Shreya Malviya
|
876cdbeffa
|
island: Check if credential in exploit telemetry is `None` before processing it
|
2021-08-25 19:31:36 +05:30 |
Ilija Lazoroski
|
e6ca0fd3b6
|
Zoo: Parallelize start and stop of gcp machines
|
2021-08-25 10:07:41 +02:00 |
Mike Salvatore
|
1da79f78bf
|
Agent: Use format strings in powershell exploiter log statements
|
2021-08-24 15:32:51 -04:00 |
unknown
|
f046e9d7a7
|
Agent: Add pypsrp to PipFile
|
2021-08-24 15:11:15 -04:00 |
Mike Salvatore
|
af57272e36
|
Island: Update python dependencies (Flask-JWT-Extended 3.24.1 -> 4.*)
Resolves #1048
|
2021-08-24 14:35:50 -04:00 |
Mike Salvatore
|
dd56f3d650
|
Island: Fix minor formatting error
|
2021-08-24 13:37:40 -04:00 |
Mike Salvatore
|
c385177dac
|
Agent: Extract _build_monkey_execution_command() into powershell_utils
|
2021-08-24 13:14:29 -04:00 |
Mike Salvatore
|
58f23f4fc0
|
Agent: Extract powershell client parameters into powershell_utils
|
2021-08-24 13:13:37 -04:00 |
Mike Salvatore
|
4e7a95316e
|
Agent: Extract _get_credentials() into powershell_utils/utils.py
|
2021-08-24 12:53:37 -04:00 |
Mike Salvatore
|
aef8f2e37a
|
Agent: Extract method _build_monkey_execution_command
|
2021-08-24 12:16:52 -04:00 |
Mike Salvatore
|
1928f1b9bc
|
Agent: Remove "credentials" local variable
|
2021-08-24 12:11:59 -04:00 |
Mike Salvatore
|
a2bdc69388
|
Agent: Log and report exploitation attempts from PowerShellExploiter
|
2021-08-24 12:03:42 -04:00 |
Mike Salvatore
|
8209fa55df
|
Agent: Set client parameters if password is "" in PowerShellExploiter
|
2021-08-24 11:53:48 -04:00 |
Mike Salvatore
|
fb18c1cbd4
|
Agent: Only use "None" creds in powershell exploiter if host is Windows
|
2021-08-24 11:43:17 -04:00 |
Mike Salvatore
|
79cc82b159
|
Agent: Remove duplicated try/except if/else from PowerShellExploiter
|
2021-08-24 10:35:21 -04:00 |
Mike Salvatore
|
66527b1bde
|
Agent: Move Windows architecture constants from web_rce.py -> consts.py
|
2021-08-24 09:37:05 -04:00 |
Mike Salvatore
|
f1c247ad93
|
Agent: Refactored PowerShellExploiter authentication function names
|
2021-08-24 09:29:02 -04:00 |
Ilija Lazoroski
|
73a3f2057a
|
Docs: Documentation for PowerShell. Update zoo docs
|
2021-08-24 15:16:10 +02:00 |
Ilija Lazoroski
|
5cee9443ff
|
Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
Powershell-3-46. Powershell-45 moved to different zone
|
2021-08-24 15:11:22 +02:00 |
Ilija Lazoroski
|
9f2a4cb7e4
|
Zoo: Update terraform scripts. Update gcp test machine list with new zone
|
2021-08-24 11:56:09 +02:00 |
Ilija Lazoroski
|
305b2cf716
|
Zoo: Add PowerShell config and bb test
|
2021-08-24 10:32:54 +02:00 |
Shreya Malviya
|
e339932fde
|
island: Change 'Powershell' to 'PowerShell' in attack schema for T1210
|
2021-08-24 13:16:59 +05:30 |
Shreya Malviya
|
b6c3623e74
|
agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')
|
2021-08-24 13:15:47 +05:30 |
Shreya Malviya
|
72e0378335
|
agent: Fix import path in powershell exploiter
|
2021-08-24 11:52:12 +05:30 |
Shreya Malviya
|
ee9fde4005
|
agent: Refactor powershell remoting exploiter
|
2021-08-24 11:40:41 +05:30 |
Shreya Malviya
|
29788776fa
|
agent: Modify exploitation log messages in powershell exploiter
|
2021-08-24 11:40:41 +05:30 |
Shreya Malviya
|
04125e5e14
|
agent: Add separate function to set log levels for sensitive packages in powershell exploiter
|
2021-08-24 11:40:40 +05:30 |
Shreya Malviya
|
dc4a5fbb85
|
agent: Use variable 'is_32bit' for function argument
|
2021-08-24 11:40:40 +05:30 |
Shreya Malviya
|
ba8c44d22c
|
agent: Fix typos in powershell remoting exploiter
|
2021-08-24 11:40:40 +05:30 |
Shreya Malviya
|
5419200d61
|
agent: Update exploited service name in powershell remoting exploiter
|
2021-08-24 11:40:40 +05:30 |
VakarisZ
|
2b71fb80c7
|
Fixed missing powershell exploiter report components.
