From 0f46dfd017dbc224e363c87955ff6926f31c290d Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 31 Oct 2023 07:22:57 +0000 Subject: [PATCH] Add internal-monologue.vm Closes https://github.com/mandiant/VM-Packages/issues/592. --- .../internal-monologue.vm.nuspec | 12 ++++++++++++ .../tools/chocolateyinstall.ps1 | 10 ++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/internal-monologue.vm/internal-monologue.vm.nuspec create mode 100644 packages/internal-monologue.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/internal-monologue.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/internal-monologue.vm/internal-monologue.vm.nuspec b/packages/internal-monologue.vm/internal-monologue.vm.nuspec new file mode 100644 index 000000000..1ead2dba0 --- /dev/null +++ b/packages/internal-monologue.vm/internal-monologue.vm.nuspec @@ -0,0 +1,12 @@ + + + + internal-monologue.vm + 0.0.0.20240412 + eladshamir + Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS + + + + + diff --git a/packages/internal-monologue.vm/tools/chocolateyinstall.ps1 b/packages/internal-monologue.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3837c06ba --- /dev/null +++ b/packages/internal-monologue.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Internal-Monologue' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/eladshamir/Internal-Monologue/archive/4694611f78f211ca4a0381cd3daca1310ced4293.zip' +$zipSha256 = '262369744f1cbb468bb79e6c0a6b21aee3b18e20d2abea99b5dd0d12ea43325f' + +VM-Install-From-Zip $toolName $category $zipUrl $zipSha256 -withoutBinFile -innerFolder $true diff --git a/packages/internal-monologue.vm/tools/chocolateyuninstall.ps1 b/packages/internal-monologue.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..b51de72e1 --- /dev/null +++ b/packages/internal-monologue.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Internal-Monologue' +$category = 'Credential Access' + +VM-Uninstall $toolName $category