Mike Salvatore
c3ea714977
Merge pull request #1514 from guardicore/pba-attack-telemetry
...
Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same
2021-10-06 12:12:28 -04:00
Ilija Lazoroski
a11d1d5f1e
Agent: Changed note message for proxy schema
2021-10-06 18:10:46 +02:00
Ilija Lazoroski
3f33bc4a41
Agent: Consistent format string for set proxy
2021-10-06 18:05:30 +02:00
Ilija Lazoroski
87b882cb45
Agent: Set proxy schema for different OS
2021-10-06 16:53:55 +02:00
Shreya Malviya
5be841d08a
island: For ATT&CK techniques mapped to PBAs, consider hostname and IP
...
of the first entry in the PBA's results
2021-10-06 19:27:32 +05:30
Shreya Malviya
f7e37b0767
CHANGELOG: Add entry for bugix that wrongly reported the "`.bash_profile` and `.bashrc`" technique
2021-10-06 19:27:29 +05:30
Mike Salvatore
8310204e66
Tests: Test InvalidCiphertextError
2021-10-06 09:51:03 -04:00
Shreya Malviya
f347088412
CHANGELOG: Add entry for ATT&CK report telemetry bugfix
2021-10-06 16:05:58 +05:30
Shreya Malviya
c51f80ea3a
tests: Modify post breach telem's unit test
2021-10-06 15:58:23 +05:30
Shreya Malviya
e4f5f08a66
island: Remove unneeded mongo queries in ATT&CK techniques maped to PBAs
2021-10-06 14:50:10 +05:30
Shreya Malviya
81252e2b6a
island: When generating ATT&CK report for techniques mapped to PBAs, check telem event's OS and technique's relevant systems
2021-10-06 14:46:17 +05:30
Shreya Malviya
cccdf7f6c3
agent: Send OS info in post breach telem
2021-10-06 14:42:26 +05:30
Ilija Lazoroski
cafd983622
Agent: Change proxy scheme format to http
2021-10-06 10:24:41 +02:00
Mike Salvatore
e673667b34
Tests: Mark all tests in test_data_store_encryptor as slow
2021-10-05 16:48:48 -04:00
Mike Salvatore
95221ef53a
Island: Add reinitialize_datastore_encryptor()
2021-10-05 16:48:46 -04:00
Mike Salvatore
c0b257127a
Island: Implement DataStoreEncryptor as a class
...
This allows us to begin decoupling some implementation details from the
AuthenticationService.
2021-10-05 15:59:39 -04:00
Mike Salvatore
c124db7880
Agent: Use different proxy scheme on Windows
2021-10-05 13:55:32 -04:00
Mike Salvatore
0eafc6613a
Island: Flatten directory structure for "encryption" package
2021-10-05 12:37:05 -04:00
Mike Salvatore
bf082d36ef
Tests: Mark encryption tests as slow
2021-10-05 12:14:10 -04:00
Mike Salvatore
e7fcf933b7
Island: Remove try/except from MimikatzResultsEncryptor.encrypt()
...
Catching this exception was a workaround for an issue that was resolved
in PR #1508 .
2021-10-05 12:12:38 -04:00
Mike Salvatore
849ced2334
Tests: Improve telemetry_dal tests
...
* Reduce unnecessary mocking
* Remove defunct "mimikatz" field from mock telemetry
* Test encryption/decryption of all secret types for all users
2021-10-05 12:10:46 -04:00
Mike Salvatore
8f9289517f
Tests: Decouple uses_encryptor() fixture from AuthenticationService
2021-10-05 11:52:33 -04:00
Mike Salvatore
a24979155f
Island: Improve logging in PasswordBasedBytesEncryptor
2021-10-05 11:52:33 -04:00
Mike Salvatore
5aa0506ce1
Island: Use relative imports inside encryption package
2021-10-05 11:52:33 -04:00
Mike Salvatore
f65251ddde
Island: Rename password_based_string_encrypt{i,}or.py
2021-10-05 11:52:33 -04:00
Mike Salvatore
4944947b10
Island: Rename password_based_bytes_encrypt{ion,or}.py
2021-10-05 11:52:33 -04:00
Ilija Lazoroski
e80662f7f8
Agent: Check for empty result in Modify shell files
2021-10-05 10:39:50 -04:00
VakarisZ
0a4973a66e
Merge pull request #1512 from guardicore/mimikatz_collector_fix
...
