Skip to content

Commit

Permalink
Create README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
giMini authored Jul 27, 2017
1 parent c979561 commit 3ebce18
Showing 1 changed file with 69 additions and 0 deletions.
69 changes: 69 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# NOAH

NOAH is an agentless open source Incident Response framework based on PowerShell, called "No Agent Hunting" (NOAH), to help security investigation responders to gather a vast number of key artifacts without installing any agent on the endpoints saving precious time.

## Getting Started

Clone the repository or download the files from the project on a Windows computer.

### Prerequisites

1) Windows computer with PowerShell installed
2) MSSQL express edition (https://www.microsoft.com/en-us/sql-server/sql-server-editions-express)
3) WAMP (http://www.wampserver.com/en/), or LAMP if you want to install the web interface of NOAH on a Linux machine

## Installing the Database

1) On the Windows computer, install MSSQL
2) Run the Database generation scripts:
* NOAH_generation.sql
* Generate_WhiteList.sql
* Generate_VT.sql
3) Create the NOAHAdmin user and give it access to the NOAH database
4) Create the following files for the database access:
* secureKeyDatabase.key
* autoPasswordDatabase.txt
You can use the following PowerShell script to:

```
$KeyFile = "C:\temp\PoshPortal\Keys\secureKey.key"
$Key = New-Object Byte[] 32 # AES encryption only supports 128-bit (16 bytes), 192-bit (24 bytes) or 256-bit key (32 bytes)
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file $KeyFile
$PasswordFile = "C:\temp\PoshPortal\Keys\autoPasswordDatabase.txt"
$KeyFile = "C:\temp\PoshPortal\Keys\secureKeyDatabase.key"
$Key = Get-Content $KeyFile
$Password = "Spring2018" | ConvertTo-SecureString -AsPlainText -Force
$Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile
```

## Installing the BackEnd

Copy the "BackEnd" folder on the Windows computer that has Windows PowerShell v4 installed.

Configure the following variable at lines 198 and 354. You can use the same script than above:
$UserName = 'Powned\Administrator'
$user = "POWNED\Administrator"
$passwordFile = "C:\temp\PoshPortal\Keys\autoPassword.txt"
$keyFile = "C:\temp\PoshPortal\Keys\secureKey.key"


## Author

* **Pierre-Alexandre Braeken**

## License

This project is licensed under the BSD 3-clause License - see the [LICENSE](LICENSE) file for details

## Acknowledgments

* Adam Podgorski, co-presenter at BlackHat Arsenal USA 2017
* Mark Russinovitch
* Eric Zimmerman
* Nir Sofer
* Shay Levy
* CookieMonster
* David Howell
* Boe Prox

0 comments on commit 3ebce18

Please sign in to comment.