Shreya Malviya
fcfa01223d
Project: Remove ProcessListCollector from Vulture allowlist
2022-02-16 17:06:17 +05:30
Shreya Malviya
6ab62c6f56
Docs: Change adding system info collectors' documentation to refer to
...
existing files
2022-02-16 17:06:17 +05:30
Shreya Malviya
a8059f021a
Island: Change config schema for process list collection
2022-02-16 17:06:10 +05:30
Shreya Malviya
4839f099a4
Agent: Add process list collection PBA
...
Instead of a system info collector, it is now a PBA.
2022-02-16 17:02:06 +05:30
Shreya Malviya
5d01f12d45
Common: Add PBA const and remove system info collector const for process list collection
2022-02-16 17:02:01 +05:30
Mike Salvatore
976c46cf86
Merge pull request #1715 from guardicore/1695-credential-collectors
...
Agent: define credential collector, credentials interfaces
2022-02-15 14:34:47 -05:00
Mike Salvatore
a9bb2dee70
Agent: Renumber the CredentialType Enum
2022-02-15 14:26:15 -05:00
Mike Salvatore
879abf3df0
Agent: Export MimikatzCredentialCollector from credential_collectors
2022-02-15 14:21:07 -05:00
Mike Salvatore
0583cab8e0
Agent: Rename mimikatz_cred_collector.py to match the class name
2022-02-15 14:17:28 -05:00
Mike Salvatore
569159b11a
Agent: Move the definition of ICredentialCollector to i_puppet
...
Low-level components plug into high-level components. i_puppet defines
all of the interfaces that puppets can use, while the concrete
implementations of these things rely on the definitions in i_puppet.
2022-02-15 14:07:59 -05:00
Mike Salvatore
c39fb6746d
Agent: Rename ICredentialComponent.type -> credential_type
...
"type" is built-in function in Python. To avoid confusion or a potential
name collision, this commit renames the ICredentialComponent.type field
to ICredentialComponent.credential_type
2022-02-15 13:47:01 -05:00
Mike Salvatore
236b545816
UT: Extract function collect_credentials() to reduce code duplication
2022-02-15 13:30:13 -05:00
Mike Salvatore
86f2c7b08c
UT: Parametrize test_mimikatz_collector.test_empty_results()
2022-02-15 13:28:38 -05:00
Mike Salvatore
ebd5642b52
Agent: Refactor credentials and credential_components as dataclasses
...
Using frozen dataclasses for Credentials and ICredentialComponents
automatically creates a useful __eq__() function that allows us to
easily compare credentials-related objects.
2022-02-15 12:27:56 -05:00
vakarisz
811434ff22
Agent: improved type hints in mimikatz_cred_collector.py
2022-02-15 18:41:19 +02:00
vakarisz
ac376a0014
Agent: change the interface of Credentials
...
Refactor from dataclass to object with tuples. This enforces read only identities and secrets so users don't modify them
2022-02-15 18:39:17 +02:00
vakarisz
8868fb9b0c
Agent: change ICredentialComponent interface
...
Interface changed from dataclass (dataclasses are not inheritable) to simple class with type abstract property
2022-02-15 18:35:32 +02:00
vakarisz
26806392ec
Agent: split up nt and lm hash credential types
2022-02-15 18:33:04 +02:00
vakarisz
d392de4a02
Agent: remove ssh_keypair, as it's not used anywhere
2022-02-15 18:32:00 +02:00
vakarisz
ae9fed3c2b
Agent: fixup typehints in ICredentialCollector
2022-02-15 16:16:43 +02:00
vakarisz
01612c402a
Agent: add options to ICredentialCollector interface
2022-02-15 15:25:42 +02:00
vakarisz
0fae933477
Agent: refactor content dict out of credential component
...
Content dict serves no purpose, because dataclasses can be serialized without explicit conversion to dict
2022-02-15 14:46:21 +02:00
vakarisz
b7003bc231
Agent: split up nt and lm hashes into separate credential components
2022-02-15 14:19:53 +02:00
vakarisz
9037dfdf99
Agent: rename CredentialTypes enum to CredentialType
2022-02-15 12:42:36 +02:00
vakarisz
02cdebb88b
Agent: fix ICredentialCollector return type-hint
2022-02-15 12:41:19 +02:00
vakarisz
f5740b2a6e
Agent: add mimikatz collector unit tests
2022-02-15 10:09:53 +01:00
vakarisz
a6c2762823
Agent: change mimikatz collector to return a list of credentials
2022-02-15 10:09:53 +01:00
vakarisz
2f1b57a526
Agent: fix pypykatz import in mimikatz_cred_collector.py
2022-02-15 10:09:53 +01:00
vakarisz
2ba793e0cf
Agent: move mimikatz collector to credential collectors
2022-02-15 10:09:53 +01:00
VakarisZ
144afc0fd3
Merge pull request #1712 from guardicore/1696-refactor-aws-collector
...
Agent: Refactor AWS collector
2022-02-14 17:12:28 +02:00
Ilija Lazoroski
ae13953f52
Agent: Run AWS Environment check in a thread
...
* Use Telemetry Messenger to send AWS telemetry
* Send only instance_id to AWS Instance Telemetry
* Rename AwsInstanceTelemetry to AWSInstanceTelemetry
2022-02-14 16:00:38 +01:00
vakarisz
6aa2160f31
Agent: refactor mimikatz_cred_collector to credential collector
2022-02-14 15:25:06 +02:00
Ilija Lazoroski
7f6496b330
Island, UT: Remove system info AWS Collector
2022-02-14 12:00:08 +01:00
Ilija Lazoroski
412a06fa9b
Island: Handle AWS info telemetry
2022-02-14 12:00:08 +01:00
Ilija Lazoroski
1f76a42279
Agent: Refactor AWS collector
2022-02-14 11:59:48 +01:00
vakarisz
c21cf681a4
Agent: define credential collector, credentials interfaces
2022-02-14 12:12:13 +02:00
VakarisZ
b0bd3f9c51
Merge pull request #1713 from guardicore/1690-investigate-pyinstaller-versions
...
1690 investigate pyinstaller versions
2022-02-14 11:47:47 +02:00
Mike Salvatore
414b1cb815
Agent: Add return type annotation to create_daemon_thread()
2022-02-12 09:44:04 -05:00
vakarisz
216a245329
Island: bumped pyinstaller to 4.9
2022-02-11 17:25:04 +02:00
vakarisz
a3ba7fb830
Agent: bumped pyinstaller to 4.9 and locked pywin32 to windows
2022-02-11 17:24:33 +02:00
vakarisz
40548e85c1
Agent: bump agent pyinstaller to 4.8
2022-02-11 15:37:31 +02:00
vakarisz
31abc065f6
Agent: add explicit requirements for for pywin32-ctypes and pefile
...
These are pyinstaller dependencies that don't get auto-resolved and installed for some reason
2022-02-11 12:40:59 +02:00
Mike Salvatore
5a8c072d6a
Merge pull request #1709 from guardicore/1601-fix-check-tcp-ports-bugs
...
Minor changes to TCP scanning
2022-02-10 12:23:29 -05:00
Ilija Lazoroski
543ff24ac3
UT: Add tests for tcp scanning
2022-02-10 18:14:36 +01:00
Mike Salvatore
36a2b3ff6b
Agent: Add sleep back into _check_tcp_ports()
2022-02-10 18:14:36 +01:00
Mike Salvatore
21ede3e341
Agent: Improve readability of _check_tcp_ports()
2022-02-10 18:14:36 +01:00
Mike Salvatore
2ae77ce897
Agent: Fix error when shutting down sockets in _check_tcp_ports()
...
An error is raised if shutdown() is called on a socket that has not
successfully connected. This commit modifies the cleanup logic so that
shutdown() is only called on sockets that are known to be connected and
close() is called on all sockets.
2022-02-10 18:14:36 +01:00
Mike Salvatore
a53b611759
Agent: Change _check_tcp_ports() to return Mapping[int, str]
2022-02-10 18:14:36 +01:00
Mike Salvatore
d3dd6ffeb0
Agent: Simplify logic in Timer.time_remaining
2022-02-10 18:14:36 +01:00
Shreya Malviya
eb1a322ff8
Agent: Rework return value in _check_tcp_ports in tcp_scanner.py
2022-02-10 18:14:36 +01:00