p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity
7,398 Commits 31 Branches 20 Tags 48 MiB
Commit Graph

7398 Commits

Author SHA1 Message Date
vakarisz 458b2121cd Changelog: added entry for removed T1082 attack technique report 2022-03-01 16:16:06 +02:00
vakarisz 4e1fc525ae Island: remove T1082 attack technique 
This attack technique gathered data from deprecated system info telemetries. This attack technique needs to be reworked and perhaps it's better to have a single, dedicated and controlable system info gathering procedure
 2022-03-01 16:06:18 +02:00
vakarisz 3734cb007e Island: change T1016 to format results from Monkey document 
Previously T1016 pulled results from system info telemetries, but system info telemetries are deprecated and network information is stored on monkey documents
 2022-03-01 16:06:18 +02:00
vakarisz 1c602a3315 Agent, Island: send network information in monkey wakeup telemetry 
Network information is required for segmentation reports, that's why it gets sent in the wakeup telemetry. It could be joined with "ip_addresses", but that would require a bigger refactoring on the island side
 2022-03-01 15:31:02 +02:00
VakarisZ 1b484e0365
Merge pull request #1752 from guardicore/1695-removing-system-info-infra 
1695 removing system info infrastructure
 2022-03-01 14:58:04 +02:00
vakarisz 61ba85bdc2 Island: alphabetically sort telemetry processing dictionary 2022-03-01 14:55:23 +02:00
vakarisz 1d15288b64 Agent, Island: remove/rename system info collection infrastructure 
System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly
 2022-03-01 14:54:20 +02:00
Mike Salvatore 9e8d1d2539
Merge pull request #1749 from guardicore/1695-reporting-credentials 
1695 reporting credentials
 2022-03-01 07:27:21 -05:00
vakarisz 52c0413797 Island, UT: remove credential processing from exploit telemetry 
Credentials should be sent via credential telemetry, not exploit telemetry. This will remove the need to maintain duplicate code of credential extraction
 2022-03-01 11:31:47 +02:00
vakarisz 4f58a69c54 UT: added slow marks and changed some names, related to credential tests 2022-02-28 16:59:15 +02:00
vakarisz 748178a00c Island: small style improvements in stolen_credentials.py 2022-02-28 16:57:35 +02:00
vakarisz 40820a5ba5 Island: refactor report generation to take credentials from model 
Reporting used to fetch credentials from telemetries, but they are no longer stored. Instead, credentials are being fetched from stolen_credentials collection
 2022-02-28 12:30:26 +02:00
vakarisz 02d81771a9 Island: remove remaining references to "creds" property of monkey 2022-02-25 17:13:19 +02:00
vakarisz cf56fcbef2 UT: removed telemetry encryption test 2022-02-25 15:38:36 +02:00
vakarisz 0ecfbff1e4 Island: don't store credential telemetries 
Credential telemetries are not stored on the database to prevent the need to encrypt credentials and query database directly. Instead, credentials are parsed into a document that doesn't contain secrets and is easily queryable
 2022-02-25 15:38:36 +02:00
vakarisz afc98667c4 Island: remove unused "creds" properties from monkey model 2022-02-25 15:38:36 +02:00
Mike Salvatore 0a7637c944
Merge pull request #1744 from guardicore/1732-remove-elasticsearch 
Remove ElasticGroovyExploiter
 2022-02-24 09:05:09 -05:00
Shreya Malviya 7e362283fa Changelog: Add entry for removing the Elastic Search exploiter 2022-02-24 19:14:20 +05:30
Mike Salvatore 85eb3a2c0d
Merge pull request #1743 from guardicore/1605-modify-hadoop 
Modify Hadoop exploiter
