Mike Salvatore
|
09f14687d3
|
Fixed minor typos in CHANGELOG.md
|
2021-08-30 09:44:20 -04:00 |
Mike Salvatore
|
318e71bcb4
|
Merge pull request #1433 from guardicore/1410/remove-backdoor-pba
Remove Backdoor user PBA
|
2021-08-30 09:43:13 -04:00 |
Mike Salvatore
|
1bf3013fc2
|
Update changelog for PR #1433
|
2021-08-30 09:41:18 -04:00 |
Ilija Lazoroski
|
7aa230e9d0
|
UT: Renamed Communicate as new user
|
2021-08-30 14:22:23 +02:00 |
Ilija Lazoroski
|
10697934d6
|
Rename Communicate as new user to Communicate as backdoor user
|
2021-08-30 14:01:40 +02:00 |
Mike Salvatore
|
805ef70db1
|
Merge pull request #1425 from guardicore/powershell_exploiter
PowerShell Remoting exploiter refactor
|
2021-08-30 07:54:29 -04:00 |
Ilija Lazoroski
|
7e293ac16d
|
Remove Backdoor user PBA
|
2021-08-30 13:46:07 +02:00 |
Mike Salvatore
|
02bd3efd2d
|
Merge pull request #1434 from guardicore/pba-use-random-pwd
Use random password for CommunicateAsNewUser PBA
|
2021-08-30 07:17:56 -04:00 |
Shreya Malviya
|
deb037c617
|
tests: Add unit tests for communicate as back door user PBA
|
2021-08-30 16:21:22 +05:30 |
Shreya Malviya
|
0f2f39f0a0
|
CHANGELOG: Update with entry for random password for CommunicateAsNewUser PBA
|
2021-08-30 16:21:22 +05:30 |
Shreya Malviya
|
f727e75697
|
agent: Use random password for CommunicateAsNewUser PBA
|
2021-08-30 16:21:22 +05:30 |
Shreya Malviya
|
54f80df1f4
|
bb: Remove extra line from end of file
|
2021-08-30 15:12:35 +05:30 |
Mike Salvatore
|
98fcfde389
|
Merge pull request #1426 from guardicore/1246/config-template-bb-test
Add PowerShell config and bb test
|
2021-08-26 09:19:03 -04:00 |
Shreya Malviya
|
57109c11a9
|
cc: Change 'powershell' -> 'PowerShell' in issue overview in security report
|
2021-08-26 17:06:19 +05:30 |
Ilija Lazoroski
|
9a96e6ed39
|
Zoo: Refactor start and stop gcp machine functions
|
2021-08-26 10:35:22 +02:00 |
Mike Salvatore
|
a80cd676b4
|
Common: Remove unused CredentialsError
|
2021-08-25 15:37:17 -04:00 |
Mike Salvatore
|
c875aa349f
|
Tests: Change test order/names in powershell_utils/test_utils.py
|
2021-08-25 15:33:46 -04:00 |
Mike Salvatore
|
8aedc2c391
|
Agent: Add pyinstaller hooks for pypsrp
|
2021-08-25 14:44:31 -04:00 |
Mike Salvatore
|
176828d458
|
Agent: Log exception if PowerShellExploiter fails to copy agent
|
2021-08-25 14:18:43 -04:00 |
Mike Salvatore
|
86d7879c31
|
Agent: Remove leading space from RUN_MONKEY string template
|
2021-08-25 13:33:03 -04:00 |
Mike Salvatore
|
e70d1c714b
|
Agent: Remove context manager from _authenticate()
Since the PowerShellExploiter's _authenticate() method returns the
client object, it doesn't make sense for it to be constructed in a
context manager.
