From eb545b35f11dc33eaf656a0a6bff0d238efef3ff Mon Sep 17 00:00:00 2001
From: Ramon Benitez-Pagan <ramon.benitez1@upr.edu>
Date: Wed, 19 Aug 2020 11:46:50 -0400
Subject: [PATCH] Initial upload

---
 app/www_release/css/style.css      |   4 ++
 app/www_release/index.html         |  16 ++++++++
 app/www_release/js/script.js       |   4 ++
 app/wwwroot/css/style.css          |   4 ++
 app/wwwroot/index.html             |  16 ++++++++
 app/wwwroot/js/script.js           |   4 ++
 files/script/dirChecker.ps1        |  63 +++++++++++++++++++++++++++++
 files/zip/integrity_lab.zip        | Bin 0 -> 2068 bytes
 labs/lab_01/lab_01_instructions.md |  28 +++++++++++++
 9 files changed, 139 insertions(+)
 create mode 100644 app/www_release/css/style.css
 create mode 100644 app/www_release/index.html
 create mode 100644 app/www_release/js/script.js
 create mode 100644 app/wwwroot/css/style.css
 create mode 100644 app/wwwroot/index.html
 create mode 100644 app/wwwroot/js/script.js
 create mode 100644 files/script/dirChecker.ps1
 create mode 100644 files/zip/integrity_lab.zip
 create mode 100644 labs/lab_01/lab_01_instructions.md

