Commit Graph

6343 Commits

Author SHA1 Message Date
Mike Salvatore ecf4efe11a
Merge pull request #1515 from guardicore/proxy-test
Fix proxy schema for tunneling
2021-10-07 10:25:43 -04:00
Ilija Lazoroski cd23eb2909 Agent: Reword note in control
Rewrite control set proxy UT, fix typo in httpfinger
2021-10-07 16:18:17 +02:00
VakarisZ 2d28c4e800 Zoo: fix the fullDocs.md by removing the outdated section about monkey configurations, add a sections about what to do with the island if you're a simple user 2021-10-07 16:56:10 +03:00
VakarisZ f7e0b4fef1 Zoo: add missing tunneling-12 image definition to terraform scripts 2021-10-07 13:55:48 +03:00
Ilija Lazoroski a8182cbb3d UT: Add test for settting agent proxy 2021-10-07 10:50:41 +02:00
Mike Salvatore c3ea714977
Merge pull request #1514 from guardicore/pba-attack-telemetry
Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same
2021-10-06 12:12:28 -04:00
Ilija Lazoroski a11d1d5f1e Agent: Changed note message for proxy schema 2021-10-06 18:10:46 +02:00
Ilija Lazoroski 3f33bc4a41 Agent: Consistent format string for set proxy 2021-10-06 18:05:30 +02:00
Ilija Lazoroski 87b882cb45 Agent: Set proxy schema for different OS 2021-10-06 16:53:55 +02:00
Shreya Malviya 5be841d08a island: For ATT&CK techniques mapped to PBAs, consider hostname and IP
of the first entry in the PBA's results
2021-10-06 19:27:32 +05:30
Shreya Malviya f7e37b0767 CHANGELOG: Add entry for bugix that wrongly reported the "`.bash_profile` and `.bashrc`" technique 2021-10-06 19:27:29 +05:30
Shreya Malviya f347088412 CHANGELOG: Add entry for ATT&CK report telemetry bugfix 2021-10-06 16:05:58 +05:30
Shreya Malviya c51f80ea3a tests: Modify post breach telem's unit test 2021-10-06 15:58:23 +05:30
Shreya Malviya e4f5f08a66 island: Remove unneeded mongo queries in ATT&CK techniques maped to PBAs 2021-10-06 14:50:10 +05:30
Shreya Malviya 81252e2b6a island: When generating ATT&CK report for techniques mapped to PBAs, check telem event's OS and technique's relevant systems 2021-10-06 14:46:17 +05:30
Shreya Malviya cccdf7f6c3 agent: Send OS info in post breach telem 2021-10-06 14:42:26 +05:30
Ilija Lazoroski cafd983622 Agent: Change proxy scheme format to http 2021-10-06 10:24:41 +02:00
Mike Salvatore c124db7880 Agent: Use different proxy scheme on Windows 2021-10-05 13:55:32 -04:00
Ilija Lazoroski e80662f7f8 Agent: Check for empty result in Modify shell files 2021-10-05 10:39:50 -04:00
VakarisZ 0a4973a66e
Merge pull request #1512 from guardicore/mimikatz_collector_fix
Mimikatz collector fix
2021-10-05 17:17:39 +03:00
VakarisZ bc422128f5 Monkey: add CHANGELOG.md entry about fixed Mimikatz credential collector when Azure credential collector is disabled 2021-10-05 17:16:51 +03:00
VakarisZ bbda934082 Monkey: include credential key into info dict of InfoCollector class
This change cleans up the code because the info collectors can just add credentials to the info dictionary without explicitly checking if the key already exists
2021-10-05 16:04:02 +03:00
Shreya Malviya 19765c7021
Merge pull request #1508 from guardicore/encryptor-with-utf8-chars
Change KeyBasedEncryptor's padding
2021-10-05 14:18:11 +05:30
Shreya Malviya 19dad89468 CHANGELOG: Add entry for encryptor not working with utf-8 characters bugfix 2021-10-05 12:31:17 +05:30
Shreya Malviya f2b632e46a tests: Add KeyBasedEcnryptor unit test for plaintext which is a multiple of block size in length 2021-10-05 12:31:17 +05:30
Shreya Malviya 06778b7525 island: Remove thin wrappers for padding in KeyBasedEncryptor, call inline 2021-10-05 12:31:17 +05:30
Shreya Malviya f1b9683617 tests: Use pytest's parametrize for KeyBasedEncryptor's unit tests 2021-10-05 12:31:17 +05:30
