Merge remote-tracking branch 'upstream/develop' into gevent_refactoring

This commit is contained in:
VakarisZ 2020-12-08 16:31:55 +02:00
commit 9e9518be66
44 changed files with 532 additions and 183 deletions

View File

@ -7,6 +7,7 @@ Add any further explanations here.
## PR Checklist ## PR Checklist
* [ ] Have you added an explanation of what your changes do and why you'd like to include them? * [ ] Have you added an explanation of what your changes do and why you'd like to include them?
* [ ] Is the TravisCI build passing? * [ ] Is the TravisCI build passing?
* [ ] Was the documentation framework updated to reflect the changes?
## Testing Checklist ## Testing Checklist

View File

@ -0,0 +1,30 @@
{
"id": "JFXftJml8DpmuCPBA9rL",
"name": "Add details about your new PBA",
"dod": "WW91JTIwc2hvdWxkJTIwYWRkJTIweW91ciUyMG5ldyUyMFBCQSdzJTIwZGV0YWlscyUyMHRvJTIwdGhlJTIwY29uZmlndXJhdGlvbi4=",
"description": "SW4lMjBvcmRlciUyMHRvJTIwbWFrZSUyMHN1cmUlMjB0aGF0JTIwdGhlJTIwbmV3JTIwJTYwU2NoZWR1bGVKb2JzJTYwJTIwUEJBJTIwaXMlMjBzaG93biUyMGluJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMG9uJTIwdGhlJTIwTW9ua2V5JTIwSXNsYW5kJTJDJTIweW91JTIwbmVlZCUyMHRvJTIwYWRkJTIwaXRzJTIwZGV0YWlscyUyMHRvJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMGZpbGUocykuJTIwJTNDYnIlM0UlM0NiciUzRSUwQSUwQVNpbmNlJTIwdGhpcyUyMHBhcnRpY3VsYXIlMjBQQkElMjBpcyUyMHJlbGF0ZWQlMjB0byUyMHRoZSUyME1JVFJFJTIwdGVjaG5pcXVlcyUyMCU1QlQxMTY4JTVEKGh0dHBzJTNBJTJGJTJGYXR0YWNrLm1pdHJlLm9yZyUyRnRlY2huaXF1ZXMlMkZUMTE2OCklMjBhbmQlMjAlNUJUMTA1MyU1RChodHRwcyUzQSUyRiUyRmF0dGFjay5taXRyZS5vcmclMkZ0ZWNobmlxdWVzJTJGVDEwNTMpJTJDJTIwbWFrZSUyMHN1cmUlMjB0byUyMGxpbmslMjB0aGUlMjBQQkElMjB3aXRoJTIwdGhlc2UlMjB0ZWNobmlxdWVzJTIwaW4lMjB0aGUlMjBjb25maWd1cmF0aW9uJTIwYXMlMjB3ZWxsLiUyMCUzQ2JyJTNFJTNDYnIlM0UlMEElMEFFYWNoJTIwcGFydCUyMG9mJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMGhhcyUyMGFuJTIwaW1wb3J0YW50JTIwcm9sZSUyMCUyMCUwQS0lMjAqZW51bSolMjAlRTIlODAlOTQlMjBjb250YWlucyUyMHRoZSUyMHJlbGV2YW50JTIwUEJBJ3MlMjBjbGFzcyUyMG5hbWUocyklMEEtJTIwKnRpdGxlKiUyMCVFMiU4MCU5NCUyMGhvbGRzJTIwdGhlJTIwbmFtZSUyMG9mJTIwdGhlJTIwUEJBJTIwd2hpY2glMjBpcyUyMGRpc3BsYXllZCUyMGluJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMG9uJTIwdGhlJTIwTW9ua2V5JTIwSXNsYW5kJTBBLSUyMCppbmZvKiUyMCVFMiU4MCU5NCUyMGNvbnNpc3RzJTIwb2YlMjBhbiUyMGVsYWJvcmF0aW9uJTIwb24lMjB0aGUlMjBQQkEncyUyMHdvcmtpbmclMjB3aGljaCUyMGlzJTIwZGlzcGxheWVkJTIwaW4lMjB0aGUlMjBjb25maWd1cmF0aW9uJTIwb24lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEtJTIwKmF0dGFja190ZWNobmlxdWVzKiUyMCVFMiU4MCU5NCUyMGhhcyUyMHRoZSUyMElEcyUyMG9mJTIwdGhlJTIwTUlUUkUlMjB0ZWNobmlxdWVzJTIwYXNzb2NpYXRlZCUyMHdpdGglMjB0aGUlMjBQQkElMEElMEElMjMlMjMlMjBNYW51YWwlMjB0ZXN0JTIwJTIwJTBBT25jZSUyMHlvdSUyMHRoaW5rJTIweW91J3JlJTIwZG9uZS4uLiUwQS0lMjBSdW4lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEtJTIwWW91JTIwc2hvdWxkJTIwYmUlMjBhYmxlJTIwdG8lMjBzZWUlMjB5b3VyJTIwbmV3JTIwUEJBJTIwdW5kZXIlMjB0aGUlMjAlMjJNb25rZXklMjIlMjB0YWIlMjBpbiUyMHRoZSUyMGNvbmZpZ3VyYXRpb24lMkMlMjBhbG9uZyUyMHdpdGglMjBpdHMlMjBpbmZvcm1hdGlvbiUyMHdoZW4lMjB5b3UlMjBjbGljayUyMG9uJTIwaXQlMEEtJTIwRnVydGhlciUyQyUyMHdoZW4lMjB5b3UlMjBlbmFibGUlMkZkaXNhYmxlJTIwdGhlJTIwYXNzb2NpYXRlZCUyME1JVFJFJTIwdGVjaG5pcXVlcyUyMHVuZGVyJTIwdGhlJTIwQVRUJTI2Q0slMjB0YWIlMjBpbiUyMHRoZSUyMGNvbmZpZ3VyYXRpb24lMkMlMjB0aGUlMjBQQkElMjBzaG91bGQlMjBhbHNvJTIwYmUlMjBlbmFibGVkJTJGZGlzYWJsZWQlMEElMEElM0NpbWclMjBzcmMlM0QlMjJodHRwcyUzQSUyRiUyRmkuaW1ndXIuY29tJTJGYTVWU2tMNS5naWYlMjIlMjBoZWlnaHQlM0Q0MDAlM0U=",
"summary": "LSUyMFRoZSUyMFBCQSUyMGRldGFpbHMlMjBpbiUyMHRoaXMlMjBmaWxlJTIwYXJlJTIwcmVmbGVjdGVkJTIwb24lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMjBpbiUyMHRoZSUyMFBCQSUyMGNvbmZpZ3VyYXRpb24uJTBBLSUyMFBCQXMlMjBhcmUlMjBhbHNvJTIwbGlua2VkJTIwdG8lMjB0aGUlMjByZWxldmFudCUyME1JVFJFJTIwdGVjaG5pcXVlcyUyMGluJTIwdGhpcyUyMGZpbGUlMkMlMjB3aG9zZSUyMHJlc3VsdHMlMjBjYW4lMjB0aGVuJTIwYmUlMjBzZWVuJTIwaW4lMjB0aGUlMjBNSVRSRSUyMEFUVCUyNkNLJTIwcmVwb3J0JTIwb24lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQu",
"diff": "ZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRm1vbmtleV9pc2xhbmQlMkZjYyUyRnNlcnZpY2VzJTJGY29uZmlnX3NjaGVtYSUyRmRlZmluaXRpb25zJTJGcG9zdF9icmVhY2hfYWN0aW9ucy5weSUyMGIlMkZtb25rZXklMkZtb25rZXlfaXNsYW5kJTJGY2MlMkZzZXJ2aWNlcyUyRmNvbmZpZ19zY2hlbWElMkZkZWZpbml0aW9ucyUyRnBvc3RfYnJlYWNoX2FjdGlvbnMucHklMEFpbmRleCUyMGYxZmUwZjZmLi5jY2UzN2IyNCUyMDEwMDY0NCUwQS0tLSUyMGElMkZtb25rZXklMkZtb25rZXlfaXNsYW5kJTJGY2MlMkZzZXJ2aWNlcyUyRmNvbmZpZ19zY2hlbWElMkZkZWZpbml0aW9ucyUyRnBvc3RfYnJlYWNoX2FjdGlvbnMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGbW9ua2V5X2lzbGFuZCUyRmNjJTJGc2VydmljZXMlMkZjb25maWdfc2NoZW1hJTJGZGVmaW5pdGlvbnMlMkZwb3N0X2JyZWFjaF9hY3Rpb25zLnB5JTBBJTQwJTQwJTIwLTYyJTJDMTUlMjAlMkI2MiUyQzclMjAlNDAlNDAlMjBQT1NUX0JSRUFDSF9BQ1RJT05TJTIwJTNEJTIwJTdCJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIyUmVtb3ZlcyUyMHRoZSUyMGZpbGUlMjBhZnRlcndhcmRzLiUyMiUyQyUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMmF0dGFja190ZWNobmlxdWVzJTIyJTNBJTIwJTVCJTIyVDExNjYlMjIlNUQlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0QlMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTdCJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnR5cGUlMjIlM0ElMjAlMjJzdHJpbmclMjIlMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIyZW51bSUyMiUzQSUyMCU1QiUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJTY2hlZHVsZUpvYnMlMjIlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVEJTJDJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnRpdGxlJTIyJTNBJTIwJTIySm9iJTIwc2NoZWR1bGluZyUyMiUyQyUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJpbmZvJTIyJTNBJTIwJTIyQXR0ZW1wdHMlMjB0byUyMGNyZWF0ZSUyMGElMjBzY2hlZHVsZWQlMjBqb2IlMjBvbiUyMHRoZSUyMHN5c3RlbSUyMGFuZCUyMHJlbW92ZSUyMGl0LiUyMiUyQyUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJhdHRhY2tfdGVjaG5pcXVlcyUyMiUzQSUyMCU1QiUyMlQxMTY4JTIyJTJDJTIwJTIyVDEwNTMlMjIlNUQlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTdEJTJDJTBBJTJCJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIzJTIwU3dpbW1lciUzQSUyMEFERCUyMERFVEFJTFMlMjBIRVJFISUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3QiUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnR5cGUlMjIlM0ElMjAlMjJzdHJpbmclMjIlMkMlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJlbnVtJTIyJTNBJTIwJTVCJTBB",
"tests": [],
"hints": [
"Have a look at the details of the other techniques."
],
"files": {
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": {
"index": [
"f1fe0f6f..cce37b24",
"100644"
],
"fileA": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"fileB": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"status": "MODIFIED",
"numLineDeletions": 9,
"numLineAdditions": 1,
"hunkContainers": [
"JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC02MiUyQzE1JTIwJTJCNjIlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfQUNUSU9OUyUyMCUzRCUyMCU3QiUyMiUyQyUyMmNoYW5nZXMlMjIlM0ElNUIlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUMlMjJSZW1vdmVzJTIwdGhlJTIwZmlsZSUyMGFmdGVyd2FyZHMuJTVDJTIyJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNjIlMkMlMjJiJTIyJTNBNjIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUMlMjJhdHRhY2tfdGVjaG5pcXVlcyU1QyUyMiUzQSUyMCU1QiU1QyUyMlQxMTY2JTVDJTIyJTVEJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNjMlMkMlMjJiJTIyJTNBNjMlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0QlMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E2NCUyQyUyMmIlMjIlM0E2NCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0IlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E2NSU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUMlMjJ0eXBlJTVDJTIyJTNBJTIwJTVDJTIyc3RyaW5nJTVDJTIyJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNjYlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVDJTIyZW51bSU1QyUyMiUzQSUyMCU1QiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTY3JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMlNjaGVkdWxlSm9icyU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTY4JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1RCUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTY5JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMnRpdGxlJTVDJTIyJTNBJTIwJTVDJTIySm9iJTIwc2NoZWR1bGluZyU1QyUyMiUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTcwJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMmluZm8lNUMlMjIlM0ElMjAlNUMlMjJBdHRlbXB0cyUyMHRvJTIwY3JlYXRlJTIwYSUyMHNjaGVkdWxlZCUyMGpvYiUyMG9uJTIwdGhlJTIwc3lzdGVtJTIwYW5kJTIwcmVtb3ZlJTIwaXQuJTVDJTIyJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNzElN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVDJTIyYXR0YWNrX3RlY2huaXF1ZXMlNUMlMjIlM0ElMjAlNUIlNUMlMjJUMTE2OCU1QyUyMiUyQyUyMCU1QyUyMlQxMDUzJTVDJTIyJTVEJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNzIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTdEJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNzMlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyYWRkJTIyJTJDJTIybWFyayUyMiUzQSUyMiUyQiUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjMlMjBTd2ltbWVyJTNBJTIwQUREJTIwREVUQUlMUyUyMEhFUkUhJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBNjUlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0IlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E3NCUyQyUyMmIlMjIlM0E2NiU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMnR5cGUlNUMlMjIlM0ElMjAlNUMlMjJzdHJpbmclNUMlMjIlMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E3NSUyQyUyMmIlMjIlM0E2NyU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMmVudW0lNUMlMjIlM0ElMjAlNUIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E3NiUyQyUyMmIlMjIlM0E2OCU3RCU3RCU1RCUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTYyJTJDJTIybGluZXNDb3VudCUyMiUzQTE1JTdEJTJDJTIyYiUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTYyJTJDJTIybGluZXNDb3VudCUyMiUzQTclN0QlN0QlN0QlN0Q="
]
}
},
"app_version": "0.1.90",
"file_version": "1.0.2"
}

