specific VM guest tools (e.g., VMware Tools) to allow additional features such as copy/paste and screen resizing.Take a snapshot of your machine! This allows you to always have a clean state.Download and copy install.ps1 to your newly configured VM.Open PowerShell as an administrator.Next, unblock the install file by running: Unblock-File .\install.ps1, as seen in Figure 1.Figure 1: Unblock-File installation scriptEnable script execution by running: Set-ExecutionPolicy Unrestricted -f , as seen in Figure 2.Figure 2: Set-ExecutionPolicy Unrestricted -f scriptFinally, execute the installer script as follows: .\install.ps1After executing install.ps1, you’ll be prompted for the administrator password in order to automate host restarts during installation as several reboots occur. Optionally, you may pass your password as a command-line argument via ".\install.ps1 -password ". If you do not have a password set, hitting enter when prompted will also work.This will be the last thingJonCubed/boxstarter: BoxStarter box scripts - GitHub
. r/boxstarter: Unofficial Boxstarter Subreddit. Boxstarter is build on top of chocolatey, the windows package manager, and enables you to fullyGitHub - gennesseaux/boxstarter: Boxstarter setup scripts
You will need to do before the installation is unattended. The script will set up the Boxstarter environment and proceed to download and install the ThreatPursuit VM environment, as seen in Figure 3.Figure 3: Installation script executionThe installation process may take upwards of several hours depending on your internet connection speed and the web servers hosting the various files. Figure 4 shows the post-installation desktop environment, featuring the logo and a desktop shortcut. You will know when the install is finished with the VM's logo placed on the background.Figure 4: ThreatPursuit VM desktop installedCustom InstallIs the standard installation too much for you? We provide a custom installation method that allows you to choose which chocolatey packages get installed. For additional details, see the Custom Install steps at our GitHub repository.Installing Additional PackagesSince ThreatPursuit VM uses the Chocolatey Windows package manager, it's easy to install additional packages not included by default. For example, entering the command cinst github as administrator installs GitHub Desktop on your system.To update all currently installed packages to their most recent versions, run the command cup all as administrator.Getting Started: A Use CaseAs threat analysts, what we choose to pursue will depend on the priorities and requirements of our current role. Often, they vary with each threat or adversary encountered such as financial crime, espionage, issue-motivated groups or individuals. The role broadly encompasses the collection and analysis of threat data (e.g., malware, indicators of attack/compromise) with the goal of triaging the data and developing actionable intelligence. For example, one may want to produce detection signatures based on malware network communications to classify, share or disseminate indicators of compromise (IOCs) in standardized ways. We may also use these IOCs in order to develop and apply analytical products that establish clusters of analogous nodes such as MITRE ATT&CK tactics and techniques, or APT groups. On the other hand, our goal can be as simple as triaging a malware sample behavior, hunting for indicators, or proving or disproving a hypothesis. Let's look at how we might start.Open HuntingTo start our use case, let’s say we are interested in reviewing latestGitHub - gennesseaux/boxstarter: Boxstarter setup scripts / All
GitHub - bcowdery/boxstarter: Boxstarter scripts for setting up
boxstarter/devbox-boxstarter.ps1 at main cxiao/boxstarter - GitHub
. r/boxstarter: Unofficial Boxstarter Subreddit. Boxstarter is build on top of chocolatey, the windows package manager, and enables you to fully
Run With A Gist - Boxstarter
Use Chocolatey and Boxstarter to
. r/boxstarter: Unofficial Boxstarter Subreddit. Boxstarter is build on top of chocolatey, the windows package manager, and enables you to fullyThe-Running-Dev/BoxStarter: A Windows Dev PC BoxStarter repository - GitHub
Comments
New-MachineThis repo contains several small PowerShell scripts that utilize Chocolatey and BoxStarter to setup new machines to my preferences. I've found golden images to go out of date extremely quickly, to the point of making it pointless. These scripts help grab the latest versions of many of my daily use applications, so that I can hit the ground running on new machines.Important Note!This is mostly crafted based on my own use cases and work that I do. I built but no longer use the Windows 10 images, so they may not work as expected anymore. My current preferred working image is Windows Server 2022.Creating a Bootable USBUse Rufus -- I had a PowerShell script but it failed a few times. Use the tools!Building an ImageThe Windows-2022.json Packer file references a copy of the Windows Server 2022 ISO. I grabbed it off of MSDN and put it into the same folder -- ideally, it would download this from a public source before building.You can build the image via:packer build windows-2022.jsonVagrant InfoMost of my builds now target Hyper-V as my hypervisor of choice, but should generally still work with VirtualBox or another target. Check out Packer Post-Processors for modifying for other targets [ on OS, follow instructions at vagrantup.com for installing + VirtualBox.Windows via Chocolatey:choco install virtualboxchoco install vagrantvagrant box add {url} --name {name}vagrant init {name}The folder that you run initialize from, or that contains the vagrantfile that you use, will be imported into the Virtual Machine and available at c:\vagrant. Do note that I've noticed issues running IIS or Visual Studio from code in this folder.You can modify the Vagrantfile generated during vagrant init to modify VM settings, such as the amount of RAM allocated (defaults to 8gigs) or more CPUs: config.vm.provider :virtualbox do |v, override| v.gui = false v.memory = 8192 v.cpus = 2 endvagrant upvagrant powershell (from Windows)vagrant RDP -- Doesn't seem to work on OS-X reliably, use Remote Desktop client and point it to localhost with the allocated port.You can also open your Remote Desktop client of choice and point it to localhost:4000 (we remapped the RDP port
