From 1ddbc422896bb258deec515649ef9353b6601eb5 Mon Sep 17 00:00:00 2001 From: Stephan Yelle Date: Thu, 5 Mar 2026 23:17:24 -0500 Subject: [PATCH] Add Demo.ps1 --- Demo.ps1 | 203 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 Demo.ps1 diff --git a/Demo.ps1 b/Demo.ps1 new file mode 100644 index 0000000..23e24fc --- /dev/null +++ b/Demo.ps1 @@ -0,0 +1,203 @@ +Add-Type -AssemblyName System.Drawing +Add-Type -TypeDefinition @" +using System; +using System.Runtime.InteropServices; +public class Wallpaper { + [DllImport("user32.dll", SetLastError=true)] + public static extern bool SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); +} +"@ + +# ---------------------------- +# Config +# ---------------------------- +$clientName = "Ford" + +# Use the RAW file URL from your repo +$logoUrl = "https://raw.githubusercontent.com/YOURORG/YOURREPO/main/assets/ford_logo.png" + +# Optional local fallback if download fails +$fallbackLogo = "C:\Temp\ford_logo.png" + +# Temp working directory +$workDir = Join-Path $env:TEMP "ClientAwarenessDemo" +New-Item -ItemType Directory -Path $workDir -Force | Out-Null + +$downloadedLogo = Join-Path $workDir "ford_logo.png" +$logoPath = $null + +# ---------------------------- +# Download logo +# ---------------------------- +try { + Invoke-WebRequest -Uri $logoUrl -OutFile $downloadedLogo -UseBasicParsing -ErrorAction Stop + if (Test-Path $downloadedLogo) { + $logoPath = $downloadedLogo + } +} +catch { + Write-Warning "Could not download logo from repo." +} + +if (-not $logoPath -and (Test-Path $fallbackLogo)) { + $logoPath = $fallbackLogo +} + +# ---------------------------- +# Collect harmless live info +# ---------------------------- +$hostName = $env:COMPUTERNAME +$userName = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + +$ipconfigText = ipconfig | Out-String + +$ipv4 = ([regex]::Matches($ipconfigText, 'IPv4 Address[^\:]*:\s*([0-9\.]+)') | Select-Object -First 1).Groups[1].Value +$gateway = ([regex]::Matches($ipconfigText, 'Default Gateway[^\:]*:\s*([0-9\.]+)') | Select-Object -First 1).Groups[1].Value +$dns = ([regex]::Matches($ipconfigText, 'DNS Servers[^\:]*:\s*([0-9\.]+)') | Select-Object -First 1).Groups[1].Value + +if ([string]::IsNullOrWhiteSpace($ipv4)) { $ipv4 = "Not found" } +if ([string]::IsNullOrWhiteSpace($gateway)) { $gateway = "Not found" } +if ([string]::IsNullOrWhiteSpace($dns)) { $dns = "Not found" } + +# ---------------------------- +# Simulated file names only +# ---------------------------- +$fakeFiles = @( + "Payroll_2025.xlsx", + "Client_Contracts.docx", + "VPN_Credentials.txt", + "InternalBudget.xlsx", + "HR_Employee_List.xlsx", + "ProjectRoadmap.pptx", + "AccountsReceivable.csv", + "ExecutiveNotes.docx", + "MFA_Recovery_Codes.txt", + "Confidential_Pricing.pdf" +) + +# ---------------------------- +# Create wallpaper canvas +# ---------------------------- +$width = 1920 +$height = 1080 + +$bmp = New-Object System.Drawing.Bitmap $width, $height +$g = [System.Drawing.Graphics]::FromImage($bmp) +$g.SmoothingMode = [System.Drawing.Drawing2D.SmoothingMode]::AntiAlias +$g.TextRenderingHint = [System.Drawing.Text.TextRenderingHint]::ClearTypeGridFit + +# Colors +$bgColor = [System.Drawing.Color]::FromArgb(15,18,28) +$panelColor = [System.Drawing.Color]::FromArgb(25,30,45) +$accentColor = [System.Drawing.Color]::FromArgb(0,173,239) +$textColor = [System.Drawing.Color]::White +$mutedColor = [System.Drawing.Color]::FromArgb(190,190,190) +$warnColor = [System.Drawing.Color]::FromArgb(255,210,90) + +$g.Clear($bgColor) + +# Brushes / pens +$panelBrush = New-Object System.Drawing.SolidBrush $panelColor +$accentBrush = New-Object System.Drawing.SolidBrush $accentColor +$textBrush = New-Object System.Drawing.SolidBrush $textColor +$mutedBrush = New-Object System.Drawing.SolidBrush $mutedColor +$warnBrush = New-Object