Merge remote-tracking branch 'origin/develop' into 669/drupal
|
@ -1,29 +1,32 @@
|
||||||
---
|
---
|
||||||
name: 🐛 Bug report
|
name: "\U0001F41B Bug report"
|
||||||
about: Create a report to help us fix things!
|
about: Create a report to help us fix things!
|
||||||
|
title: ''
|
||||||
---
|
labels: Bug
|
||||||
|
assignees: ''
|
||||||
<!--
|
|
||||||
Thank you for reporting a bug to make Infection Monkey better.
|
---
|
||||||
|
|
||||||
Please fill in as much of the template below as you're able.
|
<!--
|
||||||
-->
|
Thank you for reporting a bug to make Infection Monkey better.
|
||||||
|
|
||||||
## Describe the bug
|
Please fill in as much of the template below as you're able.
|
||||||
A clear and concise description of what the bug is.
|
-->
|
||||||
|
|
||||||
## To Reproduce
|
## Describe the bug
|
||||||
Steps to reproduce the behavior:
|
A clear and concise description of what the bug is.
|
||||||
1. Configure the Monkey with X settings
|
|
||||||
2. Run the monkey on specific machine
|
## To Reproduce
|
||||||
3. See error
|
Steps to reproduce the behavior:
|
||||||
|
1. Configure the Monkey with X settings
|
||||||
## Expected behavior
|
2. Run the monkey on specific machine
|
||||||
A description of what you expected to happen.
|
3. See error
|
||||||
|
|
||||||
## Screenshots
|
## Expected behavior
|
||||||
If applicable, add screenshots to help explain your problem.
|
A description of what you expected to happen.
|
||||||
|
|
||||||
## Machine version (please complete the following information):
|
## Screenshots
|
||||||
- OS: Windows or Linux
|
If applicable, add screenshots to help explain your problem.
|
||||||
|
|
||||||
|
## Machine version (please complete the following information):
|
||||||
|
- OS: Windows or Linux
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
name: "\U0001F4C3 Documentation request"
|
||||||
|
about: Suggest additions or fixes to our documentation hub!
|
||||||
|
title: ''
|
||||||
|
labels: Documentation
|
||||||
|
assignees: ''
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Documentation request
|
||||||
|
|
||||||
|
<!-- Choose: adding a new page, or edit existing content. -->
|
||||||
|
|
||||||
|
### Add a new page 🆕
|
||||||
|
|
||||||
|
**What documentation you'd like us to add?**
|
||||||
|
Put suggestion here.
|
||||||
|
|
||||||
|
**Where in the documentation tree?**
|
||||||
|
Put section here.
|
||||||
|
|
||||||
|
### Edit existing content 📝
|
||||||
|
|
||||||
|
**Which page(s) do you want us to edit?**
|
||||||
|
Put link here.
|
||||||
|
|
||||||
|
**What do you think should be changed?**
|
||||||
|
Put requested changes here.
|
|
@ -1,6 +1,9 @@
|
||||||
---
|
---
|
||||||
name: "\U0001F680 Feature request"
|
name: "\U0001F680 Feature request"
|
||||||
about: Suggest an idea for this project
|
about: Suggest an idea for this project
|
||||||
|
title: ''
|
||||||
|
labels: Feature
|
||||||
|
assignees: ''
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -17,4 +20,4 @@ Please describe the problem you are trying to solve.
|
||||||
Please describe the desired behavior.
|
Please describe the desired behavior.
|
||||||
|
|
||||||
**Describe alternatives you've considered**
|
**Describe alternatives you've considered**
|
||||||
Please describe alternative solutions or features you have considered.
|
Please describe alternative solutions or features you have considered.
|
||||||
|
|
|
@ -90,3 +90,9 @@ profiler_logs/
|
||||||
|
|
||||||
# vim swap files
|
# vim swap files
|
||||||
*.swp
|
*.swp
|
||||||
|
|
||||||
|
# Server config might contain credentials. Don't commit by default.
|
||||||
|
/monkey/monkey_island/cc/server_config.json
|
||||||
|
|
||||||
|
# Virtualenv
|
||||||
|
venv/
|
||||||
|
|
|
@ -2,3 +2,6 @@
|
||||||
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
|
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
|
||||||
path = monkey/monkey_island/cc/services/attack/attack_data
|
path = monkey/monkey_island/cc/services/attack/attack_data
|
||||||
url = https://github.com/guardicore/cti
|
url = https://github.com/guardicore/cti
|
||||||
|
[submodule "docs/themes/learn"]
|
||||||
|
path = docs/themes/learn
|
||||||
|
url = https://github.com/ShayNehmad/hugo-theme-learn.git
|
||||||
|
|
21
.travis.yml
|
@ -18,10 +18,14 @@ os: linux
|
||||||
|
|
||||||
install:
|
install:
