p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity
6,343 Commits 31 Branches 20 Tags 48 MiB
Commit Graph

6343 Commits

Author SHA1 Message Date
Ilija Lazoroski 071a4eb1a7 Island: Add IEncryptor to __init__ 
Dnt abbrev in PassworBasedEncryptor and KeyBasedEncryptor
Add comment for review and evaluate the padding function
 2021-09-23 17:52:15 +02:00
Shreya Malviya 2cc00205f1 island: Modify ATT&CK report messages to mention reasons 
1. not run on relevant system
2. relevant config options were disabled
 2021-09-23 16:39:05 +05:30
Ilija Lazoroski 1b91616778 Island: Add explanation for KBE and PBE 
KeyBasedEncryptor and PasswordBasedEncryptor
 2021-09-23 12:44:05 +02:00
Ilija Lazoroski a661dc4fe6 Island: Refactor encryptors 
All encryptors are moved to server_utils/encryption.
They were renamed according to the class name.
Everywhere that we had use the encryptors I have updated the names.
Unit tests are also moved to UTs server_utils/encryption.
 2021-09-22 22:48:13 +02:00
Ilija Lazoroski 803d1c910f Island: Separate password and key encryption 2021-09-22 18:10:16 +02:00
Shreya Malviya f730e75cc8 island: Change `pass` to `...` for abstract properties in 
cc/services/attack/technique_reports/

See https://stackoverflow.com/a/58321197/10629482.
 2021-09-22 19:21:20 +05:30
Shreya Malviya b0b0f515d0 island: Add abstract property `relevant_systems` to AttackTechnique and declare it for all techniques left 2021-09-22 19:15:06 +05:30
Shreya Malviya 8e733a8440 island: Add `relevant_systems` property to attack techniques that run on 
specific systems

And remove hardcoded "since it didn't run on any ... systems" from the unscanned
message for those techniques
 2021-09-22 18:30:35 +05:30
Shreya Malviya 9564fb1aaa island: Move T1216's details from T1216.py to attack_schema.py so that it's 
shown in the config instead of the ATT&CK report
 2021-09-22 18:23:17 +05:30
Mike Salvatore 380d0ee74f
Merge pull request #1479 from guardicore/1476/upgrade-python-deps 
Update Python dependencies
 2021-09-22 08:30:13 -04:00
Mike Salvatore 67b23c42bf Tests: Simplify test names in test_string_list_encryptor.py 2021-09-22 07:44:54 -04:00
Shreya Malviya ba2207b21d island: Remove unneeded function to get reverse schema 2021-09-22 16:16:46 +05:30
Shreya Malviya f9e994d8f8 island: Update doc link for PowerShell exploiter 2021-09-22 16:13:34 +05:30
Shreya Malviya 836069ab11 island: Change config schema definitions' titles to title case and so 
they make more sense
 2021-09-22 16:10:13 +05:30
Shreya Malviya 26b0793331 island: Add code to create reverse schema i.e. each attack technique 
mapped to its config fields
 2021-09-22 15:53:52 +05:30
Ilija Lazoroski 71d0cccdba Island: Update boto3, botocore and awscli 
botocore is dependency of boto3 which is
then dependency of awscli.
 2021-09-22 11:26:47 +02:00
Ilija Lazoroski 57bce38661 Agent: Upgrade urllib3 to 1.26.5 
It should work because all the deps are
there.
 2021-09-22 11:23:07 +02:00
VakarisZ ba4aabb67f
Merge pull request #1477 from guardicore/report_encryption 
Report encryption
 2021-09-22 11:48:22 +03:00
VakarisZ 88f3a2b9ca Add unit tests for string list encryptor 2021-09-22 10:23:41 +03:00
VakarisZ a1c0af4257 Improve readability and test empty list in test_report_model.py 2021-09-22 10:21:48 +03:00
Mike Salvatore 627a31c902 Island: Remove string_encryptor.py 2021-09-21 13:58:16 -04:00
Mike Salvatore 2ddd369afd Island: Move encode/decode dot mongo functions to Report model 2021-09-21 13:58:14 -04:00
Mike Salvatore f662369a07 Tests: Decouple test_report_model.py from StringListEncryptor 2021-09-21 12:51:55 -04:00
Mike Salvatore 13ba0b9091 Island: Rename FieldType to FieldEncryptor 
* Switch FieldTypeABC from abstract class to interface, since there's no
  intention of ever implementing FieldTypeABC's methods.

