live malware samples from repo

modules/utilities/unix/live_malware_samples/live_malware_samples.pp

@@ -0,0 +1 @@
+include live_malware_samples::install

modules/utilities/unix/live_malware_samples/manifests/install.pp

@@ -0,0 +1,17 @@
+class live_malware_samples::install{
+  # Pip install triggers a 404, so just use git to grab the files
+  # without the python frontend
+  
+  # ensure_packages(['python-pip'], { ensure => 'present' })
+  # exec { 'git clone https://github.com/cliffe/theZoo.git':
+  #   cwd     => '/opt/',
+  #   creates => '/opt/theZoo',
+  #   path    => ['/usr/bin', '/usr/sbin',],
+  # } ->
+
+  exec { 'pip install --user -r requirements.txt':
+    cwd     => '/opt/theZoo',
+    path    => ['/usr/bin', '/usr/sbin',],
+  }
+
+}

modules/utilities/unix/live_malware_samples/secgen_metadata.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+
+<utility xmlns="http://www.github/cliffe/SecGen/utility"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
+  <name>Live malware samples (LIVE MALWARE!)</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>Apache v2</module_license>
+  <description>Installs a collection of live malware samples for analysis from theZoo malware repository.
+    This downloads the entire sample library via Git (large download).
+  </description>
+
+  <type>audit_tools</type>
+  <platform>linux</platform>
+
+  <requires>
+    <module_path>.*/git$</typemodule_path>
+  </requires>
+</utility>

modules/utilities/unix/version_control/git/manifests/install.pp

@@ -2,4 +2,4 @@ class git::install {
   package { 'git':
     ensure => installed,
   }
-}
+}

modules/utilities/unix/version_control/git/secgen_metadata.xml

@@ -15,12 +15,8 @@
   <reference>https://git-scm.com/</reference>
   <software_name>git</software_name>
 
-  <conflict>
-    <name>Stretch</name>
-  </conflict>
-
   <requires>
     <type>update</type>
   </requires>
 
-</utility>
+</utility>

scenarios/labs/software_and_malware_analysis/6_ghidra_with_live_malware_samples.xml

@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<name>Ghidra lab with LIVE MALWARE SAMPLES</name>
+	<author>Z. Cliffe Schreuders</author>
+  <description>You will find live malware samples in /opt/theZoo.
+	</description>
+
+  <type>lab-sheet</type>
+  <difficulty>intermediate</difficulty>
+
+  <system>
+    <system_name>metactf</system_name>
+    <base platform="linux" type="desktop" distro="Buster"/>
+
+    <utility module_path=".*/reversing_tools"/>
+		<utility module_path=".*/ghidra"/>
+
+    <utility module_path=".*/parameterised_accounts">
+      <input into="accounts" into_datastore="account">
+        <generator type="account">
+					<input into="username">
+						<generator type="random_sanitised_word">
+							<input into="wordlist">
+								<value>mythical_creatures</value>
+							</input>
+						</generator>
+					</input>
+					<input into="password">
+						<value>tiaspbiqe2r</value>
+					</input>
+					<input into="super_user">
+						<value>false</value>
+					</input>
+        </generator>
+      </input>
+    </utility>
+
+
+		<utility module_path=".*/kde_minimal">
+			<input into="autologin_user">
+				<datastore access="0" access_json="['username']">account</datastore>
+			</input>
+			<input into="accounts">
+				<datastore>account</datastore>
+			</input>
+			<input into="autostart_konsole">
+				<value>true</value>
+			</input>
+		</utility>
+		<utility module_path=".*/handy_cli_tools"/>
+		<utility module_path=".*/hash_tools"/>
+
+		<utility module_path=".*/live_malware_samples"/>
+
+    <network type="private_network" range="dhcp"/>
+  </system>
+
+</scenario>