System.Drawing.SolidBrush $warnColor +$borderPen = New-Object System.Drawing.Pen $accentColor, 2 + +# Fonts +$titleFont = New-Object System.Drawing.Font("Segoe UI", 28, [System.Drawing.FontStyle]::Bold) +$headerFont = New-Object System.Drawing.Font("Segoe UI", 16, [System.Drawing.FontStyle]::Bold) +$bodyFont = New-Object System.Drawing.Font("Consolas", 15, [System.Drawing.FontStyle]::Regular) +$smallFont = New-Object System.Drawing.Font("Segoe UI", 12, [System.Drawing.FontStyle]::Regular) + +# ---------------------------- +# Draw logo +# ---------------------------- +if ($logoPath -and (Test-Path $logoPath)) { + try { + $logo = [System.Drawing.Image]::FromFile($logoPath) + $g.DrawImage($logo, 60, 35, 240, 100) + $logo.Dispose() + } + catch { + Write-Warning "Logo could not be loaded." + } +} + +# ---------------------------- +# Header text +# ---------------------------- +$g.DrawString("$clientName Security Awareness Demonstration", $titleFont, $accentBrush, 60, 155) +$g.DrawString("This workstation accepted commands in seconds.", $headerFont, $textBrush, 60, 210) +$g.DrawString("Simulation only. No files were accessed, searched, copied, or transmitted.", $headerFont, $warnBrush, 60, 245) + +# ---------------------------- +# Left panel: real harmless info +# ---------------------------- +$leftRect = New-Object System.Drawing.Rectangle 60, 310, 760, 460 +$g.FillRectangle($panelBrush, $leftRect) +$g.DrawRectangle($borderPen, $leftRect) + +$g.DrawString("Live harmless reconnaissance", $headerFont, $accentBrush, 80, 330) + +$y = 385 +$lineGap = 42 +$g.DrawString("Hostname : $hostName", $bodyFont, $textBrush, 90, $y); $y += $lineGap +$g.DrawString("User : $userName", $bodyFont, $textBrush, 90, $y); $y += $lineGap +$g.DrawString("IPv4 : $ipv4", $bodyFont, $textBrush, 90, $y); $y += $lineGap +$g.DrawString("Gateway : $gateway", $bodyFont, $textBrush, 90, $y); $y += $lineGap +$g.DrawString("DNS : $dns", $bodyFont, $textBrush, 90, $y); $y += $lineGap + 10 + +$g.DrawString("Commands used:", $smallFont, $mutedBrush, 90, $y) +$g.DrawString("hostname whoami ipconfig", $bodyFont, $textBrush, 90, $y + 30) + +# ---------------------------- +# Right panel: simulated file targets +# ---------------------------- +$rightRect = New-Object System.Drawing.Rectangle 870, 310, 980, 560 +$g.FillRectangle($panelBrush, $rightRect) +$g.DrawRectangle($borderPen, $rightRect) + +$g.DrawString("Simulated attacker targets", $headerFont, $accentBrush, 890, 330) +$g.DrawString("Examples of the kinds of files a bad actor would likely search for:", $smallFont, $mutedBrush, 890, 370) + +$y2 = 420 +foreach ($file in $fakeFiles) { + $g.DrawString("• $file", $bodyFont, $textBrush, 900, $y2) + $y2 += 38 +} + +# ---------------------------- +# Footer +# ---------------------------- +$footerText = "Takeaway: brief physical access to an unlocked session can expose important information fast." +$g.DrawString($footerText, $headerFont, $warnBrush, 60, 965) + +# ---------------------------- +# Save wallpaper +# ---------------------------- +$outPath = Join-Path $workDir "Client_Awareness_Wallpaper.bmp" +$bmp.Save($outPath, [System.Drawing.Imaging.ImageFormat]::Bmp) + +# ---------------------------- +# Cleanup GDI objects +# ---------------------------- +$g.Dispose() +$bmp.Dispose() +$panelBrush.Dispose() +$accentBrush.Dispose() +$textBrush.Dispose() +$mutedBrush.Dispose() +$warnBrush.Dispose() +$borderPen.Dispose() +$titleFont.Dispose() +$headerFont.Dispose() +$bodyFont.Dispose() +$smallFont.Dispose() + +# ---------------------------- +# Set wallpaper style and apply +# ---------------------------- +Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -Value "10" +Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -Value "0" +[Wallpaper]::SystemParametersInfo(20, 0, $outPath, 3) | Out-Null \ No newline at end of file