GETTING STARTED WITH THREATPURSUIT VM
ThreatPursuit Virtual Machine (VM) is a fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly. The threat intelligence analyst role is a subset and specialized member of the blue team. Individuals in this role generally have a strong impetus for knowing the threat environment. Often their traits, skills, and experiences will vary depending on training and subject matter expertise.
With this virtual machine distribution, you can:
- Conduct hunting activities or missions
- Create adversarial playbooks using evidence-based knowledge
- Develop and apply a range of analytical products amongst datasets
- Perform analytical pivoting across forensic artifacts and elements
- Emulate advanced offensive security tradecraft
- Enable situational awareness through intelligence sharing and reporting
- Applied data science techniques & visualize clusters of symbolic data
- Leverage open intelligence sources to provide unique insights for defense and offense
HOW TO INSTALL
- Create and configure a new Windows Virtual Machine here- Windows 10 or Windows 11.
If you have adequate processing power and disk space on your system, I will recommend getting a Windows 11 Development Enterprise (Evaluation). I prefer it to others because you’ll get extra perks such as:
- Visual Studio Community Edition with UWP, .NET Desktop, Azure, and Windows App SDK for C# workloads enabled
- Windows Subsystem for Linux enabled with Ubuntu installed
- Developer mode enabled
- Windows Terminal installed
2. Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain.
3. Install your specific VM guest tools (e.g., VMware Tools) to allow additional features such as copy/paste and screen resizing.
4. Take a snapshot of your machine!
5. Download ThreatPursuit-VM-master here
6. Open PowerShell as an Administrator
7. Change your working directory and locate the install.ps1
8. Unblock the install file by running Unblock-File .\install.ps1
9. Enable script execution by running Set-ExecutionPolicy Unrestricted -f
10. Finally, execute the installer script as follows: .\install.ps1
11. You can also pass your password as an argument (Press Enter to skip):
12 . You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.
REFERENCE
