From 20f529d6a282814dd02a33cebb6ba16d6ce14790 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Thu, 18 Aug 2022 09:22:59 +0200
Subject: [PATCH] UT: Separate mimikatz credentials stolen event test

---
 .../test_mimikatz_collector.py                | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py b/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py
index 74c852437..12ca9d594 100644
--- a/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py
+++ b/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py
@@ -124,12 +124,39 @@ def test_mimikatz_credentials_stolen_event_published(monkeypatch):
     patch_pypykatz([], monkeypatch)
 
     mimikatz_credential_collector = MimikatzCredentialCollector(mock_event_queue)
-    collected_credentials = mimikatz_credential_collector.collect_credentials()
+    mimikatz_credential_collector.collect_credentials()
 
     mock_event_queue.publish.assert_called_once()
 
     mock_event_queue_call_args = mock_event_queue.publish.call_args[0][0]
 
     assert isinstance(mock_event_queue_call_args, CredentialsStolenEvent)
+
+
+def test_mimikatz_credentials_stolen_event_tags(monkeypatch):
+    mock_event_queue = MagicMock(spec=IEventQueue)
+    patch_pypykatz([], monkeypatch)
+
+    mimikatz_credential_collector = MimikatzCredentialCollector(mock_event_queue)
+    mimikatz_credential_collector.collect_credentials()
+
+    mock_event_queue_call_args = mock_event_queue.publish.call_args[0][0]
+
     assert mock_event_queue_call_args.tags == MIMIKATZ_EVENT_TAGS
+
+
+def test_mimikatz_credentials_stolen_event_stolen_credentials(monkeypatch):
+    mock_event_queue = MagicMock(spec=IEventQueue)
+    win_creds = [
+        WindowsCredentials(
+            username="user2", password="secret2", lm_hash="0182BD0BD4444BF8FC83B5D9042EED2E"
+        ),
+    ]
+    patch_pypykatz(win_creds, monkeypatch)
+
+    mimikatz_credential_collector = MimikatzCredentialCollector(mock_event_queue)
+    collected_credentials = mimikatz_credential_collector.collect_credentials()
+
+    mock_event_queue_call_args = mock_event_queue.publish.call_args[0][0]
+
     assert mock_event_queue_call_args.stolen_credentials == collected_credentials