73434537fe
Island: remove system_info processing file
...
No system info telemetries need to be processed anymore
2022-02-22 17:18:31 +02:00
5471e9854c
Island: remove credentials parsing boundary
2022-02-22 17:18:31 +02:00
a8717dc691
Agent: rename and move credentials_type enum to common
2022-02-22 17:18:31 +02:00
597fe35806
Island: Remove WMI handler that processed wmi info
...
* Leftover from broken info gathering package
2022-02-22 17:18:31 +02:00
5c5e170296
Island: Add processors for credentials
2022-02-22 17:18:31 +02:00
96bd7bca24
Merge pull request #1728 from guardicore/1605-modify-exploit-result-data
...
Modify ExploiterResultData
2022-02-22 20:38:22 +05:30
b91f3b1551
Agent: Fix comment in ExploitTelem
2022-02-22 17:54:31 +05:30
f0679ebb26
Agent: Move `pwd`'s import statement to avoid using try/except
2022-02-22 17:49:08 +05:30
e47239f81c
Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData
2022-02-22 14:08:39 +05:30
dff5bde894
UT: Modify ExploitTelem calls in UTs
2022-02-22 12:50:01 +05:30
afb7210179
Agent: Modify ExploitTelem to accept param of type ExploiterResultData
2022-02-22 12:47:42 +05:30
4b83c79134
Merge pull request #1724 from guardicore/1605-pass-wormconfig-options
...
1605 pass wormconfig options
2022-02-21 13:52:28 +01:00
c83285c782
Agent: Modify exploiters to have general and exploiter options
2022-02-21 13:45:58 +01:00
3c80e1c38b
UT: Remove `skip_exploit_if_file_exist` config field
2022-02-21 16:46:23 +05:30
201a838e23
Island: Remove `skip_exploit_if_file_exist` from internal config
2022-02-21 16:45:45 +05:30
e6f4c74b79
Agent: Remove `skip_exploit_if_file_exist` option
2022-02-21 16:45:17 +05:30
1cce742692
UT: Fix UTs as per changes to ExploiterResultData and ExploitTelem
2022-02-21 16:02:00 +05:30
125412ee18
Agent: Rename variables to make more sense
2022-02-21 14:50:33 +05:30
a9e000f100
Agent: Modify ExploitTelem based on ExploiterResultData changes
2022-02-21 14:38:12 +05:30
9f01aa0a0d
Agent: Add try/except for importing pwd (can't do it on Windows)
2022-02-21 13:49:40 +05:30
ae856383a9
UT: Modify UTs to conform to modified ExploiterResultData
2022-02-21 13:27:11 +05:30
add9c3a4fe
Agent: Modify mock puppet to conform to modified ExploiterResultData
2022-02-21 13:26:25 +05:30
8d0fa3faef
Agent: Modify ExploiterResultData to have more details
2022-02-21 13:18:53 +05:30
6150610bdc
Agent: Remove HostExploiter's dependency on Plugin
...
Issue #1605
PR #1725
2022-02-21 09:29:45 +02:00
250530b456
Agent: Remove disused HostScanner abstract class
2022-02-20 14:21:21 -05:00
17be51fe71
Agent: Remove disused HostFinger abstract class
2022-02-20 14:20:33 -05:00
ccfe0a773e
Agent: Use filecmp instead of sha256 hash in ransomware payload
2022-02-20 14:03:42 -05:00
cecf131528
Island: Modify config to add exploiters and exploit options
2022-02-18 20:04:24 +01:00
4d6f552ba2
Agent: Add documentation to functions in brute_force.
2022-02-18 09:02:41 -05:00
5c872a67c3
Agent: Simplify generate_username_password_or_ntlm_hash_combinations()
2022-02-18 08:01:49 -05:00
b7c7650f49
Agent: Copy credential generation from WormConfig to new brute_force.py
...
* Create a new module for useful functions for brute-force exploiters
* Copy functions for generating all pairs of username/password to
brute_force.py
* Replace specific functions for generating username/password pairs and
username/ssh_key pairs with a single generate_identity_secret_pairs()
function, since the distinction is no longer needed.
* Add unit tests
2022-02-18 08:00:46 -05:00
915c58e8cc
Agent, Island: Modify config to remove boolean propagator field
2022-02-18 06:06:11 -05:00
0bfa0cd1ca
Merge pull request #1721 from guardicore/1605-get-updated-credentials
...
1605 get updated credentials
2022-02-18 06:01:25 -05:00
c66671821c
Agent: update pypykatz version to 0.5.2
...
