Commit Graph

10131 Commits

Author SHA1 Message Date
Ilija Lazoroski f8b56dd171 Agent: Add T1098 (Account Manipulation) to ZerologonExploiter 2022-08-17 00:58:45 +02:00
Ilija Lazoroski 3c8091d242 Agent: Add T1003 tag to zerologon exploiter 2022-08-17 00:58:45 +02:00
Ilija Lazoroski b0f76383c4 Agent: Change zerologon tag to `zerologon-exploiter
`
2022-08-17 00:58:45 +02:00
Ilija Lazoroski 550c7465fa Agent: Add IEventQueue to ExploitWrapper 2022-08-17 00:58:45 +02:00
Ilija Lazoroski d400fcb215 Agent: Extract zerologon tags into constant 2022-08-17 00:58:45 +02:00
Ilija Lazoroski aaef2f1f81 UT: Fix Powershell tests to accept IEventQueue 2022-08-17 00:58:45 +02:00
Ilija Lazoroski 76bbe62c3b Agent: Modify Zerologon to publish CredentialsStolenEvent 2022-08-17 00:55:09 +02:00
Ilija Lazoroski f171e548f3 Agent: Modify exploiter wrapper to accept IEventQueue 2022-08-17 00:55:09 +02:00
Ilija Lazoroski c6cb477474 Agent: Add event_queue to the exploit_host in HostExploiter 2022-08-17 00:55:09 +02:00
Ilija Lazoroski fb0f7c86af Agent: Remove usage of CredentialsInterceptingTelemetryMessenger 2022-08-17 00:24:59 +02:00
Ilija Lazoroski 8dd6c5b7c2 Agent: Remove CredentialsInterceptingTelemetryMessenger 2022-08-17 00:21:05 +02:00
Mike Salvatore 2edaf52140
Merge pull request #2196 from guardicore/2176-modify-ssh-collector-for-events
2176 modify ssh collector for events
2022-08-16 12:41:14 -04:00
Ilija Lazoroski eec48e9cd8 Agent: Remove target from SSHCredentialCollector event construction 2022-08-16 17:31:02 +02:00
Ilija Lazoroski 205ff84b31 Common: Add defaults for each argument in AbstractEvent 2022-08-16 17:30:30 +02:00
Ilija Lazoroski b3d37d9223 Agent: Change SSHCredentialCollector tag to lowercase 2022-08-16 17:27:43 +02:00
Ilija Lazoroski 5466bd5dba UT: Remove unneeded fixture in SSHCredentialCollector tests 2022-08-16 17:26:25 +02:00
Ilija Lazoroski 142136dd41 Agent: Remove duplication in SSHCredentialCollector 2022-08-16 17:14:37 +02:00
Ilija Lazoroski d38a386f67 Agent: Add prefix `attack-` to attack tecniques tags 2022-08-16 14:25:28 +02:00
Ilija Lazoroski c18ceff85d Agent: Remove unneeded variable in SSHCredentialCollector 2022-08-16 14:24:26 +02:00
Ilija Lazoroski ea9082d412 Agent: Remove hack_event from CredentialsStolenEvent 2022-08-16 14:23:25 +02:00
Mike Salvatore 1d79d98689 Agent: Rename credentials_store -> propagation_credentials_repository 2022-08-16 08:17:04 -04:00
Ilija Lazoroski c3557caf1c Agent: Add _ATTACK_TECHNIQUE_ to attack_technique tags 2022-08-16 14:11:16 +02:00
Ilija Lazoroski fdd0368837 Agent: Extract SSH collector tags into constants 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 706a626d24 Agent: Move subscribtion to a separate method for readability 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 2a94a67767 Agent: Rename usr_info to user_info in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 88bb856859 Common: Reorder params in docstring AbstractEvent 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 8f5681b1df Agent: Init a callable class and subscribe to it 2022-08-16 11:58:53 +02:00
Ilija Lazoroski d672fcfffe Agent: Fix a typo in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 03d569cc00 Agent: Init SSHCredentialCollector with an IEventQueue 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 4aa71cba7e Agent: Remove default values from CredentialsStolenEvent creation 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 486a7a9225 Common: Use a temporary hack to define non-defaults from a inherited class event 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 5f631a78f7 Agent: Remove IGUID from config 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 39f07603a7 Agent: Define integer GUID and use it in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski b22ccdb942 Agent: Publish CredentialsStolenEvent each time we find a SSHKeypair 2022-08-16 11:58:53 +02:00
Ilija Lazoroski e439a53bde UT: Fix SSHCredentialCollector test to accept IEventQueue 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 2610666f93 Agent: Publish an CredentialsStolenEvent from SSHCredentialCollector 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 4952a544c0 Agent: Accept IEventQueue in SSHCollector constructor 2022-08-16 11:58:53 +02:00
Mike Salvatore d09c1a689e
Merge pull request #2200 from guardicore/2191-fix-credentials-repository-get
2191 fix credentials repository get
2022-08-15 15:45:03 -04:00
Kekoa Kaaikala e4f7707b66 Agent: Return credentials when credentials propagation fails 2022-08-15 19:25:54 +00:00
Kekoa Kaaikala 9e6a569393 Agent: Update credentials repository to cache per-instance 2022-08-15 19:25:54 +00:00
Mike Salvatore 500eeeb582
Merge pull request #2194 from guardicore/2191-trailing-url-slashes
Island: Remove trailing slashes before registering a URL
2022-08-15 14:25:28 -04:00
Kekoa Kaaikala a67a4418c9 Island: Remove PropagationCredentials URL trailing slash 2022-08-15 18:04:56 +00:00
Mike Salvatore 96f794e192 UT: Mark TestEvent* classes with `__test__ = False` 2022-08-15 14:04:09 -04:00
Kekoa Kaaikala 19df4d9755 Island: Enforce "no trailing slash" rule for URLs 2022-08-15 18:01:32 +00:00
Mike Salvatore 4e9aa62c61
Merge pull request #2195 from guardicore/refactor-island-boot
Refactor island boot
2022-08-15 08:35:00 -04:00
Mike Salvatore 01e886f866 Project: Remove step in travis build to upgrade pipenv
It seems that every time a new version of pipenv is released it breaks
travis. For the moment, it seems that the magic combination is to
upgrade pip but not upgrade pipenv.

I've been unable to reproduce the issue outside of any environment other
than Travis CI.

Once we split our project up into multiple repos, we should strongly
consider switching to poetry.
2022-08-15 08:23:17 -04:00
Mike Salvatore 879f809aa4 Project: Use the latest pip in travis build 2022-08-15 07:37:36 -04:00
Mike Salvatore fae4247505 Project: Add special `fix-travis` branch to travis build list
When attempting to fix an issue with travis, it's important to actually
run travis. In order to do this without a pull request, I've added a
special `fix-travis` branch to the list of branches travis is allowed to
build.
2022-08-15 07:34:39 -04:00
Mike Salvatore 9f89d3f508
Merge pull request #2193 from guardicore/2176-stolen-credentials-subscriber
2176 stolen credentials subscriber
2022-08-15 07:26:18 -04:00
Ilija Lazoroski f6712c5f84 Agent: Subscribe CredentialsStolenEvent to the EventQueue 2022-08-15 10:02:00 +02:00