Mike Salvatore
9738430333
Project: Remove temporary agent-refactor vulture exceptions
2022-03-30 07:31:29 -04:00
Mike Salvatore
2c32c354ae
Agent: Remove MockMaster
...
This mock has outlived its usefulness and can now be removed.
2022-03-30 07:20:37 -04:00
Shreya Malviya
99b621f2c8
Project: Add config's post_breach_actions to Vulture's allowlist
2022-03-30 12:29:27 +05:30
Shreya Malviya
1f2867a70a
Project: Add ProcessListCollection to Vulture's allowlist
2022-03-29 14:20:29 +03:00
Mike Salvatore
4316329384
Project: Add strict_slashes to vulture_allowlist
2022-03-25 07:57:54 -04:00
Mike Salvatore
a1d08abe19
Project: Rename EXPLOITED_* to PROPAGATED_*
...
These states were renamed in 5e3829aab
and 2c8aef6d8
2022-03-25 07:57:54 -04:00
Mike Salvatore
bfd9084ce1
Project: Add architecture parameter to vulture_allowlist
2022-03-16 13:39:39 -04:00
Mike Salvatore
cd3f5e7f16
Project: Add get_file_sha256_hash() to vulture_allowlist.py
2022-03-16 13:38:33 -04:00
vakarisz
1d15288b64
Agent, Island: remove/rename system info collection infrastructure
...
System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly
2022-03-01 14:54:20 +02:00
vakarisz
afc98667c4
Island: remove unused "creds" properties from monkey model
2022-02-25 15:38:36 +02:00
Shreya Malviya
a599edec15
Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist
2022-02-24 15:12:00 +05:30
Ilija Lazoroski
d8e203dd50
Project: Change readme and remove shellshock from vulture
2022-02-23 13:50:12 +01:00
Shreya Malviya
fcfa01223d
Project: Remove ProcessListCollector from Vulture allowlist
2022-02-16 17:06:17 +05:30
Ilija Lazoroski
7f6496b330
Island, UT: Remove system info AWS Collector
2022-02-14 12:00:08 +01:00
Shreya Malviya
9dc0a6ed6f
Project: Remove removed Scoutsuite constants from Vulture allowlist
2022-02-09 14:27:20 +05:30
Shreya Malviya
2c88d6053c
Project: Remove deleted constants from Vulture's allowlist
2022-02-01 16:40:06 +01:00
Ilija Lazoroski
b5c51bedc1
Island, UT: Remove Bootloader endpoint
2022-02-01 15:32:13 +01:00
Ilija Lazoroski
ff87252a24
Agent, Island: Remove MS08_67 exploiter
2022-01-31 11:11:33 +01:00
Mike Salvatore
e1cf4fa9c2
Merge branch 'release/1.13.0' into agent-refactor
2022-01-25 13:35:49 -05:00
vakarisz
a5a4957c29
Agent: small readability and style improvements
2022-01-18 15:01:47 +02:00
vakarisz
9d5ea0f41f
Island: add log4shell issue processing and reporting
2022-01-06 12:26:00 +02:00
vakarisz
c382987430
Project: vulture allow LDAPServerFactory.buildProtocol
2022-01-05 15:18:12 +02:00
Ilija Lazoroski
c129e2f4b0
Project: Remove mysqlfinger references in Vulture
2021-12-14 14:54:20 +01:00
VakarisZ
4fdd3370ca
Island, UI: implement the endpoint for stopping all monkeys, change the UI to call this endpoint and send a timestamp of button press
2021-12-08 14:48:57 +02:00
Mike Salvatore
137afa6473
Agent: Don't register new signal handler in monkey.py (for now)
...
The signal handler is not quite ready for prime time. Issue #1595 and
issue #1597 will need to be resolved before the signal handler can be
fully ready. For now, don't register the signal handler.
2021-11-24 13:46:18 -05:00
Shreya Malviya
7b0f08ee54
Agent: Finish implementing MockMaster
...
Also modified ExploitTelem and PostBreachTelem internals, and
MockPuppet.
2021-11-24 13:54:46 +05:30
Ilija Lazoroski
839024f243
Island: Fix formatting in config
2021-11-23 15:20:19 +01:00
Mike Salvatore
4fc484cd8d
Agent: Add a preliminary MockPuppet implementation
2021-11-22 13:05:30 -05:00
VakarisZ
a8d6f936f1
Agent, Island: remove hostname collector
2021-11-17 11:30:12 +02:00
VakarisZ
0175199540
Island, Agent: remove environment collector
2021-11-16 17:49:38 +02:00
VakarisZ
f5c8db979f
Project: remove remaining sambacry exploiter references in performance.py config template, vulture_allowlist.py and monkey_config_standard.json unit test data file
2021-11-10 15:44:05 +02:00
Shreya Malviya
ee79ea0a9d
Project: Remove variable 'VSFTPD' from Vulture's allowlist
2021-10-29 18:15:38 +05:30
VakarisZ
8b9ddb0c4b
Removed unnecessary vulture ignores from whitelist
2021-09-28 11:04:42 +03:00
VakarisZ
e6ad125be9
Change the telemetry model to have a method for fetching the telemetries based on queries.
...
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
VakarisZ
c7e91c5784
Add report model and a unit test for it's encryption
2021-09-21 10:39:39 +03:00
Mike Salvatore
805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
...
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Mike Salvatore
8aedc2c391
Agent: Add pyinstaller hooks for pypsrp
2021-08-25 14:44:31 -04:00
Ilija Lazoroski
5cee9443ff
Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
...
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00
Shreya Malviya
b6c3623e74
agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')
2021-08-24 13:15:47 +05:30
VakarisZ
2b71fb80c7
Fixed missing powershell exploiter report components.
2021-08-24 11:40:39 +05:30
VakarisZ
9966c54fe2
Added powershell remoting exploiter.
2021-08-24 11:40:39 +05:30
VakarisZ
91ca828c72
Monkey: add launch time to the monkey collection
...
Launch time is needed if we want to tell the user when exactly the exploit occurred/monkey got run
2021-07-26 11:28:40 +03:00
Ilija Lazoroski
81a8ccf673
Island: Return empty post status for island mode
2021-07-13 10:25:48 -04:00
Mike Salvatore
96fc33025e
Island: Redirect gevent tracebacks to file and log exceptions
...
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.
Fixes #859
2021-07-06 08:39:30 -04:00
Mike Salvatore
01b9c41c6e
Remove mock_home_env() from vulture_allowlist.py
2021-07-02 18:59:24 -04:00
Mike Salvatore
6307606010
Remove get_files_to_encrypt from Vulture's allow list
2021-06-23 07:14:57 -04:00
Shreya
5b64ea5151
agent: ransomware: Iterate through files in directory and get list of files to encrypt
2021-06-22 19:30:44 +05:30
VakarisZ
fc1f12c24d
Implemented safety check on import.
2021-06-03 17:02:12 +03:00
VakarisZ
9fcfaac781
Improved exceptions thrown in configuration decryption and unit tests.
2021-06-03 17:01:56 +03:00
Shreya
52b57a7166
Have Vulture skip tests/ instead of tests/unit_tests/
2021-06-03 11:57:44 +05:30
Shreya
b69c1c531a
Rename vulture_whitelist.py -> vultue_allowlist.py
2021-06-02 13:08:37 +05:30