2025-04-06To provide unique insights for defense and offenseAkin to both FLARE-VM and Commando VM, ThreatPursuit VM uses Boxstarter, Chocolatey and MyGet packages to install software that facilitates the many aspects related to roles performed by analysts. The tools installed provide easy access to a broad range of tooling, including, but not limited to, threat analytics, statistics, visualisation, threat hunting, malware triage, adversarial emulation, and threat modelling. Here are some of the tools, but there are many more:MISPOpenCTIElasticsearch, Kibana, LogstashSplunkThreat Hunter PlaybookCSIRO Data61 ConstellationMaltegoRStudioMITRE CALDERAJupyter NotebookPythonSilkETWFor a full list of tools, please visit our GitHub repository.InstallationSimilar to FLARE-VM and Commando VM, it's recommended to install ThreatPursuit VM in a virtual machine. The following is an overview of the minimal and recommended installation requirements.RequirementsWindows 10 1903 or greater60 GB Hard Drive4 GB RAMRecommendedWindows 10 190380+ GB Hard Drive6+ GB RAM1 network adapterOpenGL Graphics Card 1024mbEnable Virtualization support for VMRequired for Docker (MISP, OpenCTI)Standard InstallThe easiest way to install ThreatPursuit VM is to use the following steps. This will install all the default tools and get you finding evil in no time!Create and configure a new Windows 10 VM with the aforementioned requirements.Ensure VM is updated completely. You may need to check for updates, reboot and check again until no more remain.Install your specific VM guest tools (e.g., VMware Tools) to allow additional features such as copy/paste and screen resizing.Take a snapshot of your machine! This allows you to always have a clean state.Download and copy install.ps1 to your newly configured VM.Open PowerShell as an administrator.Next, unblock the install file by running: Unblock-File .\install.ps1, as seen in Figure 1.Figure 1: Unblock-File installation scriptEnable script execution by running: Set-ExecutionPolicy Unrestricted -f , as seen in Figure 2.Figure 2: Set-ExecutionPolicy Unrestricted -f scriptFinally, execute the installer script as follows: .\install.ps1After executing install.ps1, you’ll be prompted for the administrator password in order to automate host restarts during installation as several reboots occur. Optionally, you may pass your password as a command-line argument via ".\install.ps1 -password ". If you do not have a password set, hitting enter when prompted will also work.This will be the last thing
2025-04-11You will need to do before the installation is unattended. The script will set up the Boxstarter environment and proceed to download and install the ThreatPursuit VM environment, as seen in Figure 3.Figure 3: Installation script executionThe installation process may take upwards of several hours depending on your internet connection speed and the web servers hosting the various files. Figure 4 shows the post-installation desktop environment, featuring the logo and a desktop shortcut. You will know when the install is finished with the VM's logo placed on the background.Figure 4: ThreatPursuit VM desktop installedCustom InstallIs the standard installation too much for you? We provide a custom installation method that allows you to choose which chocolatey packages get installed. For additional details, see the Custom Install steps at our GitHub repository.Installing Additional PackagesSince ThreatPursuit VM uses the Chocolatey Windows package manager, it's easy to install additional packages not included by default. For example, entering the command cinst github as administrator installs GitHub Desktop on your system.To update all currently installed packages to their most recent versions, run the command cup all as administrator.Getting Started: A Use CaseAs threat analysts, what we choose to pursue will depend on the priorities and requirements of our current role. Often, they vary with each threat or adversary encountered such as financial crime, espionage, issue-motivated groups or individuals. The role broadly encompasses the collection and analysis of threat data (e.g., malware, indicators of attack/compromise) with the goal of triaging the data and developing actionable intelligence. For example, one may want to produce detection signatures based on malware network communications to classify, share or disseminate indicators of compromise (IOCs) in standardized ways. We may also use these IOCs in order to develop and apply analytical products that establish clusters of analogous nodes such as MITRE ATT&CK tactics and techniques, or APT groups. On the other hand, our goal can be as simple as triaging a malware sample behavior, hunting for indicators, or proving or disproving a hypothesis. Let's look at how we might start.Open HuntingTo start our use case, let’s say we are interested in reviewing latest
2025-04-09