Shreya Malviya f6b1330982 tests: Add test cases for KeyBasedEncryptor's tests 2021-10-05 12:31:17 +05:30
Shreya Malviya 404228b04c island: Modify KeyBasedEncryptor to get rid of redundant encoding and decoding 2021-10-05 12:31:17 +05:30
Shreya Malviya fc1affc0e7 island: Change KeyBasedEncryptor's padding functions to use Crypto.Util.Padding 2021-10-05 12:31:17 +05:30
Shreya Malviya 3ab660b8fe tests: Add unit tests for key based encryptor 2021-10-05 12:31:16 +05:30
VakarisZ af99482a4a
Merge pull request #1506 from guardicore/mongo_key_encryption
Mongo key encryption
2021-10-04 15:10:12 +03:00
VakarisZ ddff2f0aa4 Refactor a couple of imports into a shorter import statement 2021-10-04 14:59:26 +03:00
VakarisZ 3b5dd6ac3e Remove database initialization during island startup
Database initialization can not be done because island doesn't know the key needed for encrypting collections. Since the key only appears after registration, database setup also should happen only after registration
2021-10-04 14:23:50 +03:00
VakarisZ a2b09a9e7a Fix unit tests for data store encryptor 2021-10-04 14:21:07 +03:00
VakarisZ ea6fe37b44 Fix scoutsuite unit test to use updated datastore encryptor interface 2021-10-04 12:13:55 +03:00
VakarisZ 3ec26bcef8 Refactor data store encryptor to IEncryptor interface, move data store encryptor creation related code to data_store_encryptor.py, move the reponsibility to initialize data store encryptor to AuthenticationService 2021-10-04 12:03:30 +03:00
VakarisZ 34d065ce69 Move encryptors into a separate folder
This separates encryptor classes from other encryption related infrastructure that we have cc\server_utils\encryption
2021-10-04 11:09:42 +03:00
VakarisZ 9d6dc3b026 Move all encryptor building related code to encryptor_factory.py from data_store_encryptor.py 2021-10-01 17:33:55 +03:00
Mike Salvatore 2adf5a7f64
Merge pull request #1503 from guardicore/629/ship-db-with-attack-mitigations
Ship database with attack mitigations
2021-10-01 09:01:35 -04:00
Mike Salvatore 4ef0f542b8 Docs: Add description of Attack Mitigations 2021-10-01 09:00:32 -04:00
VakarisZ 26ba02a1d0 Refactor get_credentials_from_request to get_username_password_from_request
This better indicates that get_username_password_from_request returns a username/password pair rather than UserCreds structure
2021-10-01 15:33:46 +03:00
VakarisZ da169dddc9 Refactor DataStoreEncryptor by splitting up initialization related methods into EncryptorFactory
This makes encryptor initialization workflow more straight-forward and the files become smaller, easier to read
2021-10-01 15:24:48 +03:00
Mike Salvatore 9436f5f5e1 Island: Remove stix2 dependency 2021-10-01 07:55:33 -04:00
VakarisZ b2bbb62bdd Add CHANGELOG.md entry for #1463 (Encrypt the database key with user's credentials.) 2021-10-01 12:48:08 +03:00
VakarisZ ddae09278e Refactor test_data_store_encryptor.py to use (path / to / file).isfile() syntax to check for presence of files 2021-10-01 12:44:05 +03:00
VakarisZ 4cbed6dce9 Fix typos and rename files/classes related to data store encryptor. Change PasswordBasedBytesEncryptor interface to use bytes instead of io.BytesIO 2021-10-01 12:34:21 +03:00
VakarisZ e280c4fb5a Move data store encryptor secret generation into the data store encryptor from credential_utils.py 2021-10-01 11:58:32 +03:00
VakarisZ f97ec4e9ed Implement data store encryptor key removal on registration and unit tests for data store encryptor
Data store key needs to be deleted upon registration to create a new one.
2021-10-01 11:26:43 +03:00
Mike Salvatore 2f88de6f08 Build: Fix AppImage package version 2021-09-30 15:41:37 -04:00