Ilija Lazoroski
f8b56dd171
Agent: Add T1098 (Account Manipulation) to ZerologonExploiter
2022-08-17 00:58:45 +02:00
Ilija Lazoroski
3c8091d242
Agent: Add T1003 tag to zerologon exploiter
2022-08-17 00:58:45 +02:00
Ilija Lazoroski
b0f76383c4
Agent: Change zerologon tag to `zerologon-exploiter
...
`
2022-08-17 00:58:45 +02:00
Ilija Lazoroski
550c7465fa
Agent: Add IEventQueue to ExploitWrapper
2022-08-17 00:58:45 +02:00
Ilija Lazoroski
d400fcb215
Agent: Extract zerologon tags into constant
2022-08-17 00:58:45 +02:00
Ilija Lazoroski
aaef2f1f81
UT: Fix Powershell tests to accept IEventQueue
2022-08-17 00:58:45 +02:00
Ilija Lazoroski
76bbe62c3b
Agent: Modify Zerologon to publish CredentialsStolenEvent
2022-08-17 00:55:09 +02:00
Ilija Lazoroski
f171e548f3
Agent: Modify exploiter wrapper to accept IEventQueue
2022-08-17 00:55:09 +02:00
Ilija Lazoroski
c6cb477474
Agent: Add event_queue to the exploit_host in HostExploiter
2022-08-17 00:55:09 +02:00
Ilija Lazoroski
fb0f7c86af
Agent: Remove usage of CredentialsInterceptingTelemetryMessenger
2022-08-17 00:24:59 +02:00
Ilija Lazoroski
8dd6c5b7c2
Agent: Remove CredentialsInterceptingTelemetryMessenger
2022-08-17 00:21:05 +02:00
Mike Salvatore
2edaf52140
Merge pull request #2196 from guardicore/2176-modify-ssh-collector-for-events
...
2176 modify ssh collector for events
2022-08-16 12:41:14 -04:00
Ilija Lazoroski
eec48e9cd8
Agent: Remove target from SSHCredentialCollector event construction
2022-08-16 17:31:02 +02:00
Ilija Lazoroski
205ff84b31
Common: Add defaults for each argument in AbstractEvent
2022-08-16 17:30:30 +02:00
Ilija Lazoroski
b3d37d9223
Agent: Change SSHCredentialCollector tag to lowercase
2022-08-16 17:27:43 +02:00
Ilija Lazoroski
5466bd5dba
UT: Remove unneeded fixture in SSHCredentialCollector tests
2022-08-16 17:26:25 +02:00
Ilija Lazoroski
142136dd41
Agent: Remove duplication in SSHCredentialCollector
2022-08-16 17:14:37 +02:00
Ilija Lazoroski
d38a386f67
Agent: Add prefix `attack-` to attack tecniques tags
2022-08-16 14:25:28 +02:00
Ilija Lazoroski
c18ceff85d
Agent: Remove unneeded variable in SSHCredentialCollector
2022-08-16 14:24:26 +02:00
Ilija Lazoroski
ea9082d412
Agent: Remove hack_event from CredentialsStolenEvent
2022-08-16 14:23:25 +02:00
Mike Salvatore
1d79d98689
Agent: Rename credentials_store -> propagation_credentials_repository
2022-08-16 08:17:04 -04:00
Ilija Lazoroski
c3557caf1c
Agent: Add _ATTACK_TECHNIQUE_ to attack_technique tags
2022-08-16 14:11:16 +02:00
Ilija Lazoroski
fdd0368837
Agent: Extract SSH collector tags into constants
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
706a626d24
Agent: Move subscribtion to a separate method for readability
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
2a94a67767
Agent: Rename usr_info to user_info in ssh_handler
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
88bb856859
Common: Reorder params in docstring AbstractEvent
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
8f5681b1df
Agent: Init a callable class and subscribe to it
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
d672fcfffe
Agent: Fix a typo in ssh_handler
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
03d569cc00
Agent: Init SSHCredentialCollector with an IEventQueue
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
4aa71cba7e
Agent: Remove default values from CredentialsStolenEvent creation
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
486a7a9225
Common: Use a temporary hack to define non-defaults from a inherited class event
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
5f631a78f7
Agent: Remove IGUID from config
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
39f07603a7
Agent: Define integer GUID and use it in ssh_handler
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
b22ccdb942
Agent: Publish CredentialsStolenEvent each time we find a SSHKeypair
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
e439a53bde
UT: Fix SSHCredentialCollector test to accept IEventQueue
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
2610666f93
Agent: Publish an CredentialsStolenEvent from SSHCredentialCollector
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
4952a544c0
Agent: Accept IEventQueue in SSHCollector constructor
2022-08-16 11:58:53 +02:00
Mike Salvatore
d09c1a689e
Merge pull request #2200 from guardicore/2191-fix-credentials-repository-get
...
2191 fix credentials repository get
2022-08-15 15:45:03 -04:00
Kekoa Kaaikala
e4f7707b66
Agent: Return credentials when credentials propagation fails
2022-08-15 19:25:54 +00:00
Kekoa Kaaikala
9e6a569393
Agent: Update credentials repository to cache per-instance
2022-08-15 19:25:54 +00:00
Mike Salvatore
500eeeb582
Merge pull request #2194 from guardicore/2191-trailing-url-slashes
...
Island: Remove trailing slashes before registering a URL
2022-08-15 14:25:28 -04:00
Kekoa Kaaikala
a67a4418c9
Island: Remove PropagationCredentials URL trailing slash
2022-08-15 18:04:56 +00:00
Mike Salvatore
96f794e192
UT: Mark TestEvent* classes with `__test__ = False`
2022-08-15 14:04:09 -04:00
Kekoa Kaaikala
19df4d9755
Island: Enforce "no trailing slash" rule for URLs
2022-08-15 18:01:32 +00:00
Mike Salvatore
4e9aa62c61
Merge pull request #2195 from guardicore/refactor-island-boot
...
Refactor island boot
2022-08-15 08:35:00 -04:00
Mike Salvatore
01e886f866
Project: Remove step in travis build to upgrade pipenv
...
It seems that every time a new version of pipenv is released it breaks
travis. For the moment, it seems that the magic combination is to
upgrade pip but not upgrade pipenv.
I've been unable to reproduce the issue outside of any environment other
than Travis CI.
Once we split our project up into multiple repos, we should strongly
consider switching to poetry.
2022-08-15 08:23:17 -04:00
Mike Salvatore
879f809aa4
Project: Use the latest pip in travis build
2022-08-15 07:37:36 -04:00
Mike Salvatore
fae4247505
Project: Add special `fix-travis` branch to travis build list
...
When attempting to fix an issue with travis, it's important to actually
run travis. In order to do this without a pull request, I've added a
special `fix-travis` branch to the list of branches travis is allowed to
build.
2022-08-15 07:34:39 -04:00
Mike Salvatore
9f89d3f508
Merge pull request #2193 from guardicore/2176-stolen-credentials-subscriber
...
2176 stolen credentials subscriber
2022-08-15 07:26:18 -04:00
Ilija Lazoroski
f6712c5f84
Agent: Subscribe CredentialsStolenEvent to the EventQueue
2022-08-15 10:02:00 +02:00