This is a neat way to practice IR and Threat Hunting. In IR and Threat Hunting, part of the fun is not knowing the malware type that infected your system (at least in practice). This playbook should randomly pick a malware from the directory malware and deploy and run it to start practicing without spoilers : ).
You only need to edit <IP> , Administrator, and <password> in hosts.ini.
[wc]
<IP>
[windows:children]
wc
[wc:vars]
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_user=Administrator
ansible_password=<password>
ansible_become_password=<password>
- Remove the test files in
<Project root dir>/malware - Download a collection of malware samples
- Unzip the downloaded malware samples and move them to
<Project root dir>/malware