 2022-02-24 08:02:01 -05:00
Ilija Lazoroski e8ba34b055 Island: Use exploitation_result in telemetry_feed 2022-02-24 13:33:32 +01:00
Ilija Lazoroski 871b02d514 Agent: Stop Hadoop http_thread regardless the exploit result 2022-02-24 12:21:54 +01:00
Shreya Malviya 7d76d94959 Zoo: Remove Elastic machines from terraform scripts and docs 2022-02-24 15:16:19 +05:30
Shreya Malviya 6c7e630465 BB: Remove ElasticGroovyExploiter references 2022-02-24 15:14:32 +05:30
Shreya Malviya a599edec15 Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist 2022-02-24 15:12:00 +05:30
Shreya Malviya 35d39b46c7 UT: Remove ElasticGroovyExploiter references 2022-02-24 15:10:31 +05:30
Shreya Malviya 3ff7daa2d5 UI: Remove ElasticGroovyExploiter reporting 2022-02-24 15:03:57 +05:30
Shreya Malviya b6438edb82 Agent: Remove ElasticGroovyExploiter 2022-02-24 15:01:16 +05:30
Shreya Malviya b1fbf64730 Docs: Remove ElasticSearch exploiter documentation 2022-02-24 15:00:52 +05:30
Shreya Malviya 31e6c09673 Project: Replace ElasticSearch with Zerologon in README.md 2022-02-24 14:49:53 +05:30
Shreya Malviya 4d6869fbf6 Agent: Use `ExploiterWrapper` for loading the Hadoop exploiter 2022-02-24 13:29:53 +05:30
Shreya Malviya eb9adc08c2 Agent: Override `HostExploiter`'s `pre_exploit()` in `WebRCE` 2022-02-24 13:21:15 +05:30
Ilija Lazoroski 87547c4da1 Agent: Use http_ports from exploiter options in WebRCE 2022-02-24 13:21:15 +05:30
Ilija Lazoroski b859b8820f Island: Add HTTP_PORTS to exploiter common options 2022-02-24 13:21:15 +05:30
Ilija Lazoroski 34953f1c88 Agent: Enable Hadoop exploiter to run 2022-02-24 13:21:12 +05:30
Ilija Lazoroski 1223e2acf3 Agent: Use exploiter options in WebRCE 2022-02-24 13:20:20 +05:30
Ilija Lazoroski 67083fe336 Agent: Use ITelemetryMessenger to send telemetries in WebRCE 2022-02-24 13:20:20 +05:30
Shreya Malviya 57eca553a7 Agent: Send ExploiterResultData from Hadoop exploiter 2022-02-24 13:20:20 +05:30
Shreya Malviya 90646a6ff9 Agent: Remove code that set host architecture in Hadoop exploiter 2022-02-24 13:20:20 +05:30
Shreya Malviya 79ccabceb1 Agent: Make some functions private in the Hadoop exploiter 2022-02-24 13:20:20 +05:30
Shreya Malviya ad5ce8e7d2 Agent: Remove `blind_exploit` logic from web_rce.py and weblogic.py 2022-02-24 13:20:20 +05:30
Shreya Malviya 0501bb7037 Agent: Remove architecture setting from web_rce.py 2022-02-24 13:20:20 +05:30
Mike Salvatore 5cbcb88dd6 Agent: Add ExploiterWrapper 
Issue #1605
PR #1739
 2022-02-23 16:37:23 -05:00
Mike Salvatore 2431e2f20b Agent: Fix typo in "exploitation_result" key 2022-02-23 12:00:42 -05:00
VakarisZ 48e8420b4d
Merge pull request #1734 from guardicore/1695-parsing-ssh-keys 
1695 ssh keys processing
 2022-02-23 17:39:56 +02:00
vakarisz e17d95bf18 Island: small improvements code style in credential parsing code 2022-02-23 17:38:15 +02:00
Mike Salvatore 57e6d0208d
Merge pull request #1735 from guardicore/1733-remove-shellshock-exploit 
Remove shellshock exploit
 2022-02-23 10:27:22 -05:00
Mike Salvatore 55c3236d8e Changelog: Remove ShellShock exploiter 2022-02-23 10:24:23 -05:00
Mike Salvatore cdd28dda7b Merge branch '1605-resolve-circular-dependency' into agent-refactor 
Issue #1605
 2022-02-23 09:45:41 -05:00
Mike Salvatore 32d618ac92 Agent: Modify IPuppet interface to take VictimHost instead of object 2022-02-23 09:26:04 -05:00
Mike Salvatore b17c85cd01 Agent: Extract network_scanning package from network package 
This resolves some circular dependencies between Tunnel, IPuppet, and
VictimHost.
 2022-02-23 09:23:42 -05:00