Commit Graph

7364 Commits

Author SHA1 Message Date
Shreya Malviya fcfa01223d Project: Remove ProcessListCollector from Vulture allowlist 2022-02-16 17:06:17 +05:30
Shreya Malviya 6ab62c6f56 Docs: Change adding system info collectors' documentation to refer to
existing files
2022-02-16 17:06:17 +05:30
Shreya Malviya a8059f021a Island: Change config schema for process list collection 2022-02-16 17:06:10 +05:30
Shreya Malviya 4839f099a4 Agent: Add process list collection PBA
Instead of a system info collector, it is now a PBA.
2022-02-16 17:02:06 +05:30
Shreya Malviya 5d01f12d45 Common: Add PBA const and remove system info collector const for process list collection 2022-02-16 17:02:01 +05:30
Mike Salvatore 976c46cf86
Merge pull request #1715 from guardicore/1695-credential-collectors
Agent: define credential collector, credentials interfaces
2022-02-15 14:34:47 -05:00
Mike Salvatore a9bb2dee70 Agent: Renumber the CredentialType Enum 2022-02-15 14:26:15 -05:00
Mike Salvatore 879abf3df0 Agent: Export MimikatzCredentialCollector from credential_collectors 2022-02-15 14:21:07 -05:00
Mike Salvatore 0583cab8e0 Agent: Rename mimikatz_cred_collector.py to match the class name 2022-02-15 14:17:28 -05:00
Mike Salvatore 569159b11a Agent: Move the definition of ICredentialCollector to i_puppet
Low-level components plug into high-level components. i_puppet defines
all of the interfaces that puppets can use, while the concrete
implementations of these things rely on the definitions in i_puppet.
2022-02-15 14:07:59 -05:00
Mike Salvatore c39fb6746d Agent: Rename ICredentialComponent.type -> credential_type
"type" is built-in function in Python. To avoid confusion or a potential
name collision, this commit renames the ICredentialComponent.type field
to ICredentialComponent.credential_type
2022-02-15 13:47:01 -05:00
Mike Salvatore 236b545816 UT: Extract function collect_credentials() to reduce code duplication 2022-02-15 13:30:13 -05:00
Mike Salvatore 86f2c7b08c UT: Parametrize test_mimikatz_collector.test_empty_results() 2022-02-15 13:28:38 -05:00
Mike Salvatore ebd5642b52 Agent: Refactor credentials and credential_components as dataclasses
Using frozen dataclasses for Credentials and ICredentialComponents
automatically creates a useful __eq__() function that allows us to
easily compare credentials-related objects.
2022-02-15 12:27:56 -05:00
vakarisz 811434ff22 Agent: improved type hints in mimikatz_cred_collector.py 2022-02-15 18:41:19 +02:00
vakarisz ac376a0014 Agent: change the interface of Credentials
Refactor from dataclass to object with tuples. This enforces read only identities and secrets so users don't modify them
2022-02-15 18:39:17 +02:00
vakarisz 8868fb9b0c Agent: change ICredentialComponent interface
Interface changed from dataclass (dataclasses are not inheritable) to simple class with type abstract property
2022-02-15 18:35:32 +02:00
vakarisz 26806392ec Agent: split up nt and lm hash credential types 2022-02-15 18:33:04 +02:00
vakarisz d392de4a02 Agent: remove ssh_keypair, as it's not used anywhere 2022-02-15 18:32:00 +02:00
vakarisz ae9fed3c2b Agent: fixup typehints in ICredentialCollector 2022-02-15 16:16:43 +02:00
vakarisz 01612c402a Agent: add options to ICredentialCollector interface 2022-02-15 15:25:42 +02:00
vakarisz 0fae933477 Agent: refactor content dict out of credential component
Content dict serves no purpose, because dataclasses can be serialized without explicit conversion to dict
2022-02-15 14:46:21 +02:00
vakarisz b7003bc231 Agent: split up nt and lm hashes into separate credential components 2022-02-15 14:19:53 +02:00
vakarisz 9037dfdf99 Agent: rename CredentialTypes enum to CredentialType 2022-02-15 12:42:36 +02:00
vakarisz 02cdebb88b Agent: fix ICredentialCollector return type-hint 2022-02-15 12:41:19 +02:00
vakarisz f5740b2a6e Agent: add mimikatz collector unit tests 2022-02-15 10:09:53 +01:00
vakarisz a6c2762823 Agent: change mimikatz collector to return a list of credentials 2022-02-15 10:09:53 +01:00
vakarisz 2f1b57a526 Agent: fix pypykatz import in mimikatz_cred_collector.py 2022-02-15 10:09:53 +01:00
vakarisz 2ba793e0cf Agent: move mimikatz collector to credential collectors 2022-02-15 10:09:53 +01:00
VakarisZ 144afc0fd3
Merge pull request #1712 from guardicore/1696-refactor-aws-collector
Agent: Refactor AWS collector
2022-02-14 17:12:28 +02:00
Ilija Lazoroski ae13953f52 Agent: Run AWS Environment check in a thread
* Use Telemetry Messenger to send AWS telemetry
* Send only instance_id to AWS Instance Telemetry
* Rename AwsInstanceTelemetry to AWSInstanceTelemetry
2022-02-14 16:00:38 +01:00
vakarisz 6aa2160f31 Agent: refactor mimikatz_cred_collector to credential collector 2022-02-14 15:25:06 +02:00
Ilija Lazoroski 7f6496b330 Island, UT: Remove system info AWS Collector 2022-02-14 12:00:08 +01:00
Ilija Lazoroski 412a06fa9b Island: Handle AWS info telemetry 2022-02-14 12:00:08 +01:00
Ilija Lazoroski 1f76a42279 Agent: Refactor AWS collector 2022-02-14 11:59:48 +01:00
vakarisz c21cf681a4 Agent: define credential collector, credentials interfaces 2022-02-14 12:12:13 +02:00
VakarisZ b0bd3f9c51
Merge pull request #1713 from guardicore/1690-investigate-pyinstaller-versions
1690 investigate pyinstaller versions
2022-02-14 11:47:47 +02:00
Mike Salvatore 414b1cb815 Agent: Add return type annotation to create_daemon_thread() 2022-02-12 09:44:04 -05:00
vakarisz 216a245329 Island: bumped pyinstaller to 4.9 2022-02-11 17:25:04 +02:00
vakarisz a3ba7fb830 Agent: bumped pyinstaller to 4.9 and locked pywin32 to windows 2022-02-11 17:24:33 +02:00
vakarisz 40548e85c1 Agent: bump agent pyinstaller to 4.8 2022-02-11 15:37:31 +02:00
vakarisz 31abc065f6 Agent: add explicit requirements for for pywin32-ctypes and pefile
These are pyinstaller dependencies that don't get auto-resolved and installed for some reason
2022-02-11 12:40:59 +02:00
Mike Salvatore 5a8c072d6a
Merge pull request #1709 from guardicore/1601-fix-check-tcp-ports-bugs
Minor changes to TCP scanning
2022-02-10 12:23:29 -05:00
Ilija Lazoroski 543ff24ac3 UT: Add tests for tcp scanning 2022-02-10 18:14:36 +01:00
Mike Salvatore 36a2b3ff6b Agent: Add sleep back into _check_tcp_ports() 2022-02-10 18:14:36 +01:00
Mike Salvatore 21ede3e341 Agent: Improve readability of _check_tcp_ports() 2022-02-10 18:14:36 +01:00
Mike Salvatore 2ae77ce897 Agent: Fix error when shutting down sockets in _check_tcp_ports()
An error is raised if shutdown() is called on a socket that has not
successfully connected. This commit modifies the cleanup logic so that
shutdown() is only called on sockets that are known to be connected and
close() is called on all sockets.
2022-02-10 18:14:36 +01:00
Mike Salvatore a53b611759 Agent: Change _check_tcp_ports() to return Mapping[int, str] 2022-02-10 18:14:36 +01:00
Mike Salvatore d3dd6ffeb0 Agent: Simplify logic in Timer.time_remaining 2022-02-10 18:14:36 +01:00
Shreya Malviya eb1a322ff8 Agent: Rework return value in _check_tcp_ports in tcp_scanner.py 2022-02-10 18:14:36 +01:00