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,31 @@
{
"id": "VW4rf3AxRslfT7lwaug7",
"name": "Implement a new PBA — `ScheduleJobs`",
"dod": "WW91JTIwc2hvdWxkJTIwaW1wbGVtZW50JTIwYSUyMG5ldyUyMFBCQSUyMGluJTIwTW9ua2V5JTIwd2hpY2glMjBzY2hlZHVsZXMlMjBqb2JzJTIwb24lMjB0aGUlMjBtYWNoaW5lLg==",
"description": "WW91JTIwbmVlZCUyMHRvJTIwaW1wbGVtZW50JTIwdGhlJTIwJTYwU2NoZWR1bGVKb2JzJTYwJTIwUEJBJTIwd2hpY2glMjBjcmVhdGVzJTIwc2NoZWR1bGVkJTIwam9icyUyMG9uJTIwdGhlJTIwbWFjaGluZS4lMjAlM0NiciUzRSUzQ2JyJTNFJTBBJTNDaW1nJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZtZWRpYS5naXBoeS5jb20lMkZtZWRpYSUyRmwwSzRtVkU1YjVXWjFzY3RXJTJGZ2lwaHkuZ2lmJTIyJTIwaGVpZ2h0JTNEMTc1JTNFJTNDYnIlM0UlM0NiciUzRSUwQVRoZSUyMGNvbW1hbmRzJTIwdGhhdCUyMGFkZCUyMHNjaGVkdWxlZCUyMGpvYnMlMjBmb3IlMjBXaW5kb3dzJTIwYW5kJTIwTGludXglMjBjYW4lMjBiZSUyMHJldHJpZXZlZCUyMGZyb20lMjAlNjBnZXRfY29tbWFuZHNfdG9fc2NoZWR1bGVfam9icyU2MCUyMCVFMiU4MCU5NCUyMG1ha2UlMjBzdXJlJTIweW91JTIwdW5kZXJzdGFuZCUyMGhvdyUyMHRvJTIwdXNlJTIwdGhpcyUyMGZ1bmN0aW9uJTIwY29ycmVjdGx5LiUwQSUwQSUyMyUyMyUyME1hbnVhbCUyMHRlc3QlMjAlMjAlMEFPbmNlJTIweW91JTIwdGhpbmslMjB5b3UncmUlMjBkb25lLi4uJTBBLSUyMFJ1biUyMHRoZSUyME1vbmtleSUyMElzbGFuZCUwQS0lMjBNYWtlJTIwc3VyZSUyMHRoZSUyMCUyMkpvYiUyMHNjaGVkdWxpbmclMjIlMjBQQkElMjBpcyUyMGVuYWJsZWQlMjBpbiUyMHRoZSUyMCUyMk1vbmtleSUyMiUyMHRhYiUyMGluJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMCVFMiU4MCU5NCUyMGZvciUyMHRoaXMlMjB0ZXN0JTJDJTIwZGlzYWJsZSUyMG5ldHdvcmslMjBzY2FubmluZyUyQyUyMGV4cGxvaXRpbmclMkMlMjBhbmQlMjBhbGwlMjBvdGhlciUyMFBCQXMlMEEtJTIwUnVuJTIwdGhlJTIwTW9ua2V5JTBBLSUyME1ha2UlMjBzdXJlJTIweW91JTIwc2VlJTIwdGhlJTIwUEJBJTIwd2l0aCUyMGl0cyUyMHJlc3VsdHMlMjBpbiUyMHRoZSUyMFNlY3VyaXR5JTIwcmVwb3J0JTIwYXMlMjB3ZWxsJTIwYXMlMjBpbiUyMHRoZSUyMEFUVCUyNkNLJTIwcmVwb3J0JTIwdW5kZXIlMjB0aGUlMjByZWxldmFudCUyME1JVFJFJTIwdGVjaG5pcXVlJTBBJTBBJTNDaW1nJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZmaXJlYmFzZXN0b3JhZ2UuZ29vZ2xlYXBpcy5jb20lMkZ2MCUyRmIlMkZzd2ltbWlvLWNvbnRlbnQlMkZvJTJGcmVwb3NpdG9yaWVzJTI1MkY2TmxiOTlOdFk1RmMzYlNkOHN1SCUyNTJGaW1nJTI1MkZmMGU1M2U2Yy05ZGJlLTQxZDgtOTQ1NC0yYjU3NjFjM2Y1M2EucG5nJTNGYWx0JTNEbWVkaWElMjZ0b2tlbiUzRDIxYWE0YmI4LTdlYmUtNGRhYi1hNzM5LWM3N2UwNTkxNDRkZCUyMiUyMGhlaWdodCUzRDQwMCUzRSUwQSUzQ2JyJTNFJTNDYnIlM0UlMEElM0NpbWclMjBzcmMlM0QlMjJodHRwcyUzQSUyRiUyRmZpcmViYXNlc3RvcmFnZS5nb29nbGVhcGlzLmNvbSUyRnYwJTJGYiUyRnN3aW1taW8tY29udGVudCUyRm8lMkZyZXBvc2l0b3JpZXMlMjUyRjZObGI5OU50WTVGYzNiU2Q4c3VIJTI1MkZpbWclMjUyRjUyODM4OWEwLTM1YzgtNDM4MC1iNmUyLTM1MzA2OGVkMDFlNC5wbmclM0ZhbHQlM0RtZWRpYSUyNnRva2VuJTNEMDg3NjdmNTUtODZlMi00ZjUxLThlY2YtMTNmZDZjYzI1YWQ1JTIyJTIwaGVpZ2h0JTNENDAwJTNF",
"summary": "TWFueSUyMG90aGVyJTIwUEJBcyUyMGFyZSUyMGFzJTIwc2ltcGxlJTIwYXMlMjB0aGlzJTIwb25lJTJDJTIwdXNpbmclMjBzaGVsbCUyMGNvbW1hbmRzJTIwb3IlMjBzY3JpcHRzJTIwJUUyJTgwJTk0JTIwc2VlJTIwJTYwVGltZXN0b21waW5nJTYwJTIwYW5kJTIwJTYwQWNjb3VudERpc2NvdmVyeSU2MC4lMjAlM0NiciUzRSUzQ2JyJTNFJTBBJTBBSG93ZXZlciUyQyUyMGZvciUyMGxlc3MlMjBzdHJhaWdodGZvcndhcmQlMjBvbmVzJTJDJTIweW91JTIwY2FuJTIwb3ZlcnJpZGUlMjBmdW5jdGlvbnMlMjBhbmQlMjBpbXBsZW1lbnQlMjBuZXclMjBjbGFzc2VzJTIwZGVwZW5kaW5nJTIwb24lMjB3aGF0JTIwaXMlMjByZXF1aXJlZCUyMCVFMiU4MCU5NCUyMHNlZSUyMCU2MFNpZ25lZFNjcmlwdFByb3h5RXhlY3V0aW9uJTYwJTIwYW5kJTIwJTYwTW9kaWZ5U2hlbGxTdGFydHVwRmlsZXMlNjAuJTNDYnIlM0UlM0NiciUzRSUwQSUwQVRoaXMlMjBQQkElMkMlMjBhbG9uZyUyMHdpdGglMjBhbGwlMjB0aGUlMjBvdGhlciUyMFBCQXMlMkMlMjB3aWxsJTIwcnVuJTIwb24lMjBhJTIwc3lzdGVtJTIwYWZ0ZXIlMjBpdCUyMGhhcyUyMGJlZW4lMjBicmVhY2hlZC4lMjBUaGUlMjBwdXJwb3NlJTIwb2YlMjB0aGlzJTIwY29kZSUyMGlzJTIwdG8lMjB0ZXN0JTIwd2hldGhlciUyMHRhcmdldCUyMHN5c3RlbXMlMjBhbGxvdyUyMGF0dGFja2VycyUyMHRvJTIwc2NoZWR1bGUlMjBqb2JzJTJDJTIwd2hpY2glMjB0aGV5JTIwY291bGQlMjB1c2UlMjB0byUyMHJ1biUyMG1hbGljaW91cyUyMGNvZGUlMjBhdCUyMHNvbWUlMjBzcGVjaWZpZWQlMjBkYXRlJTIwYW5kJTIwdGltZS4=",
"diff": "ZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRmluZmVjdGlvbl9tb25rZXklMkZwb3N0X2JyZWFjaCUyRmFjdGlvbnMlMkZzY2hlZHVsZV9qb2JzLnB5JTIwYiUyRm1vbmtleSUyRmluZmVjdGlvbl9tb25rZXklMkZwb3N0X2JyZWFjaCUyRmFjdGlvbnMlMkZzY2hlZHVsZV9qb2JzLnB5JTBBaW5kZXglMjBkNmNkZDI3Ni4uNzlhNzcyNGQlMjAxMDA2NDQlMEEtLS0lMjBhJTJGbW9ua2V5JTJGaW5mZWN0aW9uX21vbmtleSUyRnBvc3RfYnJlYWNoJTJGYWN0aW9ucyUyRnNjaGVkdWxlX2pvYnMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGaW5mZWN0aW9uX21vbmtleSUyRnBvc3RfYnJlYWNoJTJGYWN0aW9ucyUyRnNjaGVkdWxlX2pvYnMucHklMEElNDAlNDAlMjAtMTAlMkMxMCUyMCUyQjEwJTJDNSUyMCU0MCU0MCUyMGNsYXNzJTIwU2NoZWR1bGVKb2JzKFBCQSklM0ElMEElMjAlMjAlMjAlMjAlMjAlMjIlMjIlMjIlMEElMjAlMEElMjAlMjAlMjAlMjAlMjBkZWYlMjBfX2luaXRfXyhzZWxmKSUzQSUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBsaW51eF9jbWRzJTJDJTIwd2luZG93c19jbWRzJTIwJTNEJTIwZ2V0X2NvbW1hbmRzX3RvX3NjaGVkdWxlX2pvYnMoKSUwQS0lMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwc3VwZXIoU2NoZWR1bGVKb2JzJTJDJTIwc2VsZikuX19pbml0X18obmFtZSUzRFBPU1RfQlJFQUNIX0pPQl9TQ0hFRFVMSU5HJTJDJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMGxpbnV4X2NtZCUzRCclMjAnLmpvaW4obGludXhfY21kcyklMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwd2luZG93c19jbWQlM0R3aW5kb3dzX2NtZHMpJTBBLSUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjByZW1vdmVfc2NoZWR1bGVkX2pvYnMoKSUwQSUyQiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMHBhc3MlMEElMkIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjMlMjBTd2ltbWVyJTNBJTIwSU1QTEVNRU5UJTIwSEVSRSElMEE=",
"tests": [],
"hints": [
"Check out the `Timestomping` PBA to get an idea about the implementation.",
"Don't forget to add code to remove the scheduled jobs!"
],
"files": {
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py": {
"index": [
"d6cdd276..79a7724d",
"100644"
],
"fileA": "monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
"fileB": "monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
"status": "MODIFIED",
"numLineDeletions": 7,
"numLineAdditions": 2,
"hunkContainers": [
"JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC0xMCUyQzEwJTIwJTJCMTAlMkM1JTIwJTQwJTQwJTIwY2xhc3MlMjBTY2hlZHVsZUpvYnMoUEJBKSUzQSUyMiUyQyUyMmNoYW5nZXMlMjIlM0ElNUIlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlNUMlMjIlNUMlMjIlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExMCUyQyUyMmIlMjIlM0ExMCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTExJTJDJTIyYiUyMiUzQTExJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwZGVmJTIwX19pbml0X18oc2VsZiklM0ElMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExMiUyQyUyMmIlMjIlM0ExMiU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBsaW51eF9jbWRzJTJDJTIwd2luZG93c19jbWRzJTIwJTNEJTIwZ2V0X2NvbW1hbmRzX3RvX3NjaGVkdWxlX2pvYnMoKSUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEzJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTE0JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMHN1cGVyKFNjaGVkdWxlSm9icyUyQyUyMHNlbGYpLl9faW5pdF9fKG5hbWUlM0RQT1NUX0JSRUFDSF9KT0JfU0NIRURVTElORyUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTE1JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMGxpbnV4X2NtZCUzRCclMjAnLmpvaW4obGludXhfY21kcyklMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExNiU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjB3aW5kb3dzX2NtZCUzRHdpbmRvd3NfY21kcyklMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExNyU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjByZW1vdmVfc2NoZWR1bGVkX2pvYnMoKSUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTE5JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmFkZCUyMiUyQyUyMm1hcmslMjIlM0ElMjIlMkIlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwcGFzcyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYiUyMiUzQTEzJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmFkZCUyMiUyQyUyMm1hcmslMjIlM0ElMjIlMkIlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIzJTIwU3dpbW1lciUzQSUyMElNUExFTUVOVCUyMEhFUkUhJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBMTQlN0QlN0QlNUQlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ElN0IlMjJzdGFydExpbmUlMjIlM0ExMCUyQyUyMmxpbmVzQ291bnQlMjIlM0ExMCU3RCUyQyUyMmIlMjIlM0ElN0IlMjJzdGFydExpbmUlMjIlM0ExMCUyQyUyMmxpbmVzQ291bnQlMjIlM0E1JTdEJTdEJTdEJTdE"
]
}
},
"app_version": "0.1.90",
"file_version": "1.0.2"
}

