Introducing: DanderSpritz_Lab

Build fully functional DanderSpritz Research and Test lab in 2 commands

Today I am releasing DanderSpritz lab — a personal project I’ve been working on for the last few weeks. My goal with releasing this lab is to make it easier for researchers to learn, test, and reverse engineer the Equation Group’s Post-Exploitation framework and tools.

DanderSpritz lab is a project that uses Packer, Vagrant, and PowerShell to install and configure a fully functional lab from just publically available Windows ISOs. The project borrows a lot of code from Chris Long’s DetectionLab and the work done by Stefan Scherer with Packer-Windows

The lab can be built and configured with as little as two commands (once you have the repo and Packer / Vagrant)

packer build danderspritz_lab.json

Once packer has finished downloading the ISOs, installing Windows on all 3 machines, and configuring them — run the following command:

vagrant up

I hope that the ease of setting up this lab encourages other security researchers and professionals to test DanderSpritz and reverse some of the many modules.

If you’re interested in the capabilities of this framework, watch my Derbycon talk about this toolset here: