diff --git a/000-HowToHack/minime/virtualmachine.json b/000-HowToHack/minime/virtualmachine.json new file mode 100644 index 0000000000..4d42bf7d70 --- /dev/null +++ b/000-HowToHack/minime/virtualmachine.json @@ -0,0 +1,338 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.16.2.56959", + "templateHash": "14427937023370378081" + } + }, + "parameters": { + "adminUsername": { + "type": "string", + "metadata": { + "description": "Username for the Virtual Machine." + }, + "defaultValue": "admin" + }, + "adminPassword": { + "type": "securestring", + "minLength": 12, + "metadata": { + "description": "Password for the Virtual Machine." + }, + "defaultValue": "myPassword123!" + }, + "dnsLabelPrefix": { + "type": "string", + "defaultValue": "[toLower(format('{0}-{1}', parameters('vmName'), uniqueString(resourceGroup().id, parameters('vmName'))))]", + "metadata": { + "description": "Unique DNS Name for the Public IP used to access the Virtual Machine." + } + }, + "publicIpName": { + "type": "string", + "defaultValue": "myPublicIP", + "metadata": { + "description": "Name for the Public IP used to access the Virtual Machine." + } + }, + "publicIPAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic", + "allowedValues": [ + "Dynamic", + "Static" + ], + "metadata": { + "description": "Allocation method for the Public IP used to access the Virtual Machine." + } + }, + "publicIpSku": { + "type": "string", + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard" + ], + "metadata": { + "description": "SKU for the Public IP used to access the Virtual Machine." + } + }, + "OSVersion": { + "type": "string", + "defaultValue": "2022-datacenter-azure-edition", + "allowedValues": [ + "2016-datacenter-gensecond", + "2016-datacenter-server-core-g2", + "2016-datacenter-server-core-smalldisk-g2", + "2016-datacenter-smalldisk-g2", + "2016-datacenter-with-containers-g2", + "2016-datacenter-zhcn-g2", + "2019-datacenter-core-g2", + "2019-datacenter-core-smalldisk-g2", + "2019-datacenter-core-with-containers-g2", + "2019-datacenter-core-with-containers-smalldisk-g2", + "2019-datacenter-gensecond", + "2019-datacenter-smalldisk-g2", + "2019-datacenter-with-containers-g2", + "2019-datacenter-with-containers-smalldisk-g2", + "2019-datacenter-zhcn-g2", + "2022-datacenter-azure-edition", + "2022-datacenter-azure-edition-core", + "2022-datacenter-azure-edition-core-smalldisk", + "2022-datacenter-azure-edition-smalldisk", + "2022-datacenter-core-g2", + "2022-datacenter-core-smalldisk-g2", + "2022-datacenter-g2", + "2022-datacenter-smalldisk-g2" + ], + "metadata": { + "description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version." + } + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v5", + "metadata": { + "description": "Size of the virtual machine." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for all resources." + } + }, + "vmName": { + "type": "string", + "defaultValue": "simple-vm", + "metadata": { + "description": "Name of the virtual machine." + } + }, + "securityType": { + "type": "string", + "defaultValue": "TrustedLaunch", + "allowedValues": [ + "Standard", + "TrustedLaunch" + ], + "metadata": { + "description": "Security Type of the Virtual Machine." + } + } + }, + "variables": { + "storageAccountName": "[format('bootdiags{0}', uniqueString(resourceGroup().id))]", + "nicName": "myVMNic", + "addressPrefix": "10.0.0.0/16", + "subnetName": "Subnet", + "subnetPrefix": "10.0.0.0/24", + "virtualNetworkName": "MyVNET", + "networkSecurityGroupName": "default-NSG", + "securityProfileJson": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "[parameters('securityType')]" + }, + "extensionName": "GuestAttestation", + "extensionPublisher": "Microsoft.Azure.Security.WindowsAttestation", + "extensionVersion": "1.0", + "maaTenantName": "GuestAttestation", + "maaEndpoint": "[substring('emptyString', 0, 0)]" + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2022-05-01", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard_LRS" + }, + "kind": "Storage" + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2022-05-01", + "name": "[parameters('publicIpName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('publicIpSku')]" + }, + "properties": { + "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", + "dnsSettings": { + "domainNameLabel": "[parameters('dnsLabelPrefix')]" + } + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2022-05-01", + "name": "[variables('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "default-allow-3389", + "properties": { + "priority": 1000, + "access": "Allow", + "direction": "Inbound", + "destinationPortRange": "3389", + "protocol": "Tcp", + "sourcePortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2022-05-01", + "name": "[variables('virtualNetworkName')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + ] + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-05-01", + "name": "[variables('nicName')]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpName'))]" + }, + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpName'))]", + "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2022-03-01", + "name": "[parameters('vmName')]", + "location": "[parameters('location')]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[parameters('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "[parameters('OSVersion')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS" + } + }, + "dataDisks": [ + { + "diskSizeGB": 1023, + "lun": 0, + "createOption": "Empty" + } + ] + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-05-01').primaryEndpoints.blob]" + } + }, + "securityProfile": "[if(equals(parameters('securityType'), 'TrustedLaunch'), variables('securityProfileJson'), null())]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + }, + { + "condition": "[and(equals(parameters('securityType'), 'TrustedLaunch'), and(equals(variables('securityProfileJson').uefiSettings.secureBootEnabled, true()), equals(variables('securityProfileJson').uefiSettings.vTpmEnabled, true())))]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('vmName'), variables('extensionName'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[variables('extensionPublisher')]", + "type": "[variables('extensionName')]", + "typeHandlerVersion": "[variables('extensionVersion')]", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": true, + "settings": { + "AttestationConfig": { + "MaaSettings": { + "maaEndpoint": "[variables('maaEndpoint')]", + "maaTenantName": "[variables('maaTenantName')]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" + ] + } + ], + "outputs": { + "hostname": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpName')), '2022-05-01').dnsSettings.fqdn]" + } + } +}