VakarisZ
f7e0b4fef1
Zoo: add missing tunneling-12 image definition to terraform scripts
2021-10-07 13:55:48 +03:00
Mike Salvatore
c3ea714977
Merge pull request #1514 from guardicore/pba-attack-telemetry
...
Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same
2021-10-06 12:12:28 -04:00
Shreya Malviya
5be841d08a
island: For ATT&CK techniques mapped to PBAs, consider hostname and IP
...
of the first entry in the PBA's results
2021-10-06 19:27:32 +05:30
Shreya Malviya
f7e37b0767
CHANGELOG: Add entry for bugix that wrongly reported the "`.bash_profile` and `.bashrc`" technique
2021-10-06 19:27:29 +05:30
Shreya Malviya
f347088412
CHANGELOG: Add entry for ATT&CK report telemetry bugfix
2021-10-06 16:05:58 +05:30
Shreya Malviya
c51f80ea3a
tests: Modify post breach telem's unit test
2021-10-06 15:58:23 +05:30
Shreya Malviya
e4f5f08a66
island: Remove unneeded mongo queries in ATT&CK techniques maped to PBAs
2021-10-06 14:50:10 +05:30
Shreya Malviya
81252e2b6a
island: When generating ATT&CK report for techniques mapped to PBAs, check telem event's OS and technique's relevant systems
2021-10-06 14:46:17 +05:30
Shreya Malviya
cccdf7f6c3
agent: Send OS info in post breach telem
2021-10-06 14:42:26 +05:30
Ilija Lazoroski
e80662f7f8
Agent: Check for empty result in Modify shell files
2021-10-05 10:39:50 -04:00
VakarisZ
0a4973a66e
Merge pull request #1512 from guardicore/mimikatz_collector_fix
...
Mimikatz collector fix
2021-10-05 17:17:39 +03:00
VakarisZ
bc422128f5
Monkey: add CHANGELOG.md entry about fixed Mimikatz credential collector when Azure credential collector is disabled
2021-10-05 17:16:51 +03:00
VakarisZ
bbda934082
Monkey: include credential key into info dict of InfoCollector class
...
This change cleans up the code because the info collectors can just add credentials to the info dictionary without explicitly checking if the key already exists
2021-10-05 16:04:02 +03:00
Shreya Malviya
19765c7021
Merge pull request #1508 from guardicore/encryptor-with-utf8-chars
...
Change KeyBasedEncryptor's padding
2021-10-05 14:18:11 +05:30
Shreya Malviya
19dad89468
CHANGELOG: Add entry for encryptor not working with utf-8 characters bugfix
2021-10-05 12:31:17 +05:30
Shreya Malviya
f2b632e46a
tests: Add KeyBasedEcnryptor unit test for plaintext which is a multiple of block size in length
2021-10-05 12:31:17 +05:30
Shreya Malviya
06778b7525
island: Remove thin wrappers for padding in KeyBasedEncryptor, call inline
2021-10-05 12:31:17 +05:30
Shreya Malviya
f1b9683617
tests: Use pytest's parametrize for KeyBasedEncryptor's unit tests
2021-10-05 12:31:17 +05:30
Shreya Malviya
f6b1330982
tests: Add test cases for KeyBasedEncryptor's tests
2021-10-05 12:31:17 +05:30
Shreya Malviya
404228b04c
island: Modify KeyBasedEncryptor to get rid of redundant encoding and decoding
2021-10-05 12:31:17 +05:30
Shreya Malviya
fc1affc0e7
island: Change KeyBasedEncryptor's padding functions to use Crypto.Util.Padding
2021-10-05 12:31:17 +05:30
Shreya Malviya
3ab660b8fe
tests: Add unit tests for key based encryptor
2021-10-05 12:31:16 +05:30
VakarisZ
af99482a4a
Merge pull request #1506 from guardicore/mongo_key_encryption
...
Mongo key encryption
2021-10-04 15:10:12 +03:00
VakarisZ
ddff2f0aa4
Refactor a couple of imports into a shorter import statement
2021-10-04 14:59:26 +03:00
VakarisZ
3b5dd6ac3e
Remove database initialization during island startup
...