diff --git a/app/www_release/css/style.css b/app/www_release/css/style.css
new file mode 100644
index 0000000..a232d7b
--- /dev/null
+++ b/app/www_release/css/style.css
@@ -0,0 +1,4 @@
+body {
+    background-color: black;
+    color: green;
+}
\ No newline at end of file
diff --git a/app/www_release/index.html b/app/www_release/index.html
new file mode 100644
index 0000000..7d836fd
--- /dev/null
+++ b/app/www_release/index.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>My App</title>
+
+    <link rel="stylesheet" href="css/style.css">
+
+    <script async type="text/javascript" src="js/script.js"></script>
+</head>
+<body>
+    <h1 id="myText"></h1>
+</body>
+</html>
\ No newline at end of file
diff --git a/app/www_release/js/script.js b/app/www_release/js/script.js
new file mode 100644
index 0000000..f00eb3e
--- /dev/null
+++ b/app/www_release/js/script.js
@@ -0,0 +1,4 @@
+var d = new Date();
+var date = d.getMonth() + "/" + d.getDay() + "/" +d.getFullYear();
+var todayString = "Today is " + date + "\n";
+window.document.getElementById("myText").innerText = todayString.repeat(10);
\ No newline at end of file
diff --git a/app/wwwroot/css/style.css b/app/wwwroot/css/style.css
new file mode 100644
index 0000000..a232d7b
--- /dev/null
+++ b/app/wwwroot/css/style.css
@@ -0,0 +1,4 @@
+body {
+    background-color: black;
+    color: green;
+}
\ No newline at end of file
diff --git a/app/wwwroot/index.html b/app/wwwroot/index.html
new file mode 100644
index 0000000..7d836fd
--- /dev/null
+++ b/app/wwwroot/index.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>My App</title>
+
+    <link rel="stylesheet" href="css/style.css">
+
+    <script async type="text/javascript" src="js/script.js"></script>
+</head>
+<body>
+    <h1 id="myText"></h1>
+</body>
+</html>
\ No newline at end of file
diff --git a/app/wwwroot/js/script.js b/app/wwwroot/js/script.js
new file mode 100644
index 0000000..f00eb3e
--- /dev/null
+++ b/app/wwwroot/js/script.js
@@ -0,0 +1,4 @@
+var d = new Date();
+var date = d.getMonth() + "/" + d.getDay() + "/" +d.getFullYear();
+var todayString = "Today is " + date + "\n";
+window.document.getElementById("myText").innerText = todayString.repeat(10);
\ No newline at end of file
diff --git a/files/script/dirChecker.ps1 b/files/script/dirChecker.ps1
new file mode 100644
index 0000000..86509da
--- /dev/null
+++ b/files/script/dirChecker.ps1
@@ -0,0 +1,63 @@
+<#
+.SYNOPSIS
+Find new or changed files in a directory compared to a known-good image.
+
+.DESCRIPTION
+The script looks for file changes/additions between a production directory (target) with a known-good directory.
+
+.PARAMETER knownGood
+Path of the known-good directory.
+
+.PARAMETER productionImage
+Path of the production directory (target).
+
+.INPUTS
+System.String
+
+.OUTPUTS
+System.String
+
+.EXAMPLE
+.\dirChecker.ps1 -knownGood <PATH> -productionImage <PATH>
+.\dirChecker.ps1 -knownGood .\knownGoodDir\ -productionImage .\targetDir\
+.\dirChecker.ps1 -knownGood "D:\release3.0" -productionImage "C:\inetpub\wwwroot"
+
+-- Input --
+.\dirChecker.ps1 -knownGood "D:\Users\<user>\Documents\knownGoodDir" -productionImage "C:\Users\<user>\Documents\targetDir"
+
+-- Output --
+File analysis started.
+Any file listed below is a new or changed file.
+
+C:\Users\<user>\Documents\targetDir\index.html
+C:\Users\<user>\Documents\targetDir\research.docx
+C:\Users\<user>\Documents\targetDir\inventory.csv
+C:\Users\<user>\Documents\targetDir\contactus.js
+
+File analysis completed.
+
+.LINK
+https://github.com/nsacyber/Mitigating-Web-Shells
+#>
+
+<#
+#
+# Execution begins.
+#
+#>
+param (
+    [Parameter(Mandatory=$TRUE)][ValidateScript({Test-Path $_ -PathType 'Container'})][String] $knownGood,
+    [Parameter(Mandatory=$TRUE)][ValidateScript({Test-Path $_ -PathType 'Container'})][String] $productionImage
+)
+
+# Recursively get all files in both directories, for each file calculate hash.
+$good = Get-ChildItem -Force -Recurse -Path $knownGood | ForEach-Object { Get-FileHash -Path $_.FullName }
+$prod = Get-ChildItem -Force -Recurse -Path $productionImage | ForEach-Object { Get-FileHash -Path $_.FullName }
+
+Write-Host "File analysis started."
+Write-Host "Any file listed below is a new or changed file.`n"
+
+# Compare files hashes, select new or changed files, and print the path+filename.
+(Compare-Object $good $prod -Property hash -PassThru | Where-Object{$_.SideIndicator -eq '=>'}).Path
+
+Write-Host "`nFile analysis completed."
diff --git a/files/zip/integrity_lab.zip b/files/zip/integrity_lab.zip
new file mode 100644
index 0000000000000000000000000000000000000000..5c1781aa17d6bc73261f7e86e323e89b65dee3ca
GIT binary patch
literal 2068
zcmWIWW@Zs#00F56p+GPLN(cby^78WdqSTz!#Nt%_<l<ue0H|sXhJ%YE0#?kJa6%ub
z$_j`jv8XOCsmw{$1M2fW<-amy#j~eD3{6XpJbCkF(Vt6uMD9NMGv|+zcIy(E1rtnN
z#I&ZwO_?=|U1Sw21F9`@kIc`pGBPkM0%9>VTQc)fQY-W_N^)~T1FiiJ8wlLf{%SvC
zwx^R>+m4{n1ZRUKLOtt>uZYVWzv1rn&(=>$?rYJ%chxUy)~$Otuk7pV&wCB-+&o(q
z>KhvIv`^^5!8?vumuOvDX_cb7B~Vex`^I(to4PRtex(|T3N}CO3^?vuyG`Gso^|5{
z8~ddhXCFjOP*zLbyke?r<TLZ>k!?5Ae|+?8Zke95|7=<9bJ5EOAMH<Y>O3o0zt$(G
z@UunN+V7!-Zm+L8MHRhQS};|ha*G6SlGG)Zn#l{2b)MzT%lq)W(`rKc!bdN*Jh-_0
zyJ217#Z``TEd>lSICDRpx5%HoKkC4iLrFIiOJB_Xm>v+!m8DXWJol2?Ud{Bki##iS
zP0EJ_9A;$lqXk?Ra$Gvb3J0=T@hzGTRCF1LB`_5iCl_TFl;~v@`}P=eA2JYVEkF3b
zAjL~y(Yd3ps~$W^5kIIpV=>#U?jzaR|MpJjdsVdO`^R_Eu}u8d3Ud~e_1p?MeKcZ$
z$isWvPCWPcbAc^v!8NaUJlWIhGt`bRe7)|)rRxVT?yh+#vO;ufmRIYCrkjC(KGiC#
zzSf-3Kl$rNyDuIwIqiJjcb-qazUn;hzDP;w4uh#WhwS(I{%|>7wcGG2JHqE-K+gc(
z4+lIz7BCqX<>!~6C1H?C<RmPLrjqjH3$g(@`3fP~Fq(96Bwh3f<VFfKlw=E1h@5Oe
z#TYE6feHtIl4WEPVZdGX0(}Dnpi&qFFiT>XZtP_-NDm`}0+7@LVszc`q#fXmY7BB}
z1r@d+05N6?kcDgvBK;!Fz+Ucv4FP-PEU*YiHUk`;2nS#*hY$|<g{c`H#mG)TPd}gn
z00KZ^d7KIC1f=2sVLwPGdVv7a2?>CYXgaZmA;<{iFa+gz5P%pF%#5%cd-$O{9+dbY
q0Oa@%7KDDZumfpC&kP`q5Q{gWYD5Y*RyL3-E+A|H`mc%=!~*~xwZUot

literal 0
HcmV?d00001

diff --git a/labs/lab_01/lab_01_instructions.md b/labs/lab_01/lab_01_instructions.md
new file mode 100644
index 0000000..615d56c
--- /dev/null
+++ b/labs/lab_01/lab_01_instructions.md
@@ -0,0 +1,28 @@
+# Integrity Lab - Lab01
+
+## Definition of Integrity
+
+> *Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed.* [^1]
+
+> *In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of consistency as understood in the classic ACID model of transaction processing. Information security systems typically provide message integrity alongside confidentiality.* [^2]
+
+## What is Power Shell
+
+> *PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes.*
+>
+> *PowerShell commands let you manage computers from the command line. PowerShell providers let you access data stores, such as the registry and certificate store, as easily as you access the file system. PowerShell includes a rich expression parser and a fully developed scripting language.* [^3]
+
+## Preparation
+
+Download and unzip the integrity_lab.zip archive into your **Documents** folder.
+
+If you don’t have the zip file you can directly download the individual required documents here:
+
+The www_release folder will be used as your golden image; this concept will be explained later.
+
+
+### Footnotes
+
+[^1]: [What is the CIA Triad?](https://www.forcepoint.com/cyber-edu/cia-triad)
+[^2]: [Information Security](https://en.wikipedia.org/wiki/Information_security#Integrity)
+[^3]: [What is PowerShell?](https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7)