Commit Graph

6601 Commits

Author SHA1 Message Date
Mike Salvatore c3ea714977
Merge pull request #1514 from guardicore/pba-attack-telemetry
Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same
2021-10-06 12:12:28 -04:00
Ilija Lazoroski a11d1d5f1e Agent: Changed note message for proxy schema 2021-10-06 18:10:46 +02:00
Ilija Lazoroski 3f33bc4a41 Agent: Consistent format string for set proxy 2021-10-06 18:05:30 +02:00
Ilija Lazoroski 87b882cb45 Agent: Set proxy schema for different OS 2021-10-06 16:53:55 +02:00
Shreya Malviya 5be841d08a island: For ATT&CK techniques mapped to PBAs, consider hostname and IP
of the first entry in the PBA's results
2021-10-06 19:27:32 +05:30
Shreya Malviya f7e37b0767 CHANGELOG: Add entry for bugix that wrongly reported the "`.bash_profile` and `.bashrc`" technique 2021-10-06 19:27:29 +05:30
Mike Salvatore 8310204e66 Tests: Test InvalidCiphertextError 2021-10-06 09:51:03 -04:00
Shreya Malviya f347088412 CHANGELOG: Add entry for ATT&CK report telemetry bugfix 2021-10-06 16:05:58 +05:30
Shreya Malviya c51f80ea3a tests: Modify post breach telem's unit test 2021-10-06 15:58:23 +05:30
Shreya Malviya e4f5f08a66 island: Remove unneeded mongo queries in ATT&CK techniques maped to PBAs 2021-10-06 14:50:10 +05:30
Shreya Malviya 81252e2b6a island: When generating ATT&CK report for techniques mapped to PBAs, check telem event's OS and technique's relevant systems 2021-10-06 14:46:17 +05:30
Shreya Malviya cccdf7f6c3 agent: Send OS info in post breach telem 2021-10-06 14:42:26 +05:30
Ilija Lazoroski cafd983622 Agent: Change proxy scheme format to http 2021-10-06 10:24:41 +02:00
Mike Salvatore e673667b34 Tests: Mark all tests in test_data_store_encryptor as slow 2021-10-05 16:48:48 -04:00
Mike Salvatore 95221ef53a Island: Add reinitialize_datastore_encryptor() 2021-10-05 16:48:46 -04:00
Mike Salvatore c0b257127a Island: Implement DataStoreEncryptor as a class
This allows us to begin decoupling some implementation details from the
AuthenticationService.
2021-10-05 15:59:39 -04:00
Mike Salvatore c124db7880 Agent: Use different proxy scheme on Windows 2021-10-05 13:55:32 -04:00
Mike Salvatore 0eafc6613a Island: Flatten directory structure for "encryption" package 2021-10-05 12:37:05 -04:00
Mike Salvatore bf082d36ef Tests: Mark encryption tests as slow 2021-10-05 12:14:10 -04:00
Mike Salvatore e7fcf933b7 Island: Remove try/except from MimikatzResultsEncryptor.encrypt()
Catching this exception was a workaround for an issue that was resolved
in PR #1508.