Update contains fixes for latest windows versions
2022-02-18 10:10:25 +02:00
e2d116fdf1
Agent: Make request_cache() decorator thread-safe
2022-02-17 14:40:07 -05:00
4005ea2924
Agent: Add caching to ControlChannel.get_credentials_for_propagation()
2022-02-17 14:34:21 -05:00
c3e9690280
Agent: Add request_cache decorator
2022-02-17 14:25:03 -05:00
2305a9d413
UT: Add fixture to test_exploiter to remove code duplication
2022-02-17 12:41:27 -05:00
7551f254fc
Agent: Query for updated credentials in Exploiter
...
Allows exploiters to be run with the most up-to-date configured and
stolen credentials from the Island.
2022-02-17 12:36:17 -05:00
095572f919
Merge branch '1606-run-credential-collectors' into agent-refactor
...
PR #1719
2022-02-17 09:30:01 -05:00
5a4b508f54
Merge pull request #1718 from guardicore/1697-process-list-collector-pba
...
Make process list collection a PBA
2022-02-17 07:04:21 -05:00
83f544c9f2
Island: Rename mongo query variable in T1082.py
2022-02-17 16:58:41 +05:30
f243e4a722
Agent: Drop testing changes made to mock puppet
2022-02-17 16:58:27 +05:30
a234713e08
Common: Reword process list collection PBA constant
2022-02-17 16:55:29 +05:30
f526933d84
Agent: Add TODO comment regarding OS checks in credential collectors
2022-02-17 06:18:44 -05:00
704236a16f
Common: Alphabetize TelemCategoryEnum
2022-02-16 15:31:26 -05:00
0880e16c54
Agent: Change ICredentialCollector interface to return Sequence
...
Being able to check if the ICredentialCollector returned an empty
Sequence is useful and easier than checking for an "empty" Iterable.
2022-02-16 15:10:38 -05:00
3a3a5f0c9c
Agent: Implement run_credential_collector() in Puppet
2022-02-16 15:01:36 -05:00
10ee9f9e75
Agent: Do not run SSHCredentialsCollector if the OS is not Linux
2022-02-16 14:57:05 -05:00
92ddeebd4e
Island: Add SSHCollector to system info collectors
2022-02-16 14:53:13 -05:00
2f838372b5
Common: Add SSHCollector to system info collectors
2022-02-16 14:52:51 -05:00
dd1df14b8e
Agent: Make credential collector names consistent
2022-02-16 14:52:17 -05:00
c96f272919
UT: Remove linux_credentials_collector test directory
2022-02-16 14:41:04 -05:00
86a218d82b
Agent: Add SSHCredentialCollector to credential_collectors.__init__.py
2022-02-16 14:40:11 -05:00
bf27a8c8ea
Agent: Do not run pypykatz if the OS is not Windows
2022-02-16 14:22:44 -05:00
419aa6fd84
Agent: Replace SysInfo w/ Credential collectors in IMaster and IPuppet
2022-02-16 14:14:45 -05:00
5b53984014
Agent: Fix incorrect return type on PluginRegistry.get_plugin()
2022-02-16 14:11:27 -05:00
5953373125
Agent: Change order in i_puppet/__init__.py to prevent circular import
2022-02-16 14:03:47 -05:00
040b37697b
Agent: Add telemetry type for sending stolen credentials
2022-02-16 13:58:55 -05:00
897bc11d7b
Agent: Use distinct fields for SSH Keypair
2022-02-16 18:37:16 +01:00
5f8e3e3d8e
Agent: Use Telemetry messenger to send SSH collector telemetries
2022-02-16 18:23:29 +01:00
63d632d142
Agent: Rework ssh credential collector to match credential architecture
...
* Parametrize empty result unit test
* Apply small changes to ssh credential collector
2022-02-16 17:37:12 +01:00
a97b8706ec
Agent: Add SSH keypair credential type
2022-02-16 17:29:21 +01:00
b1b0840aed
Agent: Rename SSH credentials collector to match class name
2022-02-16 17:28:11 +01:00
3d64d0d2e4
Island: Refactor T1145 report according to the attack telemetry
2022-02-16 15:44:35 +01:00
6b64b655ce
Agent: Add T1145 attack telemetry
2022-02-16 15:44:35 +01:00
a03a5145a7
Agent: Remove known_hosts from SSH Credential Collector
...
It is not used anywhere.
2022-02-16 15:44:35 +01:00
e9e5e95f49
Agent, UT: Separate ssh_handler from SSH Credential Collector
...
