e993998432
Agent: Make ExploiterResultData a dataclass instead of a named tuple
...
and modify HostExploiter and the SSH exploiter accordingly
2022-02-23 18:28:32 +05:30
d8e203dd50
Project: Change readme and remove shellshock from vulture
2022-02-23 13:50:12 +01:00
ddc77e6d6a
Zoo: Remove ShellShock Exploiter
2022-02-23 13:50:12 +01:00
fe3b263398
Docs: Remove ShellShock documentation
2022-02-23 13:50:12 +01:00
291755e5c9
UT: Remove ShellShock from tests config
2022-02-23 13:50:05 +01:00
60d16ea4d6
Island: Remove ShellShock Exploiter
2022-02-23 13:48:41 +01:00
64b900b94d
Agent: Remove ShellShock exploiter
2022-02-23 13:48:41 +01:00
1e12a55240
UT: Use time.per_counter_ns() in test_request_cache()
...
The time.time() function on windows does not provide adequate resolution
for test_request_cache(). For comparison, the time.get_clock_info()
function shows the resolution of the clock.
Linux:
>>> import time
>>> time.get_clock_info("time")
namespace(
adjustable=True,
implementation='clock_gettime(CLOCK_REALTIME)',
monotonic=False,
resolution=1e-09
)
>>> time.get_clock_info("perf_counter")
namespace(
adjustable=False,
implementation='clock_gettime(CLOCK_MONOTONIC)',
monotonic=True,
resolution=1e-09
)
Windows:
>>> time.get_clock_info("time")
namespace(
adjustable=True,
implementation='GetSystemTimeAsFileTime()',
monotonic=False,
resolution=0.015625
)
>>> time.get_clock_info("perf_counter")
namespace(
adjustable=False,
implementation='QueryPerformanceCounter()',
monotonic=True,
resolution=1e-07
)
As shown above, the "perf_counter" clock on Windows if over 5 orders of
magnitude more precise than the "time" clock. This lack of precision
caused the test to fail on Windows, as the entire test often ran in less
than 0.015625 seconds.
2022-02-23 07:44:56 -05:00
2a8186928d
Agent: Remove unused function `send_exploit_telemetry` in `HostExploiter`
2022-02-23 17:42:00 +05:30
58703f9b5b
Agent: Remove code that set `exploit_result`'s fields to the default value in SSH exploiter
2022-02-23 17:38:48 +05:30
3fee7dec90
Merge pull request #1731 from guardicore/1695-parsing-mimikatz
...
1695 parsing mimikatz
2022-02-23 13:58:47 +02:00
4ecc5283e5
Agent: Rename function for returning ExploiterResultData
2022-02-23 17:11:53 +05:30
6cdb86aa4b
Agent: Add TODO comment for VictimHost type hint to HostExploiter.py
2022-02-23 17:10:53 +05:30
03178b6011
Island: Fix attack technique T1210
2022-02-23 10:59:28 +01:00
a0b5ac2330
Agent: Fix monkey exploitation reporting
2022-02-23 10:59:28 +01:00
4dfe0cf7db
Agent: Remove monkey import from exploit_telem
2022-02-23 10:59:28 +01:00
522d0d388d
Agent: Modify SSH exploiter to return ExploiterResultData
2022-02-23 10:59:21 +01:00
58b1a04bd7
Agent: Modify exploit_host() to accept object instead of string
2022-02-22 19:30:53 +01:00
f2b2a9c5c3
Agent: Modify SSH exploit
...
* Remove credential hashes from logs
* Get rid of config and use brute_force utils
* Use telemetry messenger to send attack telemetries
* Zerologon and Powershell needs to be revised based on UT
2022-02-22 19:24:21 +01:00
8c90a98d05
UT: rename mimikatz credential processing to credential processing
2022-02-22 17:42:36 +02:00
0cbfc79a92
Island: remove unfinished ssh key processor
2022-02-22 17:42:33 +02:00
719d8dd2ad
Island, Agent, Common: rename CredentialsType to CredentialComponentType
2022-02-22 17:41:38 +02:00
c87297eb2a
Island: fix a bug in lm_hash_processor.py
2022-02-22 17:40:56 +02:00
80bf561820
Island: fix a bug in lm_hash_processor.py
2022-02-22 17:40:56 +02:00
600753b53c
Island: add username processor
2022-02-22 17:40:56 +02:00
4b3750076a
Agent, Island, Common: change code to process CredentialType value
...
Island: rename credentials_type.py
2022-02-22 17:40:55 +02:00
bb760c7e8a
Island: fix detection if credential is a keypair
2022-02-22 17:21:48 +02:00
d874cd9d5a
Agent: fix broken pwd import on windows for ssh_handler.py
2022-02-22 17:18:57 +02:00
b344676425
Agent: add basic log statements to the mimikatz collector
2022-02-22 17:18:32 +02:00
036388e704
Agent: don't log the contents of credentials telemetries
2022-02-22 17:18:31 +02:00
b224348881
Island: Fix credential collector parsing for SSH
2022-02-22 17:18:31 +02:00
c96674f834
Island, Agent: fixed imports to reference credential type enum in common
2022-02-22 17:18:31 +02:00
73434537fe
Island: remove system_info processing file
...
No system info telemetries need to be processed anymore
2022-02-22 17:18:31 +02:00
5471e9854c
Island: remove credentials parsing boundary
2022-02-22 17:18:31 +02:00
a8717dc691
Agent: rename and move credentials_type enum to common
2022-02-22 17:18:31 +02:00
597fe35806
Island: Remove WMI handler that processed wmi info
...
* Leftover from broken info gathering package
2022-02-22 17:18:31 +02:00
5c5e170296
Island: Add processors for credentials
2022-02-22 17:18:31 +02:00
96bd7bca24
Merge pull request #1728 from guardicore/1605-modify-exploit-result-data
...
Modify ExploiterResultData
2022-02-22 20:38:22 +05:30
b91f3b1551
Agent: Fix comment in ExploitTelem
2022-02-22 17:54:31 +05:30
f0679ebb26
Agent: Move `pwd`'s import statement to avoid using try/except
2022-02-22 17:49:08 +05:30
e47239f81c
Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData
2022-02-22 14:08:39 +05:30
dff5bde894
UT: Modify ExploitTelem calls in UTs
2022-02-22 12:50:01 +05:30
afb7210179
Agent: Modify ExploitTelem to accept param of type ExploiterResultData
2022-02-22 12:47:42 +05:30
4b83c79134
Merge pull request #1724 from guardicore/1605-pass-wormconfig-options
...
1605 pass wormconfig options
2022-02-21 13:52:28 +01:00
c83285c782
Agent: Modify exploiters to have general and exploiter options
2022-02-21 13:45:58 +01:00
10d8dc1f33
Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option
...
Remove `skip_exploit_if_file_exist` config option
2022-02-21 17:59:51 +05:30
3c80e1c38b
UT: Remove `skip_exploit_if_file_exist` config field
2022-02-21 16:46:23 +05:30
201a838e23
Island: Remove `skip_exploit_if_file_exist` from internal config
2022-02-21 16:45:45 +05:30
e6f4c74b79
Agent: Remove `skip_exploit_if_file_exist` option
2022-02-21 16:45:17 +05:30
1cce742692
UT: Fix UTs as per changes to ExploiterResultData and ExploitTelem
2022-02-21 16:02:00 +05:30
Shreya Malviya
Ilija Lazoroski
Mike Salvatore
VakarisZ
vakarisz