5c872a67c3
Agent: Simplify generate_username_password_or_ntlm_hash_combinations()
2022-02-18 08:01:49 -05:00
b7c7650f49
Agent: Copy credential generation from WormConfig to new brute_force.py
...
* Create a new module for useful functions for brute-force exploiters
* Copy functions for generating all pairs of username/password to
brute_force.py
* Replace specific functions for generating username/password pairs and
username/ssh_key pairs with a single generate_identity_secret_pairs()
function, since the distinction is no longer needed.
* Add unit tests
2022-02-18 08:00:46 -05:00
915c58e8cc
Agent, Island: Modify config to remove boolean propagator field
2022-02-18 06:06:11 -05:00
0bfa0cd1ca
Merge pull request #1721 from guardicore/1605-get-updated-credentials
...
1605 get updated credentials
2022-02-18 06:01:25 -05:00
c66671821c
Agent: update pypykatz version to 0.5.2
...
Update contains fixes for latest windows versions
2022-02-18 10:10:25 +02:00
e2d116fdf1
Agent: Make request_cache() decorator thread-safe
2022-02-17 14:40:07 -05:00
4005ea2924
Agent: Add caching to ControlChannel.get_credentials_for_propagation()
2022-02-17 14:34:21 -05:00
c3e9690280
Agent: Add request_cache decorator
2022-02-17 14:25:03 -05:00
2305a9d413
UT: Add fixture to test_exploiter to remove code duplication
2022-02-17 12:41:27 -05:00
7551f254fc
Agent: Query for updated credentials in Exploiter
...
Allows exploiters to be run with the most up-to-date configured and
stolen credentials from the Island.
2022-02-17 12:36:17 -05:00
095572f919
Merge branch '1606-run-credential-collectors' into agent-refactor
...
PR #1719
2022-02-17 09:30:01 -05:00
5a4b508f54
Merge pull request #1718 from guardicore/1697-process-list-collector-pba
...
Make process list collection a PBA
2022-02-17 07:04:21 -05:00
44b8947497
Docs: Remove adding-system-info-collectors.md
2022-02-17 17:01:05 +05:30
83f544c9f2
Island: Rename mongo query variable in T1082.py
2022-02-17 16:58:41 +05:30
f243e4a722
Agent: Drop testing changes made to mock puppet
2022-02-17 16:58:27 +05:30
a234713e08
Common: Reword process list collection PBA constant
2022-02-17 16:55:29 +05:30
f526933d84
Agent: Add TODO comment regarding OS checks in credential collectors
2022-02-17 06:18:44 -05:00
704236a16f
Common: Alphabetize TelemCategoryEnum
2022-02-16 15:31:26 -05:00
cc27dc9710
Changelog: Add changelog entry for SSHCollector
2022-02-16 15:17:13 -05:00
0880e16c54
Agent: Change ICredentialCollector interface to return Sequence
...
Being able to check if the ICredentialCollector returned an empty
Sequence is useful and easier than checking for an "empty" Iterable.
2022-02-16 15:10:38 -05:00
3a3a5f0c9c
Agent: Implement run_credential_collector() in Puppet
2022-02-16 15:01:36 -05:00
10ee9f9e75
Agent: Do not run SSHCredentialsCollector if the OS is not Linux
2022-02-16 14:57:05 -05:00
92ddeebd4e
Island: Add SSHCollector to system info collectors
2022-02-16 14:53:13 -05:00
2f838372b5
Common: Add SSHCollector to system info collectors
2022-02-16 14:52:51 -05:00
dd1df14b8e
Agent: Make credential collector names consistent
2022-02-16 14:52:17 -05:00
c96f272919
UT: Remove linux_credentials_collector test directory
2022-02-16 14:41:04 -05:00
86a218d82b
Agent: Add SSHCredentialCollector to credential_collectors.__init__.py
2022-02-16 14:40:11 -05:00
bf27a8c8ea
Agent: Do not run pypykatz if the OS is not Windows
2022-02-16 14:22:44 -05:00
419aa6fd84
Agent: Replace SysInfo w/ Credential collectors in IMaster and IPuppet
2022-02-16 14:14:45 -05:00
5b53984014
Agent: Fix incorrect return type on PluginRegistry.get_plugin()
2022-02-16 14:11:27 -05:00
5953373125
Agent: Change order in i_puppet/__init__.py to prevent circular import
2022-02-16 14:03:47 -05:00
040b37697b
Agent: Add telemetry type for sending stolen credentials
2022-02-16 13:58:55 -05:00
49f1675b38
Merge pull request #1717 from guardicore/1695-ssh-credential-collector
...
1695 ssh credential collector
2022-02-16 12:45:38 -05:00
897bc11d7b
Agent: Use distinct fields for SSH Keypair
2022-02-16 18:37:16 +01:00
5f8e3e3d8e
Agent: Use Telemetry messenger to send SSH collector telemetries
2022-02-16 18:23:29 +01:00
63d632d142
Agent: Rework ssh credential collector to match credential architecture
...
* Parametrize empty result unit test
* Apply small changes to ssh credential collector
2022-02-16 17:37:12 +01:00
a97b8706ec
Agent: Add SSH keypair credential type
2022-02-16 17:29:21 +01:00
b1b0840aed
Agent: Rename SSH credentials collector to match class name
2022-02-16 17:28:11 +01:00
3d64d0d2e4
Island: Refactor T1145 report according to the attack telemetry
2022-02-16 15:44:35 +01:00
6b64b655ce
Agent: Add T1145 attack telemetry
2022-02-16 15:44:35 +01:00
a03a5145a7
Agent: Remove known_hosts from SSH Credential Collector
...
It is not used anywhere.
2022-02-16 15:44:35 +01:00
e9e5e95f49
Agent, UT: Separate ssh_handler from SSH Credential Collector
...
* Add different UTs based on what ssh_handler returns
* Fix logic in SSH Credential Collector
2022-02-16 15:44:35 +01:00
5aa5e33356
Agent, UT: Refactor SSH info collector to credential collector
2022-02-16 15:44:35 +01:00
7787984f4a
BB: Remove ProcessListCollector from BB config templates
2022-02-16 17:31:40 +05:30
3017e6b250
UT: Remove references to process list collection system info collector in test data
2022-02-16 17:25:43 +05:30
32cad45676
Island: Refactor post breach telemetry processing functions
2022-02-16 17:09:13 +05:30
44a7b7e148
Island: Fix TODO comment in monkey_island/cc/services/telemetry/processing/post_breach.py
2022-02-16 17:09:13 +05:30
123f0aab16
Changelog: Add entry for process list collection PBA
2022-02-16 17:09:13 +05:30
e674f9e0c0
Island: Move antivirus check for ZT report from system info processing to PBA processing
2022-02-16 17:09:10 +05:30
9d3931c380
Island: Fix T1082's mongo query to get the right data
2022-02-16 17:06:17 +05:30
Mike Salvatore
Ilija Lazoroski
vakarisz
Shreya Malviya