forked from p15670423/monkey
Agent: Use frozenset for zerologon event tags
This commit is contained in:
parent
74b9dd58fc
commit
69e1f21312
|
@ -36,11 +36,13 @@ T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
|
||||||
T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
|
T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
|
||||||
|
|
||||||
|
|
||||||
ZEROLOGON_EVENT_TAGS = {
|
ZEROLOGON_EVENT_TAGS = frozenset(
|
||||||
|
{
|
||||||
ZEROLOGON_EXPLOITER_TAG,
|
ZEROLOGON_EXPLOITER_TAG,
|
||||||
T1003_ATTACK_TECHNIQUE_TAG,
|
T1003_ATTACK_TECHNIQUE_TAG,
|
||||||
T1098_ATTACK_TECHNIQUE_TAG,
|
T1098_ATTACK_TECHNIQUE_TAG,
|
||||||
}
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class ZerologonExploiter(HostExploiter):
|
class ZerologonExploiter(HostExploiter):
|
||||||
|
@ -306,7 +308,7 @@ class ZerologonExploiter(HostExploiter):
|
||||||
|
|
||||||
def _publish_credentials_stolen_event(self, extracted_credentials: Sequence[Credentials]):
|
def _publish_credentials_stolen_event(self, extracted_credentials: Sequence[Credentials]):
|
||||||
credentials_stolen_event = CredentialsStolenEvent(
|
credentials_stolen_event = CredentialsStolenEvent(
|
||||||
tags=(ZEROLOGON_EVENT_TAGS),
|
tags=ZEROLOGON_EVENT_TAGS,
|
||||||
stolen_credentials=extracted_credentials,
|
stolen_credentials=extracted_credentials,
|
||||||
)
|
)
|
||||||
self.event_queue.publish(credentials_stolen_event)
|
self.event_queue.publish(credentials_stolen_event)
|
||||||
|
|
Loading…
Reference in New Issue