* Add different UTs based on what ssh_handler returns
* Fix logic in SSH Credential Collector
2022-02-16 15:44:35 +01:00
5aa5e33356
Agent, UT: Refactor SSH info collector to credential collector
2022-02-16 15:44:35 +01:00
3017e6b250
UT: Remove references to process list collection system info collector in test data
2022-02-16 17:25:43 +05:30
32cad45676
Island: Refactor post breach telemetry processing functions
2022-02-16 17:09:13 +05:30
44a7b7e148
Island: Fix TODO comment in monkey_island/cc/services/telemetry/processing/post_breach.py
2022-02-16 17:09:13 +05:30
e674f9e0c0
Island: Move antivirus check for ZT report from system info processing to PBA processing
2022-02-16 17:09:10 +05:30
9d3931c380
Island: Fix T1082's mongo query to get the right data
2022-02-16 17:06:17 +05:30
ff6fd52979
UI: Modify how process list collection PBA is shown in Security report
2022-02-16 17:06:17 +05:30
afa7d4fca4
Agent: Modify process list collection PBA to return dict of processes instead of string
2022-02-16 17:06:17 +05:30
5ab7bc520e
UI: Modify variable names in T1082.js as per changes to backend
2022-02-16 17:06:17 +05:30
547d4fce54
Island: Modify T1082's reporting to get data from process collection PBA too
2022-02-16 17:06:17 +05:30
417f40d62d
Agent: Add TODOs in automated master and process collection list PBA
2022-02-16 17:06:17 +05:30
7cee2e49a2
Agent: Improve exception catching logic in process list collection PBA
2022-02-16 17:06:17 +05:30
a8059f021a
Island: Change config schema for process list collection
2022-02-16 17:06:10 +05:30
4839f099a4
Agent: Add process list collection PBA
...
Instead of a system info collector, it is now a PBA.
2022-02-16 17:02:06 +05:30
5d01f12d45
Common: Add PBA const and remove system info collector const for process list collection
2022-02-16 17:02:01 +05:30
976c46cf86
Merge pull request #1715 from guardicore/1695-credential-collectors
...
Agent: define credential collector, credentials interfaces
2022-02-15 14:34:47 -05:00
a9bb2dee70
Agent: Renumber the CredentialType Enum
2022-02-15 14:26:15 -05:00
879abf3df0
Agent: Export MimikatzCredentialCollector from credential_collectors
2022-02-15 14:21:07 -05:00
0583cab8e0
Agent: Rename mimikatz_cred_collector.py to match the class name
2022-02-15 14:17:28 -05:00
569159b11a
Agent: Move the definition of ICredentialCollector to i_puppet
...
Low-level components plug into high-level components. i_puppet defines
all of the interfaces that puppets can use, while the concrete
implementations of these things rely on the definitions in i_puppet.
2022-02-15 14:07:59 -05:00
c39fb6746d
Agent: Rename ICredentialComponent.type -> credential_type
...
"type" is built-in function in Python. To avoid confusion or a potential
name collision, this commit renames the ICredentialComponent.type field
to ICredentialComponent.credential_type
2022-02-15 13:47:01 -05:00
236b545816
UT: Extract function collect_credentials() to reduce code duplication
2022-02-15 13:30:13 -05:00
86f2c7b08c
UT: Parametrize test_mimikatz_collector.test_empty_results()
2022-02-15 13:28:38 -05:00
ebd5642b52
Agent: Refactor credentials and credential_components as dataclasses
...
Using frozen dataclasses for Credentials and ICredentialComponents
automatically creates a useful __eq__() function that allows us to
easily compare credentials-related objects.
2022-02-15 12:27:56 -05:00
811434ff22
Agent: improved type hints in mimikatz_cred_collector.py
2022-02-15 18:41:19 +02:00
ac376a0014
Agent: change the interface of Credentials
...
Refactor from dataclass to object with tuples. This enforces read only identities and secrets so users don't modify them
2022-02-15 18:39:17 +02:00
8868fb9b0c
Agent: change ICredentialComponent interface
...
Interface changed from dataclass (dataclasses are not inheritable) to simple class with type abstract property
2022-02-15 18:35:32 +02:00
26806392ec
Agent: split up nt and lm hash credential types
2022-02-15 18:33:04 +02:00
d392de4a02
Agent: remove ssh_keypair, as it's not used anywhere
2022-02-15 18:32:00 +02:00
ae9fed3c2b
Agent: fixup typehints in ICredentialCollector
2022-02-15 16:16:43 +02:00
01612c402a
Agent: add options to ICredentialCollector interface
2022-02-15 15:25:42 +02:00
0fae933477
Agent: refactor content dict out of credential component
...
Content dict serves no purpose, because dataclasses can be serialized without explicit conversion to dict
2022-02-15 14:46:21 +02:00
vakarisz
Ilija Lazoroski
Shreya Malviya
Mike Salvatore