Shreya Malviya
|
e3045c255a
|
cc: Change variables from snake case to camel case for consistency
|
2021-10-11 18:02:17 +05:30 |
Shreya Malviya
|
ee5585af75
|
cc: Modify T1086 reporting to segregate per category more efficiently
|
2021-10-11 17:59:54 +05:30 |
Shreya Malviya
|
748bca43e9
|
island: Fix eslint warnings (trailing comma and double quotes)
|
2021-10-11 17:46:33 +05:30 |
Shreya Malviya
|
5a4f66d080
|
CHANGELOG: Add entry for T1086 reporting changes
|
2021-10-11 17:40:52 +05:30 |
Shreya Malviya
|
363e42ad7b
|
cc: Change wording for header of PBAs' table in T1086's report
|
2021-10-11 17:30:36 +05:30 |
Shreya Malviya
|
3b11637f16
|
island: Change mongo query to include 'Modify Shell Startup Files' PBA in T1086's report
|
2021-10-11 17:29:46 +05:30 |
Shreya Malviya
|
7fa917581c
|
cc: Add another table for T1086 (PowerShell) used as PBAs
|
2021-10-11 17:21:40 +05:30 |
Shreya Malviya
|
d82f61d524
|
island: Add telem category to data for T1086 reporting
|
2021-10-11 15:22:33 +05:30 |
Shreya Malviya
|
2b789fca90
|
island: Add mongo query for PBAs for T1086 reporting
|
2021-10-11 15:14:40 +05:30 |
Mike Salvatore
|
356b3475cd
|
Merge pull request #1516 from guardicore/encryption-code-quality-improvements
Encryption code quality improvements
|
2021-10-08 08:05:05 -04:00 |
Ilija Lazoroski
|
8cf8f931e1
|
UI: Update packages that caused vulnerabilites
ansi-regex moderate vulnerabilities are still
under review.
|
2021-10-08 08:00:38 -04:00 |
Ilija Lazoroski
|
bc345f84c0
|
UI: Update ansi-regex
|
2021-10-08 08:00:38 -04:00 |
Mike Salvatore
|
97c3ed3b97
|
Island: Rename internal DataStoreEncryptor methods
|
2021-10-07 14:45:00 -04:00 |
Mike Salvatore
|
1a0a07d550
|
Island: Reduce duplication in data_store_encryptor
|
2021-10-07 14:40:52 -04:00 |
Mike Salvatore
|
bdf485e014
|
Island: Rename data_store_encryptor initialization functions
|
2021-10-07 14:40:50 -04:00 |
Mike Salvatore
|
2d414a6f7d
|
Island: Ensure old key files are deleted on reinitialization
|
2021-10-07 14:03:28 -04:00 |
Mike Salvatore
|
ecf4efe11a
|
Merge pull request #1515 from guardicore/proxy-test
Fix proxy schema for tunneling
|
2021-10-07 10:25:43 -04:00 |
Ilija Lazoroski
|
cd23eb2909
|
Agent: Reword note in control
Rewrite control set proxy UT, fix typo in httpfinger
|
2021-10-07 16:18:17 +02:00 |
VakarisZ
|
2d28c4e800
|
Zoo: fix the fullDocs.md by removing the outdated section about monkey configurations, add a sections about what to do with the island if you're a simple user
|
2021-10-07 16:56:10 +03:00 |
VakarisZ
|
f7e0b4fef1
|
Zoo: add missing tunneling-12 image definition to terraform scripts
|
2021-10-07 13:55:48 +03:00 |
Ilija Lazoroski
|
a8182cbb3d
|
UT: Add test for settting agent proxy
|
2021-10-07 10:50:41 +02:00 |
Mike Salvatore
|
9ee00c3044
|
Tests: Reduce code duplication in test_data_store_encryptor.py
|
2021-10-06 12:45:54 -04:00 |
Mike Salvatore
|
c3ea714977
|
Merge pull request #1514 from guardicore/pba-attack-telemetry
Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same
|
2021-10-06 12:12:28 -04:00 |
Ilija Lazoroski
|
a11d1d5f1e
|
Agent: Changed note message for proxy schema
|
2021-10-06 18:10:46 +02:00 |
Ilija Lazoroski
|
3f33bc4a41
|
Agent: Consistent format string for set proxy
|
2021-10-06 18:05:30 +02:00 |
Ilija Lazoroski
|
87b882cb45
|
