Mike Salvatore
55c3236d8e
Changelog: Remove ShellShock exploiter
2022-02-23 10:24:23 -05:00
Ilija Lazoroski
d8e203dd50
Project: Change readme and remove shellshock from vulture
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
ddc77e6d6a
Zoo: Remove ShellShock Exploiter
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
fe3b263398
Docs: Remove ShellShock documentation
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
291755e5c9
UT: Remove ShellShock from tests config
2022-02-23 13:50:05 +01:00
Ilija Lazoroski
60d16ea4d6
Island: Remove ShellShock Exploiter
2022-02-23 13:48:41 +01:00
Ilija Lazoroski
64b900b94d
Agent: Remove ShellShock exploiter
2022-02-23 13:48:41 +01:00
Mike Salvatore
1e12a55240
UT: Use time.per_counter_ns() in test_request_cache()
...
The time.time() function on windows does not provide adequate resolution
for test_request_cache(). For comparison, the time.get_clock_info()
function shows the resolution of the clock.
Linux:
>>> import time
>>> time.get_clock_info("time")
namespace(
adjustable=True,
implementation='clock_gettime(CLOCK_REALTIME)',
monotonic=False,
resolution=1e-09
)
>>> time.get_clock_info("perf_counter")
namespace(
adjustable=False,
implementation='clock_gettime(CLOCK_MONOTONIC)',
monotonic=True,
resolution=1e-09
)
Windows:
>>> time.get_clock_info("time")
namespace(
adjustable=True,
implementation='GetSystemTimeAsFileTime()',
monotonic=False,
resolution=0.015625
)
>>> time.get_clock_info("perf_counter")
namespace(
adjustable=False,
implementation='QueryPerformanceCounter()',
monotonic=True,
resolution=1e-07
)
As shown above, the "perf_counter" clock on Windows if over 5 orders of
magnitude more precise than the "time" clock. This lack of precision
caused the test to fail on Windows, as the entire test often ran in less
than 0.015625 seconds.
2022-02-23 07:44:56 -05:00
VakarisZ
3fee7dec90
Merge pull request #1731 from guardicore/1695-parsing-mimikatz
...
1695 parsing mimikatz
2022-02-23 13:58:47 +02:00
vakarisz
8c90a98d05
UT: rename mimikatz credential processing to credential processing
2022-02-22 17:42:36 +02:00
vakarisz
0cbfc79a92
Island: remove unfinished ssh key processor
2022-02-22 17:42:33 +02:00
vakarisz
719d8dd2ad
Island, Agent, Common: rename CredentialsType to CredentialComponentType
2022-02-22 17:41:38 +02:00
vakarisz
c87297eb2a
Island: fix a bug in lm_hash_processor.py
2022-02-22 17:40:56 +02:00
vakarisz
80bf561820
Island: fix a bug in lm_hash_processor.py
2022-02-22 17:40:56 +02:00
vakarisz
600753b53c
Island: add username processor
2022-02-22 17:40:56 +02:00
vakaris_zilius
4b3750076a
Agent, Island, Common: change code to process CredentialType value
...
Island: rename credentials_type.py
2022-02-22 17:40:55 +02:00
vakarisz
bb760c7e8a
Island: fix detection if credential is a keypair
2022-02-22 17:21:48 +02:00
vakaris_zilius
d874cd9d5a
Agent: fix broken pwd import on windows for ssh_handler.py
2022-02-22 17:18:57 +02:00
vakaris_zilius
b344676425
Agent: add basic log statements to the mimikatz collector
2022-02-22 17:18:32 +02:00
vakaris_zilius
036388e704
Agent: don't log the contents of credentials telemetries
2022-02-22 17:18:31 +02:00
Ilija Lazoroski
b224348881
Island: Fix credential collector parsing for SSH
2022-02-22 17:18:31 +02:00
vakarisz
c96674f834
Island, Agent: fixed imports to reference credential type enum in common
2022-02-22 17:18:31 +02:00
vakarisz
73434537fe
Island: remove system_info processing file
...