Database initialization can not be done because island doesn't know the key needed for encrypting collections. Since the key only appears after registration, database setup also should happen only after registration
2021-10-04 14:23:50 +03:00
VakarisZ
a2b09a9e7a
Fix unit tests for data store encryptor
2021-10-04 14:21:07 +03:00
VakarisZ
ea6fe37b44
Fix scoutsuite unit test to use updated datastore encryptor interface
2021-10-04 12:13:55 +03:00
VakarisZ
3ec26bcef8
Refactor data store encryptor to IEncryptor interface, move data store encryptor creation related code to data_store_encryptor.py, move the reponsibility to initialize data store encryptor to AuthenticationService
2021-10-04 12:03:30 +03:00
VakarisZ
34d065ce69
Move encryptors into a separate folder
...
This separates encryptor classes from other encryption related infrastructure that we have cc\server_utils\encryption
2021-10-04 11:09:42 +03:00
VakarisZ
9d6dc3b026
Move all encryptor building related code to encryptor_factory.py from data_store_encryptor.py
2021-10-01 17:33:55 +03:00
Mike Salvatore
2adf5a7f64
Merge pull request #1503 from guardicore/629/ship-db-with-attack-mitigations
...
Ship database with attack mitigations
2021-10-01 09:01:35 -04:00
Mike Salvatore
4ef0f542b8
Docs: Add description of Attack Mitigations
2021-10-01 09:00:32 -04:00
VakarisZ
26ba02a1d0
Refactor get_credentials_from_request to get_username_password_from_request
...
This better indicates that get_username_password_from_request returns a username/password pair rather than UserCreds structure
2021-10-01 15:33:46 +03:00
VakarisZ
da169dddc9
Refactor DataStoreEncryptor by splitting up initialization related methods into EncryptorFactory
...
This makes encryptor initialization workflow more straight-forward and the files become smaller, easier to read
2021-10-01 15:24:48 +03:00
Mike Salvatore
9436f5f5e1
Island: Remove stix2 dependency
2021-10-01 07:55:33 -04:00
VakarisZ
b2bbb62bdd
Add CHANGELOG.md entry for #1463 (Encrypt the database key with user's credentials.)
2021-10-01 12:48:08 +03:00
VakarisZ
ddae09278e
Refactor test_data_store_encryptor.py to use (path / to / file).isfile() syntax to check for presence of files
2021-10-01 12:44:05 +03:00
VakarisZ
4cbed6dce9
Fix typos and rename files/classes related to data store encryptor. Change PasswordBasedBytesEncryptor interface to use bytes instead of io.BytesIO
2021-10-01 12:34:21 +03:00
VakarisZ
e280c4fb5a
Move data store encryptor secret generation into the data store encryptor from credential_utils.py
2021-10-01 11:58:32 +03:00
VakarisZ
f97ec4e9ed
Implement data store encryptor key removal on registration and unit tests for data store encryptor
...
Data store key needs to be deleted upon registration to create a new one.
2021-10-01 11:26:43 +03:00
Mike Salvatore
2f88de6f08
Build: Fix AppImage package version
2021-09-30 15:41:37 -04:00
Mike Salvatore
2d701e45df
Build: Set PYTHONNOUSERSITE in AppRun
...
Fixes #1500
2021-09-30 15:39:17 -04:00
Mike Salvatore
c30d5721f2
Island: Fix formatting of database_initializer.py
2021-09-30 14:08:29 -04:00
Mike Salvatore
fef6350871
Tests: Reduced code duplication in database initializer tests
2021-09-30 13:13:26 -04:00
Mike Salvatore
f0c25b4b5e
Docs: Add steps to attack mitigations dump script documentation
2021-09-30 18:03:28 +02:00
Mike Salvatore
0a3488b680
Deployment: Add requirements.txt for attack mitigations dump script
2021-09-30 18:03:28 +02:00
Mike Salvatore
6e92c84f89
Docs: Move attack mitigations from reference -> development
2021-09-30 18:03:28 +02:00
Ilija Lazoroski
43471c6553
Island: Fix typing error in island spec
2021-09-30 18:03:28 +02:00
Ilija Lazoroski
77c51497d0
docs: Add attack mitigations documentation
2021-09-30 18:03:28 +02:00
Ilija Lazoroski
1ed6fed164
Island: Remove attack_data submodule
2021-09-30 18:03:28 +02:00