Initial upload

app/www_release/css/style.css

@@ -0,0 +1,4 @@
+body {
+    background-color: black;
+    color: green;
+}

app/www_release/index.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>My App</title>
+
+    <link rel="stylesheet" href="css/style.css">
+
+    <script async type="text/javascript" src="js/script.js"></script>
+</head>
+<body>
+    <h1 id="myText"></h1>
+</body>
+</html>

app/www_release/js/script.js

@@ -0,0 +1,4 @@
+var d = new Date();
+var date = d.getMonth() + "/" + d.getDay() + "/" +d.getFullYear();
+var todayString = "Today is " + date + "\n";
+window.document.getElementById("myText").innerText = todayString.repeat(10);

app/wwwroot/css/style.css

@@ -0,0 +1,4 @@
+body {
+    background-color: black;
+    color: green;
+}

app/wwwroot/index.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>My App</title>
+
+    <link rel="stylesheet" href="css/style.css">
+
+    <script async type="text/javascript" src="js/script.js"></script>
+</head>
+<body>
+    <h1 id="myText"></h1>
+</body>
+</html>

app/wwwroot/js/script.js

@@ -0,0 +1,4 @@
+var d = new Date();
+var date = d.getMonth() + "/" + d.getDay() + "/" +d.getFullYear();
+var todayString = "Today is " + date + "\n";
+window.document.getElementById("myText").innerText = todayString.repeat(10);

files/script/dirChecker.ps1

@@ -0,0 +1,63 @@
+<#
+.SYNOPSIS
+Find new or changed files in a directory compared to a known-good image.
+
+.DESCRIPTION
+The script looks for file changes/additions between a production directory (target) with a known-good directory.
+
+.PARAMETER knownGood
+Path of the known-good directory.
+
+.PARAMETER productionImage
+Path of the production directory (target).
+
+.INPUTS
+System.String
+
+.OUTPUTS
+System.String
+
+.EXAMPLE
+.\dirChecker.ps1 -knownGood <PATH> -productionImage <PATH>
+.\dirChecker.ps1 -knownGood .\knownGoodDir\ -productionImage .\targetDir\
+.\dirChecker.ps1 -knownGood "D:\release3.0" -productionImage "C:\inetpub\wwwroot"
+
+-- Input --
+.\dirChecker.ps1 -knownGood "D:\Users\<user>\Documents\knownGoodDir" -productionImage "C:\Users\<user>\Documents\targetDir"
+
+-- Output --
+File analysis started.
+Any file listed below is a new or changed file.
+
+C:\Users\<user>\Documents\targetDir\index.html
+C:\Users\<user>\Documents\targetDir\research.docx
+C:\Users\<user>\Documents\targetDir\inventory.csv
+C:\Users\<user>\Documents\targetDir\contactus.js
+
+File analysis completed.
+
+.LINK
+https://github.com/nsacyber/Mitigating-Web-Shells
+#>
+
+<#
+#
+# Execution begins.
+#
+#>
+param (
+    [Parameter(Mandatory=$TRUE)][ValidateScript({Test-Path $_ -PathType 'Container'})][String] $knownGood,
+    [Parameter(Mandatory=$TRUE)][ValidateScript({Test-Path $_ -PathType 'Container'})][String] $productionImage
+)
+
+# Recursively get all files in both directories, for each file calculate hash.
+$good = Get-ChildItem -Force -Recurse -Path $knownGood | ForEach-Object { Get-FileHash -Path $_.FullName }
+$prod = Get-ChildItem -Force -Recurse -Path $productionImage | ForEach-Object { Get-FileHash -Path $_.FullName }
+
+Write-Host "File analysis started."
+Write-Host "Any file listed below is a new or changed file.`n"
+
+# Compare files hashes, select new or changed files, and print the path+filename.
+(Compare-Object $good $prod -Property hash -PassThru | Where-Object{$_.SideIndicator -eq '=>'}).Path
+
+Write-Host "`nFile analysis completed."

labs/lab_01/lab_01_instructions.md

@@ -0,0 +1,28 @@
+# Integrity Lab - Lab01
+
+## Definition of Integrity
+
+> *Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed.* [^1]
+
+> *In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of consistency as understood in the classic ACID model of transaction processing. Information security systems typically provide message integrity alongside confidentiality.* [^2]
+
+## What is Power Shell
+
+> *PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes.*
+>
+> *PowerShell commands let you manage computers from the command line. PowerShell providers let you access data stores, such as the registry and certificate store, as easily as you access the file system. PowerShell includes a rich expression parser and a fully developed scripting language.* [^3]
+
+## Preparation
+
+Download and unzip the integrity_lab.zip archive into your **Documents** folder.
+
+If you don’t have the zip file you can directly download the individual required documents here:
+
+The www_release folder will be used as your golden image; this concept will be explained later.
+
+
+### Footnotes
+
+[^1]: [What is the CIA Triad?](https://www.forcepoint.com/cyber-edu/cia-triad)
+[^2]: [Information Security](https://en.wikipedia.org/wiki/Information_security#Integrity)
+[^3]: [What is PowerShell?](https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7)