|
2021-08-25 13:30:30 -04:00 |
Mike Salvatore
|
b871398682
|
Agent: Add useful logging to powershell exploiter
|
2021-08-25 13:30:30 -04:00 |
Shreya Malviya
|
876cdbeffa
|
island: Check if credential in exploit telemetry is `None` before processing it
|
2021-08-25 19:31:36 +05:30 |
Ilija Lazoroski
|
e6ca0fd3b6
|
Zoo: Parallelize start and stop of gcp machines
|
2021-08-25 10:07:41 +02:00 |
Mike Salvatore
|
1da79f78bf
|
Agent: Use format strings in powershell exploiter log statements
|
2021-08-24 15:32:51 -04:00 |
unknown
|
f046e9d7a7
|
Agent: Add pypsrp to PipFile
|
2021-08-24 15:11:15 -04:00 |
Mike Salvatore
|
af57272e36
|
Island: Update python dependencies (Flask-JWT-Extended 3.24.1 -> 4.*)
Resolves #1048
|
2021-08-24 14:35:50 -04:00 |
Mike Salvatore
|
dd56f3d650
|
Island: Fix minor formatting error
|
2021-08-24 13:37:40 -04:00 |
Mike Salvatore
|
c385177dac
|
Agent: Extract _build_monkey_execution_command() into powershell_utils
|
2021-08-24 13:14:29 -04:00 |
Mike Salvatore
|
58f23f4fc0
|
Agent: Extract powershell client parameters into powershell_utils
|
2021-08-24 13:13:37 -04:00 |
Mike Salvatore
|
4e7a95316e
|
Agent: Extract _get_credentials() into powershell_utils/utils.py
|
2021-08-24 12:53:37 -04:00 |
Mike Salvatore
|
aef8f2e37a
|
Agent: Extract method _build_monkey_execution_command
|
2021-08-24 12:16:52 -04:00 |
Mike Salvatore
|
1928f1b9bc
|
Agent: Remove "credentials" local variable
|
2021-08-24 12:11:59 -04:00 |
Mike Salvatore
|
a2bdc69388
|
Agent: Log and report exploitation attempts from PowerShellExploiter
|
2021-08-24 12:03:42 -04:00 |
Mike Salvatore
|
8209fa55df
|
Agent: Set client parameters if password is "" in PowerShellExploiter
|
2021-08-24 11:53:48 -04:00 |
Mike Salvatore
|
fb18c1cbd4
|
Agent: Only use "None" creds in powershell exploiter if host is Windows
|
2021-08-24 11:43:17 -04:00 |
Mike Salvatore
|
79cc82b159
|
Agent: Remove duplicated try/except if/else from PowerShellExploiter
|
2021-08-24 10:35:21 -04:00 |
Mike Salvatore
|
66527b1bde
|
Agent: Move Windows architecture constants from web_rce.py -> consts.py
|
2021-08-24 09:37:05 -04:00 |
Mike Salvatore
|
f1c247ad93
|
Agent: Refactored PowerShellExploiter authentication function names
|
2021-08-24 09:29:02 -04:00 |
Ilija Lazoroski
|
5cee9443ff
|
Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
Powershell-3-46. Powershell-45 moved to different zone
|
2021-08-24 15:11:22 +02:00 |
Ilija Lazoroski
|
9f2a4cb7e4
|
Zoo: Update terraform scripts. Update gcp test machine list with new zone
|
2021-08-24 11:56:09 +02:00 |
Ilija Lazoroski
|
305b2cf716
|
Zoo: Add PowerShell config and bb test
|
2021-08-24 10:32:54 +02:00 |
Shreya Malviya
|
e339932fde
|
island: Change 'Powershell' to 'PowerShell' in attack schema for T1210
|
2021-08-24 13:16:59 +05:30 |
Shreya Malviya
|
b6c3623e74
|
agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')
|
2021-08-24 13:15:47 +05:30 |
Shreya Malviya
|
72e0378335
|
agent: Fix import path in powershell exploiter
|
2021-08-24 11:52:12 +05:30 |
Shreya Malviya
|
ee9fde4005
|
agent: Refactor powershell remoting exploiter
|
2021-08-24 11:40:41 +05:30 |
Shreya Malviya
|
29788776fa
|
agent: Modify exploitation log messages in powershell exploiter
|
2021-08-24 11:40:41 +05:30 |
Shreya Malviya
|
04125e5e14
|
agent: Add separate function to set log levels for sensitive packages in powershell exploiter
|
2021-08-24 11:40:40 +05:30 |
Shreya Malviya
|
dc4a5fbb85
|
agent: Use variable 'is_32bit' for function argument
|
2021-08-24 11:40:40 +05:30 |
Shreya Malviya
|
ba8c44d22c
|
agent: Fix typos in powershell remoting exploiter
|
2021-08-24 11:40:40 +05:30 |