Mimikatz collector fix
2021-10-05 17:17:39 +03:00
VakarisZ
bc422128f5
Monkey: add CHANGELOG.md entry about fixed Mimikatz credential collector when Azure credential collector is disabled
2021-10-05 17:16:51 +03:00
VakarisZ
bbda934082
Monkey: include credential key into info dict of InfoCollector class
...
This change cleans up the code because the info collectors can just add credentials to the info dictionary without explicitly checking if the key already exists
2021-10-05 16:04:02 +03:00
Shreya Malviya
19765c7021
Merge pull request #1508 from guardicore/encryptor-with-utf8-chars
...
Change KeyBasedEncryptor's padding
2021-10-05 14:18:11 +05:30
Shreya Malviya
19dad89468
CHANGELOG: Add entry for encryptor not working with utf-8 characters bugfix
2021-10-05 12:31:17 +05:30
Shreya Malviya
f2b632e46a
tests: Add KeyBasedEcnryptor unit test for plaintext which is a multiple of block size in length
2021-10-05 12:31:17 +05:30
Shreya Malviya
06778b7525
island: Remove thin wrappers for padding in KeyBasedEncryptor, call inline
2021-10-05 12:31:17 +05:30
Shreya Malviya
f1b9683617
tests: Use pytest's parametrize for KeyBasedEncryptor's unit tests
2021-10-05 12:31:17 +05:30
Shreya Malviya
f6b1330982
tests: Add test cases for KeyBasedEncryptor's tests
2021-10-05 12:31:17 +05:30
Shreya Malviya
404228b04c
island: Modify KeyBasedEncryptor to get rid of redundant encoding and decoding
2021-10-05 12:31:17 +05:30
Shreya Malviya
fc1affc0e7
island: Change KeyBasedEncryptor's padding functions to use Crypto.Util.Padding
2021-10-05 12:31:17 +05:30
Shreya Malviya
3ab660b8fe
tests: Add unit tests for key based encryptor
2021-10-05 12:31:16 +05:30
VakarisZ
af99482a4a
Merge pull request #1506 from guardicore/mongo_key_encryption
...
Mongo key encryption
2021-10-04 15:10:12 +03:00
VakarisZ
ddff2f0aa4
Refactor a couple of imports into a shorter import statement
2021-10-04 14:59:26 +03:00
VakarisZ
3b5dd6ac3e
Remove database initialization during island startup
...
Database initialization can not be done because island doesn't know the key needed for encrypting collections. Since the key only appears after registration, database setup also should happen only after registration
2021-10-04 14:23:50 +03:00
VakarisZ
a2b09a9e7a
Fix unit tests for data store encryptor
2021-10-04 14:21:07 +03:00
VakarisZ
ea6fe37b44
Fix scoutsuite unit test to use updated datastore encryptor interface
2021-10-04 12:13:55 +03:00
VakarisZ
3ec26bcef8
Refactor data store encryptor to IEncryptor interface, move data store encryptor creation related code to data_store_encryptor.py, move the reponsibility to initialize data store encryptor to AuthenticationService
2021-10-04 12:03:30 +03:00
VakarisZ
34d065ce69
Move encryptors into a separate folder
...
This separates encryptor classes from other encryption related infrastructure that we have cc\server_utils\encryption
2021-10-04 11:09:42 +03:00
VakarisZ
9d6dc3b026
Move all encryptor building related code to encryptor_factory.py from data_store_encryptor.py
2021-10-01 17:33:55 +03:00
Mike Salvatore
2adf5a7f64
Merge pull request #1503 from guardicore/629/ship-db-with-attack-mitigations
...
Ship database with attack mitigations
2021-10-01 09:01:35 -04:00
Mike Salvatore
4ef0f542b8
Docs: Add description of Attack Mitigations
2021-10-01 09:00:32 -04:00
VakarisZ
26ba02a1d0
Refactor get_credentials_from_request to get_username_password_from_request
...
This better indicates that get_username_password_from_request returns a username/password pair rather than UserCreds structure
2021-10-01 15:33:46 +03:00