2021-10-05 12:12:38 -04:00
Mike Salvatore 849ced2334 Tests: Improve telemetry_dal tests
* Reduce unnecessary mocking
* Remove defunct "mimikatz" field from mock telemetry
* Test encryption/decryption of all secret types for all users
2021-10-05 12:10:46 -04:00
Mike Salvatore 8f9289517f Tests: Decouple uses_encryptor() fixture from AuthenticationService 2021-10-05 11:52:33 -04:00
Mike Salvatore a24979155f Island: Improve logging in PasswordBasedBytesEncryptor 2021-10-05 11:52:33 -04:00
Mike Salvatore 5aa0506ce1 Island: Use relative imports inside encryption package 2021-10-05 11:52:33 -04:00
Mike Salvatore f65251ddde Island: Rename password_based_string_encrypt{i,}or.py 2021-10-05 11:52:33 -04:00
Mike Salvatore 4944947b10 Island: Rename password_based_bytes_encrypt{ion,or}.py 2021-10-05 11:52:33 -04:00
Ilija Lazoroski e80662f7f8 Agent: Check for empty result in Modify shell files 2021-10-05 10:39:50 -04:00
VakarisZ 0a4973a66e
Merge pull request #1512 from guardicore/mimikatz_collector_fix
Mimikatz collector fix
2021-10-05 17:17:39 +03:00
VakarisZ bc422128f5 Monkey: add CHANGELOG.md entry about fixed Mimikatz credential collector when Azure credential collector is disabled 2021-10-05 17:16:51 +03:00
VakarisZ bbda934082 Monkey: include credential key into info dict of InfoCollector class
This change cleans up the code because the info collectors can just add credentials to the info dictionary without explicitly checking if the key already exists
2021-10-05 16:04:02 +03:00
Shreya Malviya 19765c7021
Merge pull request #1508 from guardicore/encryptor-with-utf8-chars
Change KeyBasedEncryptor's padding
2021-10-05 14:18:11 +05:30
Shreya Malviya 19dad89468 CHANGELOG: Add entry for encryptor not working with utf-8 characters bugfix 2021-10-05 12:31:17 +05:30
Shreya Malviya f2b632e46a tests: Add KeyBasedEcnryptor unit test for plaintext which is a multiple of block size in length 2021-10-05 12:31:17 +05:30
Shreya Malviya 06778b7525 island: Remove thin wrappers for padding in KeyBasedEncryptor, call inline 2021-10-05 12:31:17 +05:30
Shreya Malviya f1b9683617 tests: Use pytest's parametrize for KeyBasedEncryptor's unit tests 2021-10-05 12:31:17 +05:30
Shreya Malviya f6b1330982 tests: Add test cases for KeyBasedEncryptor's tests 2021-10-05 12:31:17 +05:30
Shreya Malviya 404228b04c island: Modify KeyBasedEncryptor to get rid of redundant encoding and decoding 2021-10-05 12:31:17 +05:30
Shreya Malviya fc1affc0e7 island: Change KeyBasedEncryptor's padding functions to use Crypto.Util.Padding 2021-10-05 12:31:17 +05:30
Shreya Malviya 3ab660b8fe tests: Add unit tests for key based encryptor 2021-10-05 12:31:16 +05:30
VakarisZ af99482a4a
Merge pull request #1506 from guardicore/mongo_key_encryption
Mongo key encryption
2021-10-04 15:10:12 +03:00
VakarisZ ddff2f0aa4 Refactor a couple of imports into a shorter import statement 2021-10-04 14:59:26 +03:00
VakarisZ 3b5dd6ac3e Remove database initialization during island startup
Database initialization can not be done because island doesn't know the key needed for encrypting collections. Since the key only appears after registration, database setup also should happen only after registration
2021-10-04 14:23:50 +03:00
VakarisZ a2b09a9e7a Fix unit tests for data store encryptor 2021-10-04 14:21:07 +03:00
VakarisZ ea6fe37b44 Fix scoutsuite unit test to use updated datastore encryptor interface 2021-10-04 12:13:55 +03:00
VakarisZ 3ec26bcef8 Refactor data store encryptor to IEncryptor interface, move data store encryptor creation related code to data_store_encryptor.py, move the reponsibility to initialize data store encryptor to AuthenticationService 2021-10-04 12:03:30 +03:00
VakarisZ 34d065ce69 Move encryptors into a separate folder
This separates encryptor classes from other encryption related infrastructure that we have cc\server_utils\encryption
2021-10-04 11:09:42 +03:00
VakarisZ 9d6dc3b026 Move all encryptor building related code to encryptor_factory.py from data_store_encryptor.py 2021-10-01 17:33:55 +03:00
Mike Salvatore 2adf5a7f64
Merge pull request #1503 from guardicore/629/ship-db-with-attack-mitigations
Ship database with attack mitigations
2021-10-01 09:01:35 -04:00
Mike Salvatore 4ef0f542b8 Docs: Add description of Attack Mitigations 2021-10-01 09:00:32 -04:00
VakarisZ 26ba02a1d0 Refactor get_credentials_from_request to get_username_password_from_request
This better indicates that get_username_password_from_request returns a username/password pair rather than UserCreds structure
2021-10-01 15:33:46 +03:00