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,30 @@
{
"id": "xYkxB76pK0peJj2tSxBJ",
"name": "Define what your new PBA does",
"dod": "WW91JTIwc2hvdWxkJTIwYWRkJTIwYSUyMG5ldyUyMFBCQSUyMGNvbnN0JTIwdGhhdCUyMGRlZmluZXMlMjB3aGF0JTIwdGhlJTIwUEJBJTIwZG9lcy4=",
"description": "VGhlJTIwbmFtZSUyMG9mJTIweW91ciUyMG5ldyUyMFBCQSUyMCh3aGljaCUyMGNyZWF0ZXMlMjBzY2hlZHVsZWQlMjBqb2JzJTIwb24lMjB0aGUlMjBtYWNoaW5lKSUyMHdpbGwlMjBiZSUyMHVzZWQlMjBpbiUyMGElMjBmZXclMjBwbGFjZXMlMkMlMjBpbmNsdWRpbmclMjB0aGUlMjByZXBvcnQuJTIwJTNDYnIlM0UlM0NiciUzRSUwQVlvdSUyMHNob3VsZCUyMGJyaWVmbHklMjBkZWZpbmUlMjB3aGF0JTIweW91ciUyMFBCQSUyMGRvZXMlMjBpbiUyMGElMjBjb25zdGFudCUyMHZhcmlhYmxlJTJDJTIwc3VjaCUyMHRoYXQlMjBpdCUyMGNhbiUyMGJlJTIwdXNlZCUyMGJ5JTIwYm90aCUyMHRoZSUyME1vbmtleSUyMGFuZCUyMHRoZSUyME1vbmtleSUyMElzbGFuZC4lMEElMEElMjMlMjMlMjBNYW51YWwlMjB0ZXN0JTIwJTIwJTBBT25jZSUyMHlvdSUyMHRoaW5rJTIweW91J3JlJTIwZG9uZS4uLiUwQS0lMjBSdW4lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEtJTIwTWFrZSUyMHN1cmUlMjB0aGUlMjAlMjJKb2IlMjBzY2hlZHVsaW5nJTIyJTIwUEJBJTIwaXMlMjBlbmFibGVkJTIwaW4lMjB0aGUlMjAlMjJNb25rZXklMjIlMjB0YWIlMjBpbiUyMHRoZSUyMGNvbmZpZ3VyYXRpb24lMjAlRTIlODAlOTQlMjBmb3IlMjB0aGlzJTIwdGVzdCUyQyUyMGRpc2FibGUlMjBuZXR3b3JrJTIwc2Nhbm5pbmclMkMlMjBleHBsb2l0aW5nJTJDJTIwYW5kJTIwYWxsJTIwb3RoZXIlMjBQQkFzJTBBLSUyMFJ1biUyMHRoZSUyME1vbmtleSUwQS0lMjBDaGVjayUyMHRoZSUyMFBCQSUyMHNlY3Rpb24lMjBpbiUyMHRoZSUyMFNlY3VyaXR5JTIwcmVwb3J0JTIwZm9yJTIwdGhlJTIwbmFtZSUyMHlvdSUyMGdhdmUlMjB0byUyMHRoZSUyMG5ldyUyMFBCQSUyMCUyMCUwQSUwQSUzQ2ltZyUyMHNyYyUzRCUyMmh0dHBzJTNBJTJGJTJGZmlyZWJhc2VzdG9yYWdlLmdvb2dsZWFwaXMuY29tJTJGdjAlMkZiJTJGc3dpbW1pby1jb250ZW50JTJGbyUyRnJlcG9zaXRvcmllcyUyNTJGNk5sYjk5TnRZNUZjM2JTZDhzdUglMjUyRmltZyUyNTJGZjBlNTNlNmMtOWRiZS00MWQ4LTk0NTQtMmI1NzYxYzNmNTNhLnBuZyUzRmFsdCUzRG1lZGlhJTI2dG9rZW4lM0QyMWFhNGJiOC03ZWJlLTRkYWItYTczOS1jNzdlMDU5MTQ0ZGQlMjIlMjBoZWlnaHQlM0Q0MDAlM0U=",
"summary": "LSUyMFRoZSUyMG5hbWUlMjBkZWZpbmVkJTIwaGVyZSUyMGZvciUyMHlvdXIlMjBQQkElMjBjYW4lMjBiZSUyMHNlZW4lMjBvbiUyMHRoZSUyME1vbmtleSUyMElzbGFuZCUyMGluJTIwdGhlJTIwUEJBJTIwc2VjdGlvbiUyMGluJTIwdGhlJTIwU2VjdXJpdHklMjByZXBvcnQuJTBBLSUyMFRoZSUyMHJlc3VsdHMlMjBvZiUyMGVhY2glMjBQQkElMjBzdG9yZWQlMjBpbiUyMHRoZSUyMHRlbGVtZXRyeSUyMGFyZSUyMGFsc28lMjBpZGVudGlmaWVkJTIwYnklMjB0aGUlMjBzdHJpbmclMjBkZWZpbmVkJTIwaGVyZSUyMGZvciUyMHRoYXQlMjBQQkEu",
"diff": "ZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQWluZGV4JTIwMjVlNjY3OWMuLjQ2ZDgwMmRlJTIwMTAwNjQ0JTBBLS0tJTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQSU0MCU0MCUyMC01JTJDNyUyMCUyQjUlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfU0hFTExfU1RBUlRVUF9GSUxFX01PRElGSUNBVElPTiUyMCUzRCUyMCUyMk1vZGlmeSUyMHNoZWxsJTIwc3RhcnR1cCUyMGZpbGUlMjIlMEElMjBQT1NUX0JSRUFDSF9ISURERU5fRklMRVMlMjAlM0QlMjAlMjJIaWRlJTIwZmlsZXMlMjBhbmQlMjBkaXJlY3RvcmllcyUyMiUwQSUyMFBPU1RfQlJFQUNIX1RSQVBfQ09NTUFORCUyMCUzRCUyMCUyMkV4ZWN1dGUlMjBjb21tYW5kJTIwd2hlbiUyMGElMjBwYXJ0aWN1bGFyJTIwc2lnbmFsJTIwaXMlMjByZWNlaXZlZCUyMiUwQSUyMFBPU1RfQlJFQUNIX1NFVFVJRF9TRVRHSUQlMjAlM0QlMjAlMjJTZXR1aWQlMjBhbmQlMjBTZXRnaWQlMjIlMEEtUE9TVF9CUkVBQ0hfSk9CX1NDSEVEVUxJTkclMjAlM0QlMjAlMjJTY2hlZHVsZSUyMGpvYnMlMjIlMEElMkIlMjMlMjBTd2ltbWVyJTNBJTIwUFVUJTIwVEhFJTIwTkVXJTIwQ09OU1QlMjBIRVJFISUwQSUyMFBPU1RfQlJFQUNIX1RJTUVTVE9NUElORyUyMCUzRCUyMCUyMk1vZGlmeSUyMGZpbGVzJyUyMHRpbWVzdGFtcHMlMjIlMEElMjBQT1NUX0JSRUFDSF9TSUdORURfU0NSSVBUX1BST1hZX0VYRUMlMjAlM0QlMjAlMjJTaWduZWQlMjBzY3JpcHQlMjBwcm94eSUyMGV4ZWN1dGlvbiUyMiUwQSUyMFBPU1RfQlJFQUNIX0FDQ09VTlRfRElTQ09WRVJZJTIwJTNEJTIwJTIyQWNjb3VudCUyMGRpc2NvdmVyeSUyMiUwQQ==",
"tests": [],
"hints": [
"See the `Timestomping` PBA. How is the name of the PBA set?"
],
"files": {
"monkey/common/data/post_breach_consts.py": {
"index": [
"25e6679c..46d802de",
"100644"
],
"fileA": "monkey/common/data/post_breach_consts.py",
"fileB": "monkey/common/data/post_breach_consts.py",
"status": "MODIFIED",
"numLineDeletions": 1,
"numLineAdditions": 1,
"hunkContainers": [
"JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC01JTJDNyUyMCUyQjUlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfU0hFTExfU1RBUlRVUF9GSUxFX01PRElGSUNBVElPTiUyMCUzRCUyMCU1QyUyMk1vZGlmeSUyMHNoZWxsJTIwc3RhcnR1cCUyMGZpbGUlNUMlMjIlMjIlMkMlMjJjaGFuZ2VzJTIyJTNBJTVCJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwUE9TVF9CUkVBQ0hfSElEREVOX0ZJTEVTJTIwJTNEJTIwJTVDJTIySGlkZSUyMGZpbGVzJTIwYW5kJTIwZGlyZWN0b3JpZXMlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E1JTJDJTIyYiUyMiUzQTUlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9UUkFQX0NPTU1BTkQlMjAlM0QlMjAlNUMlMjJFeGVjdXRlJTIwY29tbWFuZCUyMHdoZW4lMjBhJTIwcGFydGljdWxhciUyMHNpZ25hbCUyMGlzJTIwcmVjZWl2ZWQlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E2JTJDJTIyYiUyMiUzQTYlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TRVRVSURfU0VUR0lEJTIwJTNEJTIwJTVDJTIyU2V0dWlkJTIwYW5kJTIwU2V0Z2lkJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNyUyQyUyMmIlMjIlM0E3JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMlBPU1RfQlJFQUNIX0pPQl9TQ0hFRFVMSU5HJTIwJTNEJTIwJTVDJTIyU2NoZWR1bGUlMjBqb2JzJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJhZGQlMjIlMkMlMjJtYXJrJTIyJTNBJTIyJTJCJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMyUyMFN3aW1tZXIlM0ElMjBQVVQlMjBUSEUlMjBORVclMjBDT05TVCUyMEhFUkUhJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMFBPU1RfQlJFQUNIX1RJTUVTVE9NUElORyUyMCUzRCUyMCU1QyUyMk1vZGlmeSUyMGZpbGVzJyUyMHRpbWVzdGFtcHMlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E5JTJDJTIyYiUyMiUzQTklN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TSUdORURfU0NSSVBUX1BST1hZX0VYRUMlMjAlM0QlMjAlNUMlMjJTaWduZWQlMjBzY3JpcHQlMjBwcm94eSUyMGV4ZWN1dGlvbiU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEwJTJDJTIyYiUyMiUzQTEwJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwUE9TVF9CUkVBQ0hfQUNDT1VOVF9ESVNDT1ZFUlklMjAlM0QlMjAlNUMlMjJBY2NvdW50JTIwZGlzY292ZXJ5JTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTElMkMlMjJiJTIyJTNBMTElN0QlN0QlNUQlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ElN0IlMjJzdGFydExpbmUlMjIlM0E1JTJDJTIybGluZXNDb3VudCUyMiUzQTclN0QlMkMlMjJiJTIyJTNBJTdCJTIyc3RhcnRMaW5lJTIyJTNBNSUyQyUyMmxpbmVzQ291bnQlMjIlM0E3JTdEJTdEJTdEJTdE"
]
}
},
"app_version": "0.1.90",
"file_version": "1.0.2"
}

View File

@ -15,7 +15,7 @@ Want to help secure networks? That's great!
Here's a few short links to help you get started. Here's a few short links to help you get started.
* [Getting up and running](../setup-development-environment) - To help you get a working development setup. * [Getting up and running](./setup-development-environment) - To help you get a working development setup.
* [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - Some guidelines to help you submit. * [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - Some guidelines to help you submit.
## What are we looking for? ## What are we looking for?

View File

@ -17,4 +17,4 @@ This section of the documentation is incomplete and under active construction.
See these documentation pages for information on each configuration value: See these documentation pages for information on each configuration value:
{{% children description=true %}} {{% children description=true style="p"%}}

View File

@ -15,7 +15,7 @@ After deploying the Monkey Island in your environment, navigate to `https://<ser
### First-time login ### First-time login
On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../accounts-and-security). On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../../setup/accounts-and-security).
### Run the Monkey ### Run the Monkey

View File

@ -11,4 +11,4 @@ pre: "<i class='fas fa-directions'></i> "
The Monkey likes working together. See these documentation pages for information on each integration the Monkey currently offers: The Monkey likes working together. See these documentation pages for information on each integration the Monkey currently offers:
{{% children description=true %}} {{% children description=true style="p"%}}

View File

@ -18,4 +18,4 @@ No worries! The Monkey uses safe exploiters and does not cause any permanent sys
## Section contents ## Section contents
{{% children description=True %}} {{% children description=True style="p"%}}

View File

@ -0,0 +1,38 @@
---
title: "MITRE ATT&CK assessment"
date: 2020-10-22T16:58:22+03:00
draft: false
description: "Assess your network security detection and prevention capabilities."
weight: 2
---
## Overview
Infection Monkey can simulate various [ATT&CK](https://attack.mitre.org/matrices/enterprise/) techniques on the network.
Use it to assess your security solutions detection and prevention capabilities. Infection Monkey will help you find
which ATT&CK techniques go unnoticed and will provide recommendations about preventing them.
## Configuration
- **ATT&CK matrix** You can use ATT&CK configuration section to select which techniques you want the Monkey to simulate.
Leave default settings for the full simulation.
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. We use most popular passwords
and usernames, but feel free to adjust it according to the default passwords used in your network. Keep in mind that
long lists means longer scanning times.
- **Network -> Scope** Disable “Local network scan” and instead provide specific network ranges in
the “Scan target list”.
![ATT&CK matrix](/images/usage/scenarios/attack-matrix.png "ATT&CK matrix")
## Suggested run mode
Run the Infection Monkey on as many machines in your environment as you can to get a better assessment. This can be easily
achieved by selecting the “Manual” run option and executing the command shown on different machines in your environment
manually or with your deployment tool.
## Assessing results
The **ATT&CK Report** shows the status of ATT&CK techniques simulations. Click on any technique to see more details
about it and potential mitigations. Keep in mind that each technique display contains a question mark symbol that
will take you to the official documentation of ATT&CK technique, where you can learn more about it.

View File

@ -1,9 +1,9 @@
--- ---
title: "Credential Leak" title: "Credentials Leak"
date: 2020-08-12T13:04:25+03:00 date: 2020-08-12T13:04:25+03:00
draft: false draft: false
description: "Assess the impact of successful phishing attack, insider threat, or other form of credentials leak." description: "Assess the impact of a successful phishing attack, insider threat, or other form of credentials leak."
weight: 4 weight: 5
--- ---
## Overview ## Overview
@ -16,8 +16,6 @@ where these credentials can be reused.
## Configuration ## Configuration
#### Important configuration values:
- **Exploits -> Credentials** After setting up the Island add the users **real** credentials - **Exploits -> Credentials** After setting up the Island add the users **real** credentials
(usernames and passwords) to the Monkeys configuration (Dont worry, this sensitive data is not accessible and is not (usernames and passwords) to the Monkeys configuration (Dont worry, this sensitive data is not accessible and is not
distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Islands configuration). distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Islands configuration).
@ -26,15 +24,14 @@ For this to work, Monkey Island or initial Monkey needs to have access to SSH ke
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey
(content of keys will not be displayed, it will appear as `<Object>`). (content of keys will not be displayed, it will appear as `<Object>`).
To simulate the damage from a successful phishing attack using the Infection Monkey, choose machines in your network ## Suggested run mode
from potentially problematic group of machines, such as the laptop of one of your heavy email users or
one of your strong IT users (think of people who are more likely to correspond with people outside of Execute the Monkey on a chosen machine in your network using the “Manual” run option.
your organization). Execute the Monkey on chosen machines by clicking on “**1. Run Monkey**” from the left sidebar menu Run the Monkey as a privileged user to make sure it gathers as many credentials from the system as possible.
and choosing “**Run on machine of your choice**”.
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists") ![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
## Assessing results ## Assessing results
To assess the impact of leaked credentials see Security report. It's possible, that credential leak resulted in even To assess the impact of leaked credentials see Security report. It's possible that credential leak resulted in even
more leaked credentials, for that look into **Security report -> Stolen credentials**. more leaked credentials, for that look into **Security report -> Stolen credentials**.

View File

@ -1,55 +0,0 @@
---
title: "IDS/IPS Test"
date: 2020-08-12T13:07:47+03:00
draft: false
description: "Test your network defence solutions."
weight: 5
---
## Overview
The Infection Monkey can help you verify that your security solutions are working the way you expected them to.
These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
## Configuration
#### Important configuration values:
- **Monkey -> Post breach** Post breach actions simulate the actions an attacker would make on infected system.
To test something not present on the tool, you can provide your own file or command to be ran.
The default configuration is good enough for many cases, but configuring testing scope and adding brute-force
credentials is a good bet in any scenario.
Running the Monkey on both the Island and on a few other machines in the network manually is also recommended,
as it increases coverage and propagation rates.
![Post breach configuration](/images/usage/use-cases/ids-test.PNG "Post breach configuration")
## Assessing results
After running the Monkey, follow the Monkeys actions on the Monkey Islands infection map.
Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security
solutions are identifying and correctly alerting on different attacks.
- The red arrows indicate successful exploitations. If you see red arrows, those incidents ought to be reported as
exploitation attempts, so check whether you are receiving alerts from your security systems as expected.
- The orange arrows indicate scanning activity, usually used by attackers to locate potential vulnerabilities.
If you see orange arrows, those incidents ought to be reported as scanning attempts (and possibly as segmentation violations).
- The blue arrows indicate tunneling activity, usually used by attackers to infiltrate “protected” networks from
the Internet. Perhaps someone is trying to bypass your firewall to gain access to a protected service in your network?
Check if your micro-segmentation / firewall solution identify or report anything.
While running this scenario, be on the lookout for the action that should arise:
Did you get a phone call telling you about suspicious activity inside your network? Are events flowing
into your security events aggregators? Are you getting emails from your IR teams?
Is the endpoint protection software you installed on machines in the network reporting on anything? Are your
compliance scanners detecting anything wrong?
Lastly, check Zero Trust and Mitre ATT&CK reports, to see which attacks can be executed on the network and how to
fix it.
![Map](/images/usage/use-cases/map-full-cropped.png "Map")

View File

@ -3,7 +3,7 @@ title: "Network Breach"
date: 2020-08-12T13:04:55+03:00 date: 2020-08-12T13:04:55+03:00
draft: false draft: false
description: "Simulate an internal network breach and assess the potential impact." description: "Simulate an internal network breach and assess the potential impact."
weight: 1 weight: 3
--- ---
## Overview ## Overview
@ -17,7 +17,6 @@ Infection Monkey will help you assess the impact of internal network breach, by
## Configuration ## Configuration
#### Important configuration values:
- **Exploits -> Exploits** You can review the exploits Infection Monkey will be using. By default all - **Exploits -> Exploits** You can review the exploits Infection Monkey will be using. By default all
safe exploiters are selected. safe exploiters are selected.
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. We use most popular passwords - **Exploits -> Credentials** This configuration value will be used for brute-forcing. We use most popular passwords
@ -34,6 +33,15 @@ all post breach actions. These actions simulate attacker's behaviour after getti
![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector") ![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector")
## Suggested run mode
Decide which machines you want to simulate a breach on and use the “Manual” run option to start Monkeys there.
Use high privileges to run the Monkey to simulate an attacker that was able to elevate its privileges.
You could also simulate an attack initiated from an unidentified machine connected to the network (a technician
laptop, 3rd party vendor machine, etc) by running the Monkey on a dedicated machine with an IP in the network you
wish to test.
## Assessing results ## Assessing results
Check infection map and security report to see how far monkey managed to propagate in the network and which Check infection map and security report to see how far monkey managed to propagate in the network and which

View File

@ -2,18 +2,18 @@
title: "Network Segmentation" title: "Network Segmentation"
date: 2020-08-12T13:05:05+03:00 date: 2020-08-12T13:05:05+03:00
draft: false draft: false
description: "Test network segmentation policies for apps that need ringfencing or tiers that require microsegmentation." description: "Verify your network is properly segmented."
weight: 3 weight: 4
--- ---
## Overview ## Overview
Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to
isolate workloads from one another and secure them individually, typically using policies. isolate workloads from one another and secure them individually, typically using policies. A useful way to test
A useful way to test the effectiveness of your segmentation is to ensure that your network segments are the effectiveness of your segmentation is to ensure that your network segments are properly separated, e,g, your
properly separated, e,g, your Development is separated from your Production, your applications are separated from one Development is separated from your Production, your applications are separated from one another etc. Use the
another etc. To security test is to verify that your network segmentation is configured properly. This way you make Infection Monkey to verify that your network segmentation is configured properly. This way you make sure that
sure that even if a certain attacker has breached your defenses, it cant move laterally from point A to point B. even if a certain attacker has breached your defenses, it cant move laterally between segments.
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing [Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing
the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with
@ -21,8 +21,6 @@ its cross-segment traffic testing feature.
## Configuration ## Configuration
#### Important configuration values:
- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define - **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
subnets that should be segregated from each other. If any of provided networks can reach each other, you'll see it subnets that should be segregated from each other. If any of provided networks can reach each other, you'll see it
in security report. in security report.
@ -32,12 +30,12 @@ its cross-segment traffic testing feature.
all post breach actions. These actions simulate attacker's behaviour after getting access to a new system, so they all post breach actions. These actions simulate attacker's behaviour after getting access to a new system, so they
might trigger your defence solutions which will interrupt segmentation test. might trigger your defence solutions which will interrupt segmentation test.
Execute Monkeys on machines in different subnetworks manually, by choosing “**1. Run Monkey**” from the left sidebar menu ## Suggested run mode
and clicking on “**Run on machine of your choice**”.
Alternatively, you could provide valid credentials and allow Monkey to propagate to relevant subnetworks by itself. Execute Monkeys on machines in different subnetworks using the “Manual” run option.
Note that if Monkey can't communicate to the Island, it will Note that if Monkey can't communicate to the Island, it will
not be able to send scan results, so make sure all machines can reach the island. not be able to send scan results, so make sure all machines can reach the island.
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing") ![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")

View File

@ -2,7 +2,7 @@
title: "Other" title: "Other"
date: 2020-08-12T13:07:55+03:00 date: 2020-08-12T13:07:55+03:00
draft: false draft: false
description: "Tips and tricks about configuring monkey for your needs." description: "Tips and tricks about configuring Monkeys for your needs."
weight: 100 weight: 100
--- ---
@ -10,33 +10,52 @@ weight: 100
This page provides additional information about configuring monkeys, tips and tricks and creative usage scenarios. This page provides additional information about configuring monkeys, tips and tricks and creative usage scenarios.
## ATT&CK & Zero Trust scanning ## Custom behaviour
You can use **ATT&CK** configuration section to select which techniques you want to scan. Keep in mind that ATT&CK If you want Monkey to run some kind of script or a tool after it breaches a machine, you can configure it in
matrix configuration just changes the overall configuration by modifying related fields, thus you should start by **Configuration -> Monkey -> Post breach**. Just input commands you want executed in the corresponding fields.
modifying and saving the matrix. After that you can change credentials and scope of the scan, but exploiters, You can also upload files and call them through commands you entered in command fields.
post breach actions and other configuration values will be already chosen based on ATT&CK matrix and shouldn't be
modified.
There's currently no way to configure monkey using Zero Trust framework, but regardless of configuration options,
you'll always be able to see ATT&CK and Zero Trust reports.
## Tips and tricks ## Accelerate the test
- Use **Monkey -> Persistent scanning** configuration section to either have periodic scans or to increase To improve scanning speed you could **specify a subnet instead of scanning all of the local network**.
reliability of exploitations.
- To increase propagation run monkey as root/administrator. This will ensure that monkey will gather credentials
on current system and use them to move laterally.
- Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the islands configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration: The following configuration values also have an impact on scanning speed:
- **Credentials** - the more usernames and passwords you input, the longer it will take the Monkey to scan machines having
remote access services. Monkeys try to stay elusive and leave a low impact, thus brute forcing takes longer than with
loud conventional tools.
- **Network scope** - scanning large networks with a lot of propagations can become unwieldy. Instead, try to scan your
networks bit by bit with multiple runs.
- **Post breach actions** - you can disable most of these if you only care about propagation.
- **Internal -> TCP scanner** - you can trim the list of ports monkey tries to scan increasing performance even further.
## Combining different scenarios
Infection Monkey is not limited to the scenarios mentioned in this section, once you get the hang of configuring it,
you might come up with your own use case or test all of suggested scenarios at the same time! Whatever you do,
Security, ATT&CK and Zero Trust reports will be waiting for you!
## Persistent scanning
Use **Monkey -> Persistent** scanning configuration section to either have periodic scans or to increase reliability of
exploitations by running consecutive Infection Monkey scans.
## Credentials
Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale
passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the islands
configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old
passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the
configuration:
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists") ![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
- To see the Monkey executing in real-time on your servers, add the **post-breach action** command: `wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server. let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored inside your network. See below: ## Check logged and monitored terminals
To see the Monkey executing in real-time on your servers, add the **post-breach action** command:
`wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on
the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server.
Let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored
inside your network. See below:
![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.") ![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.")
- If you're scanning a large network, consider narrowing the scope and scanning it bit by bit if scan times become too
long. Lowering the amount of credentials, exploiters or post breach actions can also help to lower scanning times.

View File

@ -0,0 +1,42 @@
---
title: "Zero Trust assessment"
date: 2020-10-22T16:58:09+03:00
draft: false
description: "See where you stand in your Zero Trust journey."
weight: 1
---
## Overview
Infection Monkey will help you assess your progress on your journey to achieve Zero Trust network.
The Infection Monkey will automatically assess your readiness across the different
[Zero Trust Extended Framework](https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210) principles.
## Configuration
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. We use most popular passwords
and usernames, but feel free to adjust it according to the default passwords used in your network.
Keep in mind that long lists means longer scanning times.
- **Network -> Scope** Disable “Local network scan” and instead provide specific network ranges in the “Scan target list”.
- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
subnets that should be segregated from each other.
In general, other configuration value defaults should be good enough, but feel free to see the “Other” section
for tips and tricks about other features and in-depth configuration parameters you can use.
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
## Suggested run mode
Run the Monkey on as many machines as you can. This can be easily achieved by selecting the “Manual” run option and
executing the command shown on different machines in your environment manually or with your deployment tool.
In addition, you can use any other run options you see fit.
## Assessing results
See the results in the Zero Trust report section. “The Summary” section will give you an idea about which Zero Trust
pillars were tested, how many tests were done and test statuses. Specific tests are described in the “Test Results”
section. The “Findings” section shows details about the Monkey actions. Click on “Events” of different findings to
observe what exactly Infection Monkey did and when it was done. This should make it easy to cross reference events
with your security solutions and alerts/logs.

Binary file not shown.

After

Width:  |  Height:  |  Size: 158 KiB

2
docs/themes/learn vendored

@ -1 +1 @@
Subproject commit 4fdb70e3639143076ce2cd7d5a69cc1df8e78caf Subproject commit 045d78bc98540c9b96518df73c05fdb9d16507ba

View File

@ -1098,6 +1098,26 @@ fullTest.conf is a good config to start, because it covers all machines.
</tbody> </tbody>
</table> </table>
<table>
<thead>
<tr class="header">
<th><p>Nr. <strong>25</strong> ZeroLogon</p>
<p>(10.2.2.25)</p></th>
<th>(Vulnerable)</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td>OS:</td>
<td><strong>Server 2016</strong></td>
</tr>
<tr class="even">
<td>Default servers port:</td>
<td>135</td>
</tr>
</tbody>
</table>
<table> <table>
<thead> <thead>
<tr class="header"> <tr class="header">

View File

@ -85,6 +85,10 @@ data "google_compute_image" "struts2-24" {
name = "struts2-24" name = "struts2-24"
project = local.monkeyzoo_project project = local.monkeyzoo_project
} }
data "google_compute_image" "zerologon-25" {
name = "zerologon-25"
project = local.monkeyzoo_project
}
data "google_compute_image" "island-linux-250" { data "google_compute_image" "island-linux-250" {
name = "island-linux-250" name = "island-linux-250"
project = local.monkeyzoo_project project = local.monkeyzoo_project

View File

@ -432,6 +432,21 @@ resource "google_compute_instance_from_template" "struts2-24" {
} }
} }
resource "google_compute_instance_from_template" "zerologon-25" {
name = "${local.resource_prefix}zerologon-25"
source_instance_template = local.default_windows
boot_disk{
initialize_params {
image = data.google_compute_image.zerologon-25.self_link
}
auto_delete = true
}
network_interface {
subnetwork="${local.resource_prefix}monkeyzoo-main"
network_ip="10.2.2.25"
}
}
resource "google_compute_instance_from_template" "island-linux-250" { resource "google_compute_instance_from_template" "island-linux-250" {
name = "${local.resource_prefix}island-linux-250" name = "${local.resource_prefix}island-linux-250"
machine_type = "n1-standard-2" machine_type = "n1-standard-2"

View File

@ -4,6 +4,7 @@ import requests
from common.cloud.environment_names import Environment from common.cloud.environment_names import Environment
from common.cloud.instance import CloudInstance from common.cloud.instance import CloudInstance
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
LATEST_AZURE_METADATA_API_VERSION = "2019-04-30" LATEST_AZURE_METADATA_API_VERSION = "2019-04-30"
AZURE_METADATA_SERVICE_URL = "http://169.254.169.254/metadata/instance?api-version=%s" % LATEST_AZURE_METADATA_API_VERSION AZURE_METADATA_SERVICE_URL = "http://169.254.169.254/metadata/instance?api-version=%s" % LATEST_AZURE_METADATA_API_VERSION
@ -32,7 +33,9 @@ class AzureInstance(CloudInstance):
self.on_azure = False self.on_azure = False
try: try:
response = requests.get(AZURE_METADATA_SERVICE_URL, headers={"Metadata": "true"}) response = requests.get(AZURE_METADATA_SERVICE_URL,
headers={"Metadata": "true"},
timeout=SHORT_REQUEST_TIMEOUT)
self.on_azure = True self.on_azure = True
# If not on cloud, the metadata URL is non-routable and the connection will fail. # If not on cloud, the metadata URL is non-routable and the connection will fail.

View File

@ -4,6 +4,7 @@ import requests
from common.cloud.environment_names import Environment from common.cloud.environment_names import Environment
from common.cloud.instance import CloudInstance from common.cloud.instance import CloudInstance
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -26,7 +27,7 @@ class GcpInstance(CloudInstance):
try: try:
# If not on GCP, this domain shouldn't resolve. # If not on GCP, this domain shouldn't resolve.
response = requests.get(GCP_METADATA_SERVICE_URL) response = requests.get(GCP_METADATA_SERVICE_URL, timeout=SHORT_REQUEST_TIMEOUT)
if response: if response:
logger.debug("Got ok metadata response: on GCP") logger.debug("Got ok metadata response: on GCP")

View File

@ -0,0 +1,3 @@
SHORT_REQUEST_TIMEOUT = 2.5 # Seconds. Use where we expect timeout.
MEDIUM_REQUEST_TIMEOUT = 5 # Seconds. Use where we don't expect timeout.
LONG_REQUEST_TIMEOUT = 15 # Seconds. Use where we don't expect timeout and operate heavy data.

View File

@ -20,3 +20,7 @@ class CredentialsNotRequiredError(RegistrationNotNeededError):
class AlreadyRegisteredError(RegistrationNotNeededError): class AlreadyRegisteredError(RegistrationNotNeededError):
""" Raise to indicate the reason why registration is not required """ """ Raise to indicate the reason why registration is not required """
class VersionServerConnectionError(Exception):
""" Raise to indicate that connection to version update server failed """

View File

@ -9,6 +9,9 @@ from requests.exceptions import ConnectionError
import infection_monkey.monkeyfs as monkeyfs import infection_monkey.monkeyfs as monkeyfs
import infection_monkey.tunnel as tunnel import infection_monkey.tunnel as tunnel
from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT,
MEDIUM_REQUEST_TIMEOUT,
SHORT_REQUEST_TIMEOUT)
from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
from infection_monkey.config import GUID, WormConfiguration from infection_monkey.config import GUID, WormConfiguration
from infection_monkey.network.info import check_internet_access, local_ips from infection_monkey.network.info import check_internet_access, local_ips
@ -81,7 +84,7 @@ class ControlClient(object):
if ControlClient.proxies: if ControlClient.proxies:
debug_message += " through proxies: %s" % ControlClient.proxies debug_message += " through proxies: %s" % ControlClient.proxies
LOG.debug(debug_message) LOG.debug(debug_message)
requests.get("https://%s/api?action=is-up" % (server,), # noqa: DUO123 requests.get(f"https://{server}/api?action=is-up", # noqa: DUO123
verify=False, verify=False,
proxies=ControlClient.proxies, proxies=ControlClient.proxies,
timeout=TIMEOUT_IN_SECONDS) timeout=TIMEOUT_IN_SECONDS)
@ -121,7 +124,8 @@ class ControlClient(object):
data=json.dumps(monkey), data=json.dumps(monkey),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT)
except Exception as exc: except Exception as exc:
LOG.warning("Error connecting to control server %s: %s", LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc) WormConfiguration.current_server, exc)
@ -138,7 +142,8 @@ class ControlClient(object):
data=json.dumps(telemetry), data=json.dumps(telemetry),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT)
except Exception as exc: except Exception as exc:
LOG.warning("Error connecting to control server %s: %s", LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc) WormConfiguration.current_server, exc)
@ -153,7 +158,8 @@ class ControlClient(object):
data=json.dumps(telemetry), data=json.dumps(telemetry),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT)
except Exception as exc: except Exception as exc:
LOG.warning("Error connecting to control server %s: %s", LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc) WormConfiguration.current_server, exc)
@ -165,7 +171,8 @@ class ControlClient(object):
try: try:
reply = requests.get("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123 reply = requests.get("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT)
except Exception as exc: except Exception as exc:
LOG.warning("Error connecting to control server %s: %s", LOG.warning("Error connecting to control server %s: %s",
@ -194,7 +201,8 @@ class ControlClient(object):
data=json.dumps({'config_error': True}), data=json.dumps({'config_error': True}),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT)
except Exception as exc: except Exception as exc:
LOG.warning("Error connecting to control server %s: %s", WormConfiguration.current_server, exc) LOG.warning("Error connecting to control server %s: %s", WormConfiguration.current_server, exc)
return {} return {}
@ -255,7 +263,8 @@ class ControlClient(object):
download = requests.get("https://%s/api/monkey/download/%s" % # noqa: DUO123 download = requests.get("https://%s/api/monkey/download/%s" % # noqa: DUO123
(WormConfiguration.current_server, filename), (WormConfiguration.current_server, filename),
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT)
with monkeyfs.open(dest_file, 'wb') as file_obj: with monkeyfs.open(dest_file, 'wb') as file_obj:
for chunk in download.iter_content(chunk_size=DOWNLOAD_CHUNK): for chunk in download.iter_content(chunk_size=DOWNLOAD_CHUNK):
@ -281,7 +290,8 @@ class ControlClient(object):
reply = requests.post("https://%s/api/monkey/download" % (WormConfiguration.current_server,), # noqa: DUO123 reply = requests.post("https://%s/api/monkey/download" % (WormConfiguration.current_server,), # noqa: DUO123
data=json.dumps(host_dict), data=json.dumps(host_dict),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, proxies=ControlClient.proxies) verify=False, proxies=ControlClient.proxies,
timeout=LONG_REQUEST_TIMEOUT)
if 200 == reply.status_code: if 200 == reply.status_code:
result_json = reply.json() result_json = reply.json()
filename = result_json.get('filename') filename = result_json.get('filename')
@ -323,7 +333,8 @@ class ControlClient(object):
return requests.get(PBA_FILE_DOWNLOAD % # noqa: DUO123 return requests.get(PBA_FILE_DOWNLOAD % # noqa: DUO123
(WormConfiguration.current_server, filename), (WormConfiguration.current_server, filename),
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies,
timeout=LONG_REQUEST_TIMEOUT)
except requests.exceptions.RequestException: except requests.exceptions.RequestException:
return False return False
@ -334,7 +345,8 @@ class ControlClient(object):
T1216_PBA_FILE_DOWNLOAD_PATH), T1216_PBA_FILE_DOWNLOAD_PATH),
verify=False, verify=False,
proxies=ControlClient.proxies, proxies=ControlClient.proxies,
stream=True) stream=True,
timeout=MEDIUM_REQUEST_TIMEOUT)
except requests.exceptions.RequestException: except requests.exceptions.RequestException:
return False return False
@ -352,7 +364,7 @@ class ControlClient(object):
def can_island_see_port(port): def can_island_see_port(port):
try: try:
url = f"https://{WormConfiguration.current_server}/api/monkey_control/check_remote_port/{port}" url = f"https://{WormConfiguration.current_server}/api/monkey_control/check_remote_port/{port}"
response = requests.get(url, verify=False) response = requests.get(url, verify=False, timeout=SHORT_REQUEST_TIMEOUT)
response = json.loads(response.content.decode()) response = json.loads(response.content.decode())
return response['status'] == "port_visible" return response['status'] == "port_visible"
except requests.exceptions.RequestException: except requests.exceptions.RequestException:
@ -362,4 +374,5 @@ class ControlClient(object):
def report_start_on_island(): def report_start_on_island():
requests.post(f"https://{WormConfiguration.current_server}/api/monkey_control/started_on_island", requests.post(f"https://{WormConfiguration.current_server}/api/monkey_control/started_on_island",
data=json.dumps({'started_on_island': True}), data=json.dumps({'started_on_island': True}),
verify=False) verify=False,
timeout=MEDIUM_REQUEST_TIMEOUT)

View File

@ -9,6 +9,8 @@ from urllib.parse import urljoin
import requests import requests
from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT,
MEDIUM_REQUEST_TIMEOUT)
from common.network.network_utils import remove_port from common.network.network_utils import remove_port
from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.model import ID_STRING from infection_monkey.model import ID_STRING
@ -75,7 +77,8 @@ class DrupalExploiter(WebRCE):
response = requests.get(f'{url}?_format=hal_json', # noqa: DUO123 response = requests.get(f'{url}?_format=hal_json', # noqa: DUO123
json=payload, json=payload,
headers={"Content-Type": "application/hal+json"}, headers={"Content-Type": "application/hal+json"},
verify=False) verify=False,
timeout=MEDIUM_REQUEST_TIMEOUT)
if is_response_cached(response): if is_response_cached(response):
LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring') LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
@ -92,7 +95,8 @@ class DrupalExploiter(WebRCE):
r = requests.get(f'{url}?_format=hal_json', # noqa: DUO123 r = requests.get(f'{url}?_format=hal_json', # noqa: DUO123
json=payload, json=payload,
headers={"Content-Type": "application/hal+json"}, headers={"Content-Type": "application/hal+json"},
verify=False) verify=False,
timeout=LONG_REQUEST_TIMEOUT)
if is_response_cached(r): if is_response_cached(r):
LOG.info(f'Exploiting {url} returned cache HIT, may have failed') LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
@ -136,7 +140,9 @@ def find_exploitbale_article_ids(base_url: str, lower: int = 1, upper: int = 100
articles = set() articles = set()
while lower < upper: while lower < upper:
node_url = urljoin(base_url, str(lower)) node_url = urljoin(base_url, str(lower))
response = requests.get(node_url, verify=False) # noqa: DUO123 response = requests.get(node_url,
verify=False,
timeout=LONG_REQUEST_TIMEOUT) # noqa: DUO123
if response.status_code == 200: if response.status_code == 200:
if is_response_cached(response): if is_response_cached(response):
LOG.info(f'Found a cached article at: {node_url}, skipping') LOG.info(f'Found a cached article at: {node_url}, skipping')

View File

@ -11,6 +11,7 @@ import string
import requests import requests
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth) get_monkey_depth)
from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.tools.http_tools import HTTPTools
@ -59,18 +60,20 @@ class HadoopExploiter(WebRCE):
def exploit(self, url, command): def exploit(self, url, command):
# Get the newly created application id # Get the newly created application id
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application")) resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application"),
timeout=LONG_REQUEST_TIMEOUT)
resp = json.loads(resp.content) resp = json.loads(resp.content)
app_id = resp['application-id'] app_id = resp['application-id']
# Create a random name for our application in YARN # Create a random name for our application in YARN
rand_name = ID_STRING + "".join([random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)]) rand_name = ID_STRING + "".join([random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)])
payload = self.build_payload(app_id, rand_name, command) payload = self.build_payload(app_id, rand_name, command)
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/"), json=payload) resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/"), json=payload, timeout=LONG_REQUEST_TIMEOUT)
return resp.status_code == 202 return resp.status_code == 202
def check_if_exploitable(self, url): def check_if_exploitable(self, url):
try: try:
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application")) resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application"),
timeout=LONG_REQUEST_TIMEOUT)
except requests.ConnectionError: except requests.ConnectionError:
return False return False
return resp.status_code == 200 return resp.status_code == 200

View File

@ -170,7 +170,11 @@ class InfectionMonkey(object):
for finger in self._fingerprint: for finger in self._fingerprint:
LOG.info("Trying to get OS fingerprint from %r with module %s", LOG.info("Trying to get OS fingerprint from %r with module %s",
machine, finger.__class__.__name__) machine, finger.__class__.__name__)
finger.get_host_fingerprint(machine) try:
finger.get_host_fingerprint(machine)
except BaseException as exc:
LOG.error("Failed to run fingerprinter %s, exception %s" % finger.__class__.__name__,
str(exc))
ScanTelem(machine).send() ScanTelem(machine).send()

View File

@ -0,0 +1,109 @@
"""
Implementation from https://github.com/SecuraBV/CVE-2020-1472
"""
import logging
import nmb.NetBIOS
from impacket.dcerpc.v5 import epm, nrpc, transport
from infection_monkey.network.HostFinger import HostFinger
LOG = logging.getLogger(__name__)
class WindowsServerFinger(HostFinger):
# Class related consts
MAX_ATTEMPTS = 2000
_SCANNED_SERVICE = "NTLM (NT LAN Manager)"
def get_host_fingerprint(self, host):
"""
Checks if the Windows Server is vulnerable to Zerologon.
"""
DC_IP = host.ip_addr
DC_NAME = self.get_dc_name(DC_IP)
if DC_NAME: # if it is a Windows DC
# Keep authenticating until successful.
# Expected average number of attempts needed: 256.
# Approximate time taken by 2000 attempts: 40 seconds.
DC_HANDLE = '\\\\' + DC_NAME
LOG.info('Performing Zerologon authentication attempts...')
rpc_con = None
for _ in range(0, self.MAX_ATTEMPTS):
try:
rpc_con = self.try_zero_authenticate(DC_HANDLE, DC_IP, DC_NAME)
if rpc_con is not None:
break
except Exception as ex:
LOG.info(ex)
break
self.init_service(host.services, self._SCANNED_SERVICE, '')
if rpc_con:
LOG.info('Success: Domain Controller can be fully compromised by a Zerologon attack.')
host.services[self._SCANNED_SERVICE]['is_vulnerable'] = True
return True
else:
LOG.info('Failure: Target is either patched or an unexpected error was encountered.')
host.services[self._SCANNED_SERVICE]['is_vulnerable'] = False
return False
else:
LOG.info('Error encountered; most likely not a Windows Domain Controller.')
return False
def get_dc_name(self, DC_IP):
"""
Gets NetBIOS name of the Domain Controller (DC).
"""
try:
nb = nmb.NetBIOS.NetBIOS()
name = nb.queryIPForName(ip=DC_IP) # returns either a list of NetBIOS names or None
return name[0] if name else None
except BaseException as ex:
LOG.info(f'Exception: {ex}')
def try_zero_authenticate(self, DC_HANDLE, DC_IP, DC_NAME):
# Connect to the DC's Netlogon service.
binding = epm.hept_map(DC_IP, nrpc.MSRPC_UUID_NRPC,
protocol='ncacn_ip_tcp')
rpc_con = transport.DCERPCTransportFactory(binding).get_dce_rpc()
rpc_con.connect()
rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
# Use an all-zero challenge and credential.
plaintext = b'\x00' * 8
ciphertext = b'\x00' * 8
# Standard flags observed from a Windows 10 client (including AES), with only the sign/seal flag disabled.
flags = 0x212fffff
# Send challenge and authentication request.
nrpc.hNetrServerReqChallenge(
rpc_con, DC_HANDLE + '\x00', DC_NAME + '\x00', plaintext)
try:
server_auth = nrpc.hNetrServerAuthenticate3(
rpc_con, DC_HANDLE + '\x00', DC_NAME +
'$\x00', nrpc.NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel,
DC_NAME + '\x00', ciphertext, flags
)
# It worked!
assert server_auth['ErrorCode'] == 0
return rpc_con
except nrpc.DCERPCSessionError as ex:
if ex.get_error_code() == 0xc0000022: # STATUS_ACCESS_DENIED error; if not this, probably some other issue.
pass
else:
raise Exception(f'Unexpected error code: {ex.get_error_code()}.')
except BaseException as ex:
raise Exception(f'Unexpected error: {ex}.')

View File

@ -15,5 +15,7 @@ class ScheduleJobs(PBA):
super(ScheduleJobs, self).__init__(name=POST_BREACH_JOB_SCHEDULING, super(ScheduleJobs, self).__init__(name=POST_BREACH_JOB_SCHEDULING,
linux_cmd=' '.join(linux_cmds), linux_cmd=' '.join(linux_cmds),
windows_cmd=windows_cmds) windows_cmd=windows_cmds)
def run(self):
super(ScheduleJobs, self).run()
remove_scheduled_jobs() remove_scheduled_jobs()

View File

@ -5,7 +5,7 @@ SCHEDULED_TASK_COMMAND = r'C:\windows\system32\cmd.exe'
def get_windows_commands_to_schedule_jobs(): def get_windows_commands_to_schedule_jobs():
return f'schtasks /Create /SC monthly /TN {SCHEDULED_TASK_NAME} /TR {SCHEDULED_TASK_COMMAND}' return f'schtasks /Create /SC monthly /F /TN {SCHEDULED_TASK_NAME} /TR {SCHEDULED_TASK_COMMAND}'
def get_windows_commands_to_remove_scheduled_jobs(): def get_windows_commands_to_remove_scheduled_jobs():

View File

@ -25,9 +25,9 @@ class PostBreach(object):
""" """
Executes all post breach actions. Executes all post breach actions.
""" """
pool = Pool(5) with Pool(5) as pool:
pool.map(self.run_pba, self.pba_list) pool.map(self.run_pba, self.pba_list)
LOG.info("All PBAs executed. Total {} executed.".format(len(self.pba_list))) LOG.info("All PBAs executed. Total {} executed.".format(len(self.pba_list)))
@staticmethod @staticmethod
def config_to_pba_list() -> Sequence[PBA]: def config_to_pba_list() -> Sequence[PBA]:
@ -40,5 +40,6 @@ class PostBreach(object):
try: try:
LOG.debug("Executing PBA: '{}'".format(pba.name)) LOG.debug("Executing PBA: '{}'".format(pba.name))
pba.run() pba.run()
LOG.debug(f"Execution of {pba.name} finished")
except Exception as e: except Exception as e:
LOG.error("PBA {} failed. Error info: {}".format(pba.name, e)) LOG.error("PBA {} failed. Error info: {}".format(pba.name, e))

View File

@ -12,5 +12,6 @@ pycryptodome==3.9.8
pyftpdlib==1.5.6 pyftpdlib==1.5.6
pymssql<3.0 pymssql<3.0
pypykatz==0.3.12 pypykatz==0.3.12
pysmb==1.2.5
requests>=2.24 requests>=2.24
wmi==1.5.1 ; sys_platform == 'win32' wmi==1.5.1 ; sys_platform == 'win32'

View File

@ -11,6 +11,7 @@ import requests
import infection_monkey.control import infection_monkey.control
import infection_monkey.monkeyfs as monkeyfs import infection_monkey.monkeyfs as monkeyfs
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
from infection_monkey.network.tools import get_interface_to_target from infection_monkey.network.tools import get_interface_to_target
from infection_monkey.transport.base import (TransportProxyBase, from infection_monkey.transport.base import (TransportProxyBase,
update_last_serve_time) update_last_serve_time)
@ -123,7 +124,8 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler):
r = requests.post(url=dest_path, r = requests.post(url=dest_path,
data=post_data, data=post_data,
verify=False, verify=False,
proxies=infection_monkey.control.ControlClient.proxies) proxies=infection_monkey.control.ControlClient.proxies,
timeout=SHORT_REQUEST_TIMEOUT)
self.send_response(r.status_code) self.send_response(r.status_code)
except requests.exceptions.ConnectionError as e: except requests.exceptions.ConnectionError as e:
LOG.error("Couldn't forward request to the island: {}".format(e)) LOG.error("Couldn't forward request to the island: {}".format(e))

View File

@ -7,6 +7,7 @@ import pymongo
import requests import requests
import urllib3 import urllib3
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
from monkey_island.cc.environment import Environment from monkey_island.cc.environment import Environment
# Disable "unverified certificate" warnings when sending requests to island # Disable "unverified certificate" warnings when sending requests to island
@ -32,7 +33,10 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
# The island server doesn't always have a correct SSL cert installed # The island server doesn't always have a correct SSL cert installed
# (By default it comes with a self signed one), # (By default it comes with a self signed one),
# that's why we're not verifying the cert in this request. # that's why we're not verifying the cert in this request.
r = requests.post(url=island_server_path, data=post_data, verify=False) # noqa: DUO123 r = requests.post(url=island_server_path,
data=post_data,
verify=False,
timeout=SHORT_REQUEST_TIMEOUT) # noqa: DUO123
try: try:
if r.status_code != 200: if r.status_code != 200:

