Add basic event generator and 2022 CI

pgcrooks-sysdig · pgcrooks-sysdig · commit dd48d2b0b8c3 · 2024-05-15T08:50:36.000Z
diff --git a/.github/workflows/ci.yml/ci.yml b/.github/workflows/ci.yml/ci.yml
@@ -0,0 +1,21 @@
+name: ci-build
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build-image:
+    runs-on: windows-2022
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build Image
+        shell: bash
+        env:
+          GITHUB_HEAD_REF: ${{ github.head_ref }}
+        run: |
+          export IMAGE_TAG=$(echo "${GITHUB_HEAD_REF}" | sed "s/\//-/g")-2022
+          echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
+          docker build -t windows-event-gen:${IMAGE_TAG} .
diff --git a/Dockerfile.2022 b/Dockerfile.2022
@@ -0,0 +1,9 @@
+FROM mcr.microsoft.com/powershell:7.4-windowsservercore-ltsc2022
+
+LABEL maintainer="Paul Crooks <paul.crooks@sysdig.com>"
+
+RUN mkdir EventGen
+
+COPY Entrypoint.ps1 EventGen/
+
+ENTRYPOINT ["powershell", "C:/EventGen/Entrypoint.ps1"]
diff --git a/Entrypoint.ps1 b/Entrypoint.ps1
@@ -0,0 +1,48 @@
+Write-Host "Windows Event Generator"
+
+function LogIfNotEmpty() {
+    param (
+        $logFile
+    )
+    $fileSize = (Get-Item -Path $logFile).Length
+    if ($fileSize -ne 0) {
+        Write-Host "START $logFile"
+        Get-Content $logFile
+        Write-Host "END $logFile"
+    }
+}
+
+$eventList = @(
+    [PSCustomObject]@{name = "SAM Read"; cmd="esentutl.exe"; args="/y /vss %SystemRoot%/system32/config/SAM_ps /d %temp%/SAM_ps"}
+    [PSCustomObject]@{name = "Clear Windows Event Log"; cmd="powershell"; args="Clear-EventLog -LogName System"}
+    [PSCustomObject]@{name = "Encoded Powershell Execution"; cmd="powershell"; args="-enc bABzAA=="}
+    [PSCustomObject]@{name = "Enumerate Logged-on Users"; cmd="powershell"; args="query user"}
+)
+
+$stdoutFile = "Output.txt"
+$stderrFile = "Error.txt"
+
+while ($true) {
+    foreach ( $event in $eventList ) {
+        Write-Host "Running" $event.name
+
+        $processOptions = @{
+            ArgumentList = $event.args
+            FilePath = $event.cmd
+            NoNewWindow = $true
+            RedirectStandardOutput = $stdoutFile
+            RedirectStandardError = $stderrFile
+        }
+        Start-Process @processOptions
+
+        LogIfNotEmpty($stdoutFile)
+        LogIfNotEmpty($stderrFile)
+
+        Start-Sleep 10
+
+        Remove-Item Output.txt
+        Remove-Item Error.txt
+
+        Write-Host "**********************************************"
+    }
+}
diff --git a/README.md b/README.md
@@ -1 +1,16 @@
-# windows-event-generator
+# Windows Event Generator
+
+Very basic Event Generator for Windows. This is intended only for Agent developers to make some event noise.
+
+## Versions
+- Windows Server 2022
+
+## Build
+```powershell
+PS > docker build -t win-event-gen:latest-2022 -f .\Dockerfile.2022 .
+```
+
+## Run
+```powershell
+PS > docker run -t --rm win-event-gen:latest-2022
+```
