4316329384
Project: Add strict_slashes to vulture_allowlist
2022-03-25 07:57:54 -04:00
a1d08abe19
Project: Rename EXPLOITED_* to PROPAGATED_*
...
These states were renamed in 5e3829aab2c8aef6d8
2022-03-25 07:57:54 -04:00
bfd9084ce1
Project: Add architecture parameter to vulture_allowlist
2022-03-16 13:39:39 -04:00
cd3f5e7f16
Project: Add get_file_sha256_hash() to vulture_allowlist.py
2022-03-16 13:38:33 -04:00
1d15288b64
Agent, Island: remove/rename system info collection infrastructure
...
System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly
2022-03-01 14:54:20 +02:00
afc98667c4
Island: remove unused "creds" properties from monkey model
2022-02-25 15:38:36 +02:00
a599edec15
Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist
2022-02-24 15:12:00 +05:30
d8e203dd50
Project: Change readme and remove shellshock from vulture
2022-02-23 13:50:12 +01:00
fcfa01223d
Project: Remove ProcessListCollector from Vulture allowlist
2022-02-16 17:06:17 +05:30
7f6496b330
Island, UT: Remove system info AWS Collector
2022-02-14 12:00:08 +01:00
9dc0a6ed6f
Project: Remove removed Scoutsuite constants from Vulture allowlist
2022-02-09 14:27:20 +05:30
2c88d6053c
Project: Remove deleted constants from Vulture's allowlist
2022-02-01 16:40:06 +01:00
b5c51bedc1
Island, UT: Remove Bootloader endpoint
2022-02-01 15:32:13 +01:00
ff87252a24
Agent, Island: Remove MS08_67 exploiter
2022-01-31 11:11:33 +01:00
e1cf4fa9c2
Merge branch 'release/1.13.0' into agent-refactor
2022-01-25 13:35:49 -05:00
a5a4957c29
Agent: small readability and style improvements
2022-01-18 15:01:47 +02:00
9d5ea0f41f
Island: add log4shell issue processing and reporting
2022-01-06 12:26:00 +02:00
c382987430
Project: vulture allow LDAPServerFactory.buildProtocol
2022-01-05 15:18:12 +02:00
c129e2f4b0
Project: Remove mysqlfinger references in Vulture
2021-12-14 14:54:20 +01:00
4fdd3370ca
Island, UI: implement the endpoint for stopping all monkeys, change the UI to call this endpoint and send a timestamp of button press
2021-12-08 14:48:57 +02:00
137afa6473
Agent: Don't register new signal handler in monkey.py (for now)
...
The signal handler is not quite ready for prime time. Issue #1595 and
issue #1597 will need to be resolved before the signal handler can be
fully ready. For now, don't register the signal handler.
2021-11-24 13:46:18 -05:00
7b0f08ee54
Agent: Finish implementing MockMaster
...
Also modified ExploitTelem and PostBreachTelem internals, and
MockPuppet.
2021-11-24 13:54:46 +05:30
839024f243
Island: Fix formatting in config
2021-11-23 15:20:19 +01:00
4fc484cd8d
Agent: Add a preliminary MockPuppet implementation
2021-11-22 13:05:30 -05:00
a8d6f936f1
Agent, Island: remove hostname collector
2021-11-17 11:30:12 +02:00
0175199540
Island, Agent: remove environment collector
2021-11-16 17:49:38 +02:00
f5c8db979f
Project: remove remaining sambacry exploiter references in performance.py config template, vulture_allowlist.py and monkey_config_standard.json unit test data file
2021-11-10 15:44:05 +02:00
ee79ea0a9d
Project: Remove variable 'VSFTPD' from Vulture's allowlist
2021-10-29 18:15:38 +05:30
8b9ddb0c4b
Removed unnecessary vulture ignores from whitelist
2021-09-28 11:04:42 +03:00
e6ad125be9
Change the telemetry model to have a method for fetching the telemetries based on queries.
...
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
c7e91c5784
Add report model and a unit test for it's encryption
2021-09-21 10:39:39 +03:00
805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
...
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
8aedc2c391
Agent: Add pyinstaller hooks for pypsrp
2021-08-25 14:44:31 -04:00
5cee9443ff
Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
...
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00
b6c3623e74
agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')
2021-08-24 13:15:47 +05:30
2b71fb80c7
Fixed missing powershell exploiter report components.
2021-08-24 11:40:39 +05:30
9966c54fe2
Added powershell remoting exploiter.
2021-08-24 11:40:39 +05:30
91ca828c72
Monkey: add launch time to the monkey collection
...
Launch time is needed if we want to tell the user when exactly the exploit occurred/monkey got run
2021-07-26 11:28:40 +03:00
81a8ccf673
Island: Return empty post status for island mode
2021-07-13 10:25:48 -04:00
96fc33025e
Island: Redirect gevent tracebacks to file and log exceptions
...
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.
Fixes #859
2021-07-06 08:39:30 -04:00
01b9c41c6e
Remove mock_home_env() from vulture_allowlist.py
2021-07-02 18:59:24 -04:00
6307606010
Remove get_files_to_encrypt from Vulture's allow list
2021-06-23 07:14:57 -04:00
5b64ea5151
agent: ransomware: Iterate through files in directory and get list of files to encrypt
2021-06-22 19:30:44 +05:30
fc1f12c24d
Implemented safety check on import.
2021-06-03 17:02:12 +03:00
9fcfaac781
Improved exceptions thrown in configuration decryption and unit tests.
2021-06-03 17:01:56 +03:00
52b57a7166
Have Vulture skip tests/ instead of tests/unit_tests/
2021-06-03 11:57:44 +05:30
b69c1c531a
Rename vulture_whitelist.py -> vultue_allowlist.py
2021-06-02 13:08:37 +05:30
Mike Salvatore
vakarisz
Shreya Malviya
Ilija Lazoroski