|
2021-08-24 11:40:39 +05:30 |
VakarisZ
|
9966c54fe2
|
Added powershell remoting exploiter.
|
2021-08-24 11:40:39 +05:30 |
VakarisZ
|
55a817931d
|
Bugfix for monkey binary removal if dropper fails to do so
|
2021-08-24 11:40:39 +05:30 |
Mike Salvatore
|
d203b28a38
|
Merge pull request #1424 from guardicore/post-breach-pyinstaller-hook
Post breach pyinstaller hook
|
2021-08-23 13:54:55 -04:00 |
Mike Salvatore
|
342b5689f1
|
Update changelog with fixes for #1405 and #1419
|
2021-08-23 11:44:29 -04:00 |
Mike Salvatore
|
7f71901a29
|
Agent: Use path relative to __file__ to locate powershell scripts
|
2021-08-23 11:14:23 -04:00 |
Mike Salvatore
|
536b061cc7
|
Agent: Remove unused TEMP_FILE constant from windows timestomping PBA
|
2021-08-23 11:14:23 -04:00 |
Mike Salvatore
|
1ef884ae4e
|
Agent: Add pyinstaller hook for post_breach package
|
2021-08-23 11:14:20 -04:00 |
Mike Salvatore
|
db8ea45197
|
Agent: Remove traceroute binaries
The traceroute binaries are no longer used. They inflate the size of the
agent binaries and add unnecessary dependencies.
|
2021-08-20 16:27:36 -04:00 |
Mike Salvatore
|
1f519ad1ee
|
Agent: Deduplicate ping command list in PingScanner
|
2021-08-20 11:05:55 -04:00 |
Mike Salvatore
|
1d9372690d
|
Agent: Deduplicate timeout calculation in PingScanner
|
2021-08-20 11:05:55 -04:00 |
Mike Salvatore
|
198fbd66f8
|
Merge branch 'remove-internet-access-check' into develop
PR #1420
|
2021-08-20 10:40:24 -04:00 |
Mike Salvatore
|
434246f21f
|
Merge branch '1175/fix-break-on-german-system-lang' into develop
PR #1403
|
2021-08-20 10:37:29 -04:00 |
Mike Salvatore
|
cf73d11d9e
|
Update changelog for issue #1402
|
2021-08-20 09:30:56 -04:00 |
Mike Salvatore
|
1d9ae4c01a
|
Island: Fix typo "trough" -> "through"
|
2021-08-20 09:23:23 -04:00 |
Ilija Lazoroski
|
9f194f3417
|
Merge branch '1183/hide-input-component' into develop
PR #1417
|
2021-08-20 13:59:45 +02:00 |
Mike Salvatore
|
0fc9631d75
|
Update changelog with entry for #1183
|
2021-08-20 07:47:29 -04:00 |
Mike Salvatore
|
54e519eeaa
|
Agent: Gracefully handle character decode errors in ping command
|
2021-08-19 19:20:42 -04:00 |
Mike Salvatore
|
5f9e507dc7
|
Agent: Add debug logging to get_host_fingerprint()
|
2021-08-19 19:20:42 -04:00 |
Mike Salvatore
|
ce27829753
|
Update CHANGELOG.md with fix for #1175
|
2021-08-19 19:20:38 -04:00 |