Add report components, link to matrix
This commit is contained in:
parent
49350aa303
commit
0f6fcc799c
|
@ -4,7 +4,7 @@ from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082
|
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082
|
||||||
from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188
|
from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188
|
||||||
from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064
|
from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064
|
||||||
from monkey_island.cc.services.attack.technique_reports import T1136, T1156, T1504
|
from monkey_island.cc.services.attack.technique_reports import T1136, T1156, T1504, T1158
|
||||||
from monkey_island.cc.services.attack.attack_config import AttackConfig
|
from monkey_island.cc.services.attack.attack_config import AttackConfig
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report
|
from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report
|
||||||
|
@ -40,6 +40,7 @@ TECHNIQUES = {'T1210': T1210.T1210,
|
||||||
'T1136': T1136.T1136,
|
'T1136': T1136.T1136,
|
||||||
'T1156': T1156.T1156,
|
'T1156': T1156.T1156,
|
||||||
'T1504': T1504.T1504
|
'T1504': T1504.T1504
|
||||||
|
'T1158': T1158.T1158
|
||||||
}
|
}
|
||||||
|
|
||||||
REPORT_NAME = 'new_report'
|
REPORT_NAME = 'new_report'
|
||||||
|
|
|
@ -99,6 +99,15 @@ SCHEMA = {
|
||||||
"description": "Adversaries may gain persistence and elevate privileges "
|
"description": "Adversaries may gain persistence and elevate privileges "
|
||||||
"in certain situations by abusing PowerShell profiles which "
|
"in certain situations by abusing PowerShell profiles which "
|
||||||
"are scripts that run when PowerShell starts."
|
"are scripts that run when PowerShell starts."
|
||||||
|
"T1158": {
|
||||||
|
"title": "Hidden Files and Directories",
|
||||||
|
"type": "bool",
|
||||||
|
"value": True,
|
||||||
|
"necessary": False,
|
||||||
|
"link": "https://attack.mitre.org/techniques/T1158",
|
||||||
|
"description": "Adversaries can hide files and folders on the system "
|
||||||
|
"and evade a typical user or system analysis that does not "
|
||||||
|
"incorporate investigation of hidden files."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||||
|
from monkey_island.cc.services.reporting.report import ReportService
|
||||||
|
from common.utils.attack_utils import ScanStatus
|
||||||
|
from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
||||||
|
|
||||||
|
|
||||||
|
__author__ = "shreyamalviya"
|
||||||
|
|
||||||
|
|
||||||
|
class T1158(AttackTechnique):
|
||||||
|
tech_id = "T1158"
|
||||||
|
unscanned_msg = "Monkey did not try creating hidden files or folders."
|
||||||
|
scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
|
||||||
|
used_msg = "Monkey created hidden files and folders on the system."
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_report_data():
|
||||||
|
data = {'title': T1158.technique_title(), 'info': []}
|
||||||
|
|
||||||
|
scanned_nodes = ReportService.get_scanned()
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
|
for node in scanned_nodes:
|
||||||
|
if node['pba_results'] != 'None':
|
||||||
|
for pba in node['pba_results']:
|
||||||
|
if pba['name'] == POST_BREACH_HIDDEN_FILES:
|
||||||
|
status = ScanStatus.USED.value if pba['result'][1]\
|
||||||
|
else ScanStatus.SCANNED.value
|
||||||
|
data['info'].append({
|
||||||
|
'machine': {
|
||||||
|
'hostname': pba['hostname'],
|
||||||
|
'ips': node['ip_addresses']
|
||||||
|
},
|
||||||
|
'type': 'Folder' if 'folder' in pba['command'] else 'File',
|
||||||
|
'result': pba['result'][0]
|
||||||
|
})
|
||||||
|
data.update(T1158.get_base_data_by_status(status))
|
||||||
|
return data
|
|
@ -167,6 +167,10 @@ SCHEMA = {
|
||||||
],
|
],
|
||||||
"title": "Modify shell startup files",
|
"title": "Modify shell startup files",
|
||||||
"attack_techniques": ["T1156", "T1504"]
|
"attack_techniques": ["T1156", "T1504"]
|
||||||
|
"HiddenFiles"
|
||||||
|
],
|
||||||
|
"title": "Hidden files and directories",
|
||||||
|
"attack_techniques": ["T1158"]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
@ -389,6 +393,7 @@ SCHEMA = {
|
||||||
"BackdoorUser",
|
"BackdoorUser",
|
||||||
"CommunicateAsNewUser",
|
"CommunicateAsNewUser",
|
||||||
"ModifyShellStartupFiles"
|
"ModifyShellStartupFiles"
|
||||||
|
"HiddenFiles"
|
||||||
],
|
],
|
||||||
"description": "List of actions the Monkey will run post breach"
|
"description": "List of actions the Monkey will run post breach"
|
||||||
},
|
},
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
import React from 'react';
|
||||||
|
import ReactTable from 'react-table';
|
||||||
|
import {renderMachineFromSystemData, ScanStatus} from './Helpers';
|
||||||
|
import MitigationsComponent from './MitigationsComponent';
|
||||||
|
|
||||||
|
class T1158 extends React.Component {
|
||||||
|
|
||||||
|
constructor(props) {
|
||||||
|
super(props);
|
||||||
|
}
|
||||||
|
|
||||||
|
static getColumns() {
|
||||||
|
return ([{
|
||||||
|
columns: [
|
||||||
|
{ Header: 'Machine',
|
||||||
|
id: 'machine',
|
||||||
|
accessor: x => renderMachineFromSystemData(x.machine),
|
||||||
|
style: {'whiteSpace': 'unset'}},
|
||||||
|
{ Header: 'File/Folder',
|
||||||
|
id: 'type',
|
||||||
|
accessor: x => x.type,
|
||||||
|
style: {'whiteSpace': 'unset'}, width: 160},
|
||||||
|
{ Header: 'Result',
|
||||||
|
id: 'result',
|
||||||
|
accessor: x => x.result,
|
||||||
|
style: {'whiteSpace': 'unset'}}
|
||||||
|
]
|
||||||
|
}])
|
||||||
|
}
|
||||||
|
|
||||||
|
render() {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
<div>{this.props.data.message}</div>
|
||||||
|
<br/>
|
||||||
|
{this.props.data.status === ScanStatus.USED ?
|
||||||
|
<ReactTable
|
||||||
|
columns={T1158.getColumns()}
|
||||||
|
data={this.props.data.info}
|
||||||
|
showPagination={false}
|
||||||
|
defaultPageSize={this.props.data.info.length}
|
||||||
|
/> : ''}
|
||||||
|
<MitigationsComponent mitigations={this.props.data.mitigations}/>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default T1158;
|
Loading…
Reference in New Issue