|
||||||
# Python
|
# Python
|
||||||
|
- pip freeze
|
||||||
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
|
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
|
||||||
- pip install flake8 pytest dlint # for next stages
|
- pip install flake8 pytest dlint # for next stages
|
||||||
- pip install coverage # for code coverage
|
- pip install coverage # for code coverage
|
||||||
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
|
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
|
||||||
|
- pip install pipdeptree
|
||||||
|
# Fail builds on possible conflicting dependencies.
|
||||||
|
- pipdeptree --warn fail
|
||||||
|
|
||||||
# node + npm + eslint
|
# node + npm + eslint
|
||||||
- node --version
|
- node --version
|
||||||
|
@ -33,6 +37,17 @@ install:
|
||||||
- node --version
|
- node --version
|
||||||
- npm --version
|
- npm --version
|
||||||
|
|
||||||
|
# linuxbrew (for hugo)
|
||||||
|
- git clone https://github.com/Homebrew/brew ~/.linuxbrew/Homebrew
|
||||||
|
- mkdir ~/.linuxbrew/bin
|
||||||
|
- ln -s ~/.linuxbrew/Homebrew/bin/brew ~/.linuxbrew/bin
|
||||||
|
- eval $(~/.linuxbrew/bin/brew shellenv)
|
||||||
|
|
||||||
|
# hugo (for documentation)
|
||||||
|
- brew install hugo
|
||||||
|
# print hugo version (useful for debugging documentation build errors)
|
||||||
|
- hugo version
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
# Set the server config to `testing`. This is required for for the UTs to pass.
|
# Set the server config to `testing`. This is required for for the UTs to pass.
|
||||||
- python monkey/monkey_island/cc/set_server_config.py testing
|
- python monkey/monkey_island/cc/set_server_config.py testing
|
||||||
|
@ -65,9 +80,13 @@ script:
|
||||||
- cd monkey_island/cc/ui
|
- cd monkey_island/cc/ui
|
||||||
- npm ci # See https://docs.npmjs.com/cli/ci.html
|
- npm ci # See https://docs.npmjs.com/cli/ci.html
|
||||||
- eslint ./src --quiet # Test for errors
|
- eslint ./src --quiet # Test for errors
|
||||||
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=490
|
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=70
|
||||||
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
|
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
|
||||||
|
|
||||||
|
# Build documentation
|
||||||
|
- cd $TRAVIS_BUILD_DIR/docs
|
||||||
|
- hugo --verbose --environment staging
|
||||||
|
|
||||||
after_success:
|
after_success:
|
||||||
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
|
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
|
||||||
- bash <(curl -s https://codecov.io/bash)
|
- bash <(curl -s https://codecov.io/bash)
|
||||||
|
|
|
@ -29,8 +29,6 @@ $TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
|
||||||
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
||||||
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
||||||
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
|
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
|
||||||
$MK32_DLL = "mk32.zip"
|
|
||||||
$MK64_DLL = "mk64.zip"
|
|
||||||
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
||||||
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
||||||
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
|
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
|
||||||
|
@ -44,6 +42,4 @@ $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2012plu
|
||||||
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
|
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
|
||||||
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
||||||
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
|
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
|
||||||
$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip"
|
|
||||||
$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip"
|
|
||||||
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
|
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
|
||||||
|
|
|
@ -226,20 +226,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
Remove-Item $TEMP_UPX_ZIP
|
Remove-Item $TEMP_UPX_ZIP
|
||||||
}
|
}
|
||||||
|
|
||||||
# Download mimikatz binaries
|
|
||||||
$mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL
|
|
||||||
if (!(Test-Path -Path $mk32_path))
|
|
||||||
{
|
|
||||||
"Downloading mimikatz 32 binary"
|
|
||||||
$webClient.DownloadFile($MK32_DLL_URL, $mk32_path)
|
|
||||||
}
|
|
||||||
$mk64_path = Join-Path -Path $binDir -ChildPath $MK64_DLL
|
|
||||||
if (!(Test-Path -Path $mk64_path))
|
|
||||||
{
|
|
||||||
"Downloading mimikatz 64 binary"
|
|
||||||
$webClient.DownloadFile($MK64_DLL_URL, $mk64_path)
|
|
||||||
}
|
|
||||||
|
|
||||||
# Download sambacry binaries
|
# Download sambacry binaries
|
||||||
$samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR
|
$samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR
|
||||||
$samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME
|
$samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
/public/
|
||||||
|
/resources/_gen/
|
|
@ -0,0 +1,5 @@
|
||||||
|
# Monkey documentation
|
||||||
|
|
||||||
|
This folder contains the Monkey Documentation site.
|
||||||
|
|
||||||
|
For more information see `content/development/contribute-documentation.md`.
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
title: "{{ replace .Name "-" " " | title }}"
|
||||||
|
date: {{ .Date }}
|
||||||
|
draft: true
|
||||||
|
---
|
||||||
|
|
|
@ -0,0 +1,69 @@
|
||||||
|
# when deploying to prod, use baseURL = "https://www.guardicore.com/infectionmonkey/docs"
|
||||||
|
# baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
|
||||||
|
baseURL = ""
|
||||||
|
languageCode = "en-us"
|
||||||
|
title = "Guardicore Infection Monkey - Documentation Hub"
|
||||||
|
|
||||||
|
theme = "learn"
|
||||||
|
|
||||||
|
[params]
|
||||||
|
# Change default color scheme with a variant one. See it in the themes folder.
|
||||||
|
themeVariant = "monkey"
|
||||||
|
# Prefix URL to edit current page. Will display an "Edit this page" button on top right hand corner of every page.
|
||||||
|
editURL = "https://github.com/guardicore/monkey/edit/develop/docs/content/"
|
||||||
|
# Author of the site, will be used in meta information
|
||||||
|
author = "Guardicore"
|
||||||
|
# Description of the site, will be used in meta information
|
||||||
|
description = "Guardicore Infection Monkey - Documentation hub"
|
||||||
|
# Shