diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 7f8576941..b2ad3234a 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -4,7 +4,7 @@ from monkey_island.cc.models import Monkey from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082 from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188 from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064 -from monkey_island.cc.services.attack.technique_reports import T1136, T1156 +from monkey_island.cc.services.attack.technique_reports import T1136, T1156, T1504 from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.database import mongo from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report @@ -38,7 +38,8 @@ TECHNIQUES = {'T1210': T1210.T1210, 'T1021': T1021.T1021, 'T1064': T1064.T1064, 'T1136': T1136.T1136, - 'T1156': T1156.T1156 + 'T1156': T1156.T1156, + 'T1504': T1504.T1504 } REPORT_NAME = 'new_report' diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py index c834faab3..7ef15a509 100644 --- a/monkey/monkey_island/cc/services/attack/attack_schema.py +++ b/monkey/monkey_island/cc/services/attack/attack_schema.py @@ -89,6 +89,33 @@ SCHEMA = { "link": "https://attack.mitre.org/techniques/T1136", "description": "Adversaries with a sufficient level of access " "may create a local system, domain, or cloud tenant account." + }, + "T1504": { + "title": "PowerShell profile", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1504", + "description": "Adversaries may gain persistence and elevate privileges " + "in certain situations by abusing PowerShell profiles which " + "are scripts that run when PowerShell starts." + } + } + }, + "privilege_escalation": { + "title": "Privilege escalation", + "type": "object", + "link": "https://attack.mitre.org/tactics/TA0004/", + "properties": { + "T1504": { + "title": "PowerShell profile", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1504", + "description": "Adversaries may gain persistence and elevate privileges " + "in certain situations by abusing PowerShell profiles which " + "are scripts that run when PowerShell starts." } } }, diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1504.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1504.js new file mode 100644 index 000000000..f85bbffd2 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1504.js @@ -0,0 +1,45 @@ +import React from 'react'; +import ReactTable from 'react-table'; +import {renderMachineFromSystemData, ScanStatus} from './Helpers'; +import MitigationsComponent from './MitigationsComponent'; + +class T1504 extends React.Component { + + constructor(props) { + super(props); + } + + static getColumns() { + return ([{ + columns: [ + { Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'}}, + { Header: 'Result', + id: 'result', + accessor: x => x.result, + style: {'whiteSpace': 'unset'}} + ] + }]) + } + + render() { + return ( +
+
{this.props.data.message}
+
+ {this.props.data.status === ScanStatus.USED ? + : ''} + +
+ ); + } + } + + export default T1504;