* Rename FieldTypeABC to IFieldEncryptor and rename StringList to
  StringListEncryptor.
 2021-09-21 12:30:35 -04:00
Mike Salvatore 96ac13c579
Merge pull request #1478 from guardicore/powershell-pth-on-windows 
Powershell pth on windows
 2021-09-21 08:14:45 -04:00
VakarisZ 5077d84269 Change report service to use report model. 
Because report saving/fetching happens through model, model can encrypt/decrypt sensitive data
 2021-09-21 10:45:39 +03:00
VakarisZ ea7a75df26 Add infrastructure for encrypting fields in database. 2021-09-21 10:43:34 +03:00
VakarisZ c7e91c5784 Add report model and a unit test for it's encryption 2021-09-21 10:39:39 +03:00
VakarisZ cf7b94613b Rename test_config_encryption.py to test_encryption.py 
This change is done because the code being tested is in encryption.py, not in config_encryption.py
 2021-09-21 10:25:48 +03:00
VakarisZ f61602552f Island: update dpath to the latest v2.0.5 and other packages version updates. 
dpath lib had to be updated to get a bugfix
 2021-09-21 10:19:21 +03:00
Mike Salvatore 8fc79c2fe3 Agent: Use pyspnego with bugfix to enable PowerShell PTH on Windows 
Specify commit 3f748f21 of pyspnego, as this commit contains a bugfix
that allows Infection Monkey to launch pass-the-hash attacks from a
Windows attacker.
 2021-09-20 20:43:00 -04:00
ilija-lazoroski 4afeba6334
Merge pull request #1475 from guardicore/1468/fix-nodejs-dependencies 
Update nodejs dependencies
 2021-09-20 09:58:59 +02:00
Mike Salvatore 844d244d67 Agent: Use NTLM specifically for PowerShell if using pass-the-hash 2021-09-17 11:43:06 -04:00
Mike Salvatore 79aacf3dcb Agent: Extract _get_*() functions from get_auth_options() 2021-09-17 11:42:52 -04:00
Mike Salvatore 444fb90f93 Agent: Return single AuthOptions from get_auth_options() 
The test suite was overly complicated for get_auth_options(), which
indicated that, perhaps, the function itself was overly complicated.
Previously, it accepted a list of Credentials and returned a list of
AuthOptions. Now, it accepts a single Credentials object and returns a
single AuthOptions object. This simpler interface allowed the test suite
to be easier to read, while adding negligible complexity to
PowerShellExploiter._exploit_host()
 2021-09-17 11:30:32 -04:00
Ilija Lazoroski 83615e8c66 UI: Upgrade babel/cli due to vuln in glob-parent 2021-09-17 16:22:28 +02:00
Ilija Lazoroski aac1b00553 UI: Replace node-sass with sass (Dart Sass) 
Note: There are some annoying deprecation warnings
which come from bootstrap. Those can be dealt with
if we upgrade bootstrap.
 2021-09-17 14:55:21 +02:00
Ilija Lazoroski f942e87b75 UI: Update npm webpack 
Note: webpack doesn't have verbose option anymore
 2021-09-17 14:02:33 +02:00
Mike Salvatore 9d07f82bd6 Fix typo in CHANGELOG 2021-09-17 07:46:27 -04:00
VakarisZ 5a8507e5c6 Add the removal of "Execution through the module load" T1129 attack technique to the CHANGELOG.md 2021-09-17 14:21:06 +03:00
VakarisZ b69916428b Remove T1129 attack technique from the codebase 2021-09-17 14:19:42 +03:00
Ilija Lazoroski 525a112eaa UI: Update npm version to 7.24.0 2021-09-17 12:27:57 +02:00
Ilija Lazoroski 43b1201751 UI: Update node dependencies using npm audit fix 2021-09-17 11:43:00 +02:00
VakarisZ a93d6361a3 Docs: fix broken scenario link in homepage_shortcuts.html 2021-09-16 14:46:31 +03:00
Mike Salvatore 64c9ccaf46
Merge pull request #1467 from guardicore/1205/modify-build-scripts-deployment 
Add deployment type to the build_scripts
 2021-09-15 10:31:33 -04:00
VakarisZ cfff225ad6 Change the docker and appImage deployment scripts to not alter the deployment string if no deployment argument is passed 2021-09-15 15:52:53 +03:00
Ilija Lazoroski c4ab6f4362 Build_scripts: Add deployment type to the build_scripts 2021-09-15 14:38:07 +02:00
Mike Salvatore 7ebe9e8ee2 Build: Upgrade AppImage Python version to 3.7.12 2021-09-15 08:08:47 -04:00
Mike Salvatore 60e34636ec UI: Fix stupid typo in the attack section of the ransomware report 2021-09-14 12:50:39 -04:00
Mike Salvatore 1d991be6b4 Update CHANGELOG.md 2021-09-14 12:30:43 -04:00