Agent: Set proxy schema for different OS
|
2021-10-06 16:53:55 +02:00 |
Shreya Malviya
|
5be841d08a
|
island: For ATT&CK techniques mapped to PBAs, consider hostname and IP
of the first entry in the PBA's results
|
2021-10-06 19:27:32 +05:30 |
Shreya Malviya
|
f7e37b0767
|
CHANGELOG: Add entry for bugix that wrongly reported the "`.bash_profile` and `.bashrc`" technique
|
2021-10-06 19:27:29 +05:30 |
Mike Salvatore
|
8310204e66
|
Tests: Test InvalidCiphertextError
|
2021-10-06 09:51:03 -04:00 |
Shreya Malviya
|
f347088412
|
CHANGELOG: Add entry for ATT&CK report telemetry bugfix
|
2021-10-06 16:05:58 +05:30 |
Shreya Malviya
|
c51f80ea3a
|
tests: Modify post breach telem's unit test
|
2021-10-06 15:58:23 +05:30 |
Shreya Malviya
|
e4f5f08a66
|
island: Remove unneeded mongo queries in ATT&CK techniques maped to PBAs
|
2021-10-06 14:50:10 +05:30 |
Shreya Malviya
|
81252e2b6a
|
island: When generating ATT&CK report for techniques mapped to PBAs, check telem event's OS and technique's relevant systems
|
2021-10-06 14:46:17 +05:30 |
Shreya Malviya
|
cccdf7f6c3
|
agent: Send OS info in post breach telem
|
2021-10-06 14:42:26 +05:30 |
Ilija Lazoroski
|
cafd983622
|
Agent: Change proxy scheme format to http
|
2021-10-06 10:24:41 +02:00 |
Mike Salvatore
|
e673667b34
|
Tests: Mark all tests in test_data_store_encryptor as slow
|
2021-10-05 16:48:48 -04:00 |
Mike Salvatore
|
95221ef53a
|
Island: Add reinitialize_datastore_encryptor()
|
2021-10-05 16:48:46 -04:00 |
Mike Salvatore
|
c0b257127a
|
Island: Implement DataStoreEncryptor as a class
This allows us to begin decoupling some implementation details from the
AuthenticationService.
|
2021-10-05 15:59:39 -04:00 |
Mike Salvatore
|
c124db7880
|
Agent: Use different proxy scheme on Windows
|
2021-10-05 13:55:32 -04:00 |
Mike Salvatore
|
0eafc6613a
|
Island: Flatten directory structure for "encryption" package
|
2021-10-05 12:37:05 -04:00 |
Mike Salvatore
|
bf082d36ef
|
Tests: Mark encryption tests as slow
|
2021-10-05 12:14:10 -04:00 |
Mike Salvatore
|
e7fcf933b7
|
Island: Remove try/except from MimikatzResultsEncryptor.encrypt()
Catching this exception was a workaround for an issue that was resolved
in PR #1508.
|
2021-10-05 12:12:38 -04:00 |
Mike Salvatore
|
849ced2334
|
Tests: Improve telemetry_dal tests
* Reduce unnecessary mocking
* Remove defunct "mimikatz" field from mock telemetry
* Test encryption/decryption of all secret types for all users
|
2021-10-05 12:10:46 -04:00 |
Mike Salvatore
|
8f9289517f
|
Tests: Decouple uses_encryptor() fixture from AuthenticationService
|
2021-10-05 11:52:33 -04:00 |
Mike Salvatore
|
a24979155f
|
Island: Improve logging in PasswordBasedBytesEncryptor
|
2021-10-05 11:52:33 -04:00 |
Mike Salvatore
|
5aa0506ce1
|
Island: Use relative imports inside encryption package
|
2021-10-05 11:52:33 -04:00 |
Mike Salvatore
|
f65251ddde
|
Island: Rename password_based_string_encrypt{i,}or.py
|
2021-10-05 11:52:33 -04:00 |
Mike Salvatore
|
4944947b10
|
Island: Rename password_based_bytes_encrypt{ion,or}.py
|
2021-10-05 11:52:33 -04:00 |
Ilija Lazoroski
|
e80662f7f8
|
Agent: Check for empty result in Modify shell files
|
2021-10-05 10:39:50 -04:00 |
VakarisZ
|
0a4973a66e
|
Merge pull request #1512 from guardicore/mimikatz_collector_fix
Mimikatz collector fix
|
2021-10-05 17:17:39 +03:00 |