No system info telemetries need to be processed anymore
2022-02-22 17:18:31 +02:00
vakarisz
5471e9854c
Island: remove credentials parsing boundary
2022-02-22 17:18:31 +02:00
vakarisz
a8717dc691
Agent: rename and move credentials_type enum to common
2022-02-22 17:18:31 +02:00
Ilija Lazoroski
597fe35806
Island: Remove WMI handler that processed wmi info
...
* Leftover from broken info gathering package
2022-02-22 17:18:31 +02:00
vakarisz
5c5e170296
Island: Add processors for credentials
2022-02-22 17:18:31 +02:00
Shreya Malviya
96bd7bca24
Merge pull request #1728 from guardicore/1605-modify-exploit-result-data
...
Modify ExploiterResultData
2022-02-22 20:38:22 +05:30
Shreya Malviya
b91f3b1551
Agent: Fix comment in ExploitTelem
2022-02-22 17:54:31 +05:30
Shreya Malviya
f0679ebb26
Agent: Move `pwd`'s import statement to avoid using try/except
2022-02-22 17:49:08 +05:30
Shreya Malviya
e47239f81c
Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData
2022-02-22 14:08:39 +05:30
Shreya Malviya
dff5bde894
UT: Modify ExploitTelem calls in UTs
2022-02-22 12:50:01 +05:30
Shreya Malviya
afb7210179
Agent: Modify ExploitTelem to accept param of type ExploiterResultData
2022-02-22 12:47:42 +05:30
ilija-lazoroski
4b83c79134
Merge pull request #1724 from guardicore/1605-pass-wormconfig-options
...
1605 pass wormconfig options
2022-02-21 13:52:28 +01:00
Ilija Lazoroski
c83285c782
Agent: Modify exploiters to have general and exploiter options
2022-02-21 13:45:58 +01:00
Shreya Malviya
10d8dc1f33
Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option
...
Remove `skip_exploit_if_file_exist` config option
2022-02-21 17:59:51 +05:30
Shreya Malviya
3c80e1c38b
UT: Remove `skip_exploit_if_file_exist` config field
2022-02-21 16:46:23 +05:30
Shreya Malviya
201a838e23
Island: Remove `skip_exploit_if_file_exist` from internal config
2022-02-21 16:45:45 +05:30
Shreya Malviya
e6f4c74b79
Agent: Remove `skip_exploit_if_file_exist` option
2022-02-21 16:45:17 +05:30
Shreya Malviya
1cce742692
UT: Fix UTs as per changes to ExploiterResultData and ExploitTelem
2022-02-21 16:02:00 +05:30
Shreya Malviya
125412ee18
Agent: Rename variables to make more sense
2022-02-21 14:50:33 +05:30
Shreya Malviya
a9e000f100
Agent: Modify ExploitTelem based on ExploiterResultData changes
2022-02-21 14:38:12 +05:30
Shreya Malviya
9f01aa0a0d
Agent: Add try/except for importing pwd (can't do it on Windows)
2022-02-21 13:49:40 +05:30
Shreya Malviya
ae856383a9
UT: Modify UTs to conform to modified ExploiterResultData
2022-02-21 13:27:11 +05:30
Shreya Malviya
add9c3a4fe
Agent: Modify mock puppet to conform to modified ExploiterResultData
2022-02-21 13:26:25 +05:30
Shreya Malviya
8d0fa3faef
Agent: Modify ExploiterResultData to have more details
2022-02-21 13:18:53 +05:30
Mike Salvatore
6150610bdc
Agent: Remove HostExploiter's dependency on Plugin
...
Issue #1605
PR #1725
2022-02-21 09:29:45 +02:00
Mike Salvatore
250530b456
Agent: Remove disused HostScanner abstract class
2022-02-20 14:21:21 -05:00
Mike Salvatore
17be51fe71
Agent: Remove disused HostFinger abstract class
2022-02-20 14:20:33 -05:00
Mike Salvatore
ccfe0a773e
Agent: Use filecmp instead of sha256 hash in ransomware payload
2022-02-20 14:03:42 -05:00