View File

@ -56,7 +56,6 @@ FINGER_CLASSES = {
"info": "Checks if Microsoft SQL service is running and tries to gather information about it.", "info": "Checks if Microsoft SQL service is running and tries to gather information about it.",
"attack_techniques": ["T1210"] "attack_techniques": ["T1210"]
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": [
@ -65,6 +64,15 @@ FINGER_CLASSES = {
"title": "ElasticFinger", "title": "ElasticFinger",
"info": "Checks if ElasticSearch is running and attempts to find it's version.", "info": "Checks if ElasticSearch is running and attempts to find it's version.",
"attack_techniques": ["T1210"] "attack_techniques": ["T1210"]
},
{
"type": "string",
"enum": [
"WindowsServerFinger"
],
"title": "WindowsServerFinger",
"info": "Checks if server is a Windows Server and tests if it is vulnerable to Zerologon.",
"attack_techniques": ["T1210"]
} }
] ]
} }

View File

@ -222,7 +222,8 @@ INTERNAL = {
"HTTPFinger", "HTTPFinger",
"MySQLFinger", "MySQLFinger",
"MSSQLFinger", "MSSQLFinger",
"ElasticFinger" "ElasticFinger",
"WindowsServerFinger"
] ]
} }
} }

View File

@ -3,6 +3,7 @@ import logging
import requests import requests
import monkey_island.cc.environment.environment_singleton as env_singleton import monkey_island.cc.environment.environment_singleton as env_singleton
from common.utils.exceptions import VersionServerConnectionError
from common.version import get_version from common.version import get_version
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
@ -29,8 +30,8 @@ class VersionUpdateService:
if VersionUpdateService.newer_version is None: if VersionUpdateService.newer_version is None:
try: try:
VersionUpdateService.newer_version = VersionUpdateService._check_new_version() VersionUpdateService.newer_version = VersionUpdateService._check_new_version()
except Exception: except VersionServerConnectionError:
logger.exception('Failed updating version number') logger.info('Failed updating version number')
return VersionUpdateService.newer_version return VersionUpdateService.newer_version
@ -42,7 +43,11 @@ class VersionUpdateService:
""" """
url = VersionUpdateService.VERSION_SERVER_CHECK_NEW_URL % (env_singleton.env.get_deployment(), get_version()) url = VersionUpdateService.VERSION_SERVER_CHECK_NEW_URL % (env_singleton.env.get_deployment(), get_version())
reply = requests.get(url, timeout=15) try:
reply = requests.get(url, timeout=7)
except requests.exceptions.RequestException:
logger.info("Can't get latest monkey version, probably no connection to the internet.")
raise VersionServerConnectionError
res = reply.json().get('newer_version', None) res = reply.json().get('newer_version', None)

View File

@ -1156,9 +1156,9 @@
} }
}, },
"@emotion/core": { "@emotion/core": {
"version": "10.0.28", "version": "10.0.34",
"resolved": "https://registry.npmjs.org/@emotion/core/-/core-10.0.28.tgz", "resolved": "https://registry.npmjs.org/@emotion/core/-/core-10.0.34.tgz",
"integrity": "sha512-pH8UueKYO5jgg0Iq+AmCLxBsvuGtvlmiDCOuv8fGNYn3cowFpLN98L8zO56U0H1PjDIyAlXymgL3Wu7u7v6hbA==", "integrity": "sha512-Kcs8WHZG1NgaVFQsSpgN07G0xpfPAKUclwKvUqKrYrJovezl9uTz++1M4JfXHrgFVEiJ5QO46hMo1ZDDfvY/tw==",
"requires": { "requires": {
"@babel/runtime": "^7.5.5", "@babel/runtime": "^7.5.5",
"@emotion/cache": "^10.0.27", "@emotion/cache": "^10.0.27",
@ -3112,9 +3112,9 @@
"dev": true "dev": true
}, },
"bootstrap": { "bootstrap": {
"version": "4.5.1", "version": "4.5.2",
"resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.5.1.tgz", "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.5.2.tgz",
"integrity": "sha512-bxUooHBSbvefnIZfjD0LE8nfdPKrtiFy2sgrxQwUZ0UpFzpjVbVMUxaGIoo9XWT4B2LG1HX6UQg0UMOakT0prQ==" "integrity": "sha512-vlGn0bcySYl/iV+BGA544JkkZP5LB3jsmkeKLFQakCOwCM3AOk7VkldBz4jrzSe+Z0Ezn99NVXa1o45cQY4R6A=="
}, },
"boxen": { "boxen": {
"version": "4.2.0", "version": "4.2.0",
@ -6516,18 +6516,18 @@
} }
}, },
"got": { "got": {
"version": "11.5.2", "version": "11.6.0",
"resolved": "https://registry.npmjs.org/got/-/got-11.5.2.tgz", "resolved": "https://registry.npmjs.org/got/-/got-11.6.0.tgz",
"integrity": "sha512-yUhpEDLeuGiGJjRSzEq3kvt4zJtAcjKmhIiwNp/eUs75tRlXfWcHo5tcBaMQtnjHWC7nQYT5HkY/l0QOQTkVww==", "integrity": "sha512-ErhWb4IUjQzJ3vGs3+RR12NWlBDDkRciFpAkQ1LPUxi6OnwhGj07gQxjPsyIk69s7qMihwKrKquV6VQq7JNYLA==",
"requires": { "requires": {
"@sindresorhus/is": "^3.0.0", "@sindresorhus/is": "^3.1.1",
"@szmarczak/http-timer": "^4.0.5", "@szmarczak/http-timer": "^4.0.5",
"@types/cacheable-request": "^6.0.1", "@types/cacheable-request": "^6.0.1",
"@types/responselike": "^1.0.0", "@types/responselike": "^1.0.0",
"cacheable-lookup": "^5.0.3", "cacheable-lookup": "^5.0.3",
"cacheable-request": "^7.0.1", "cacheable-request": "^7.0.1",
"decompress-response": "^6.0.0", "decompress-response": "^6.0.0",
"http2-wrapper": "^1.0.0-beta.5.0", "http2-wrapper": "^1.0.0-beta.5.2",
"lowercase-keys": "^2.0.0", "lowercase-keys": "^2.0.0",
"p-cancelable": "^2.0.0", "p-cancelable": "^2.0.0",
"responselike": "^2.0.0" "responselike": "^2.0.0"
@ -14858,9 +14858,9 @@
} }
}, },
"snyk": { "snyk": {
"version": "1.373.0", "version": "1.373.1",
"resolved": "https://registry.npmjs.org/snyk/-/snyk-1.373.0.tgz", "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.373.1.tgz",
"integrity": "sha512-P/BF3DnMbP2NFHw4RcQ2w4MwashUH2/lkezNq0bn51OJqktfrn/aebcJxe6RtSKemww5z8DSen8D2REz1Vzc6Q==", "integrity": "sha512-R8f0IpBPlK5fMytP9X1Nrk//u2NKHQ+kv/PFi0SaCW80ksFP3zrC8oKXYBkvfYTm+56TVw8cZm888DwvEOL5zg==",
"requires": { "requires": {
"@snyk/cli-interface": "2.8.1", "@snyk/cli-interface": "2.8.1",
"@snyk/dep-graph": "1.18.3", "@snyk/dep-graph": "1.18.3",
@ -15504,9 +15504,9 @@
}, },
"dependencies": { "dependencies": {
"@types/node": { "@types/node": {
"version": "6.14.10", "version": "6.14.11",
"resolved": "https://registry.npmjs.org/@types/node/-/node-6.14.10.tgz", "resolved": "https://registry.npmjs.org/@types/node/-/node-6.14.11.tgz",
"integrity": "sha512-pF4HjZGSog75kGq7B1InK/wt/N08BuPATo+7HRfv7gZUzccebwv/fmWVGs/j6LvSiLWpCuGGhql51M/wcQsNzA==" "integrity": "sha512-htzPk08CmbGFjgIWaJut1oW2roZAAQxxOhkhsehCVLE7Uocx9wkcHfIQYdBWO7KqbuRvYrdBQtl5h5Mz/GxehA=="
}, },
"debug": { "debug": {
"version": "4.1.1", "version": "4.1.1",
@ -15607,9 +15607,9 @@
}, },
"dependencies": { "dependencies": {
"@types/node": { "@types/node": {
"version": "6.14.10", "version": "6.14.11",
"resolved": "https://registry.npmjs.org/@types/node/-/node-6.14.10.tgz", "resolved": "https://registry.npmjs.org/@types/node/-/node-6.14.11.tgz",
"integrity": "sha512-pF4HjZGSog75kGq7B1InK/wt/N08BuPATo+7HRfv7gZUzccebwv/fmWVGs/j6LvSiLWpCuGGhql51M/wcQsNzA==" "integrity": "sha512-htzPk08CmbGFjgIWaJut1oW2roZAAQxxOhkhsehCVLE7Uocx9wkcHfIQYdBWO7KqbuRvYrdBQtl5h5Mz/GxehA=="
}, },
"debug": { "debug": {
"version": "3.2.6", "version": "3.2.6",

View File

@ -59,13 +59,13 @@
"webpack-dev-server": "^3.11.0" "webpack-dev-server": "^3.11.0"
}, },
"dependencies": { "dependencies": {
"@emotion/core": "^10.0.22", "@emotion/core": "^10.0.34",
"@fortawesome/fontawesome-svg-core": "^1.2.29", "@fortawesome/fontawesome-svg-core": "^1.2.29",
"@fortawesome/free-regular-svg-icons": "^5.13.1", "@fortawesome/free-regular-svg-icons": "^5.13.1",
"@fortawesome/free-solid-svg-icons": "^5.13.1", "@fortawesome/free-solid-svg-icons": "^5.13.1",
"@fortawesome/react-fontawesome": "^0.1.11", "@fortawesome/react-fontawesome": "^0.1.11",
"@kunukn/react-collapse": "^1.2.7", "@kunukn/react-collapse": "^1.2.7",
"bootstrap": "^4.5.1", "bootstrap": "^4.5.2",
"classnames": "^2.2.6", "classnames": "^2.2.6",
"core-js": "^3.6.5", "core-js": "^3.6.5",
"d3": "^5.14.1", "d3": "^5.14.1",
@ -105,7 +105,7 @@
"react-tooltip-lite": "^1.12.0", "react-tooltip-lite": "^1.12.0",
"redux": "^4.0.4", "redux": "^4.0.4",
"sha3": "^2.1.3", "sha3": "^2.1.3",
"snyk": "^1.373.0" "snyk": "^1.373.1"
}, },
"snyk": true "snyk": true
} }

View File

@ -11,7 +11,7 @@ flask>=1.1
gevent>=20.9.0 gevent>=20.9.0
ipaddress>=1.0.23 ipaddress>=1.0.23
jsonschema==3.2.0 jsonschema==3.2.0
mongoengine>=0.20 mongoengine==0.20
mongomock==3.19.0 mongomock==3.19.0
netifaces>=0.10.9 netifaces>=0.10.9
pycryptodome==3.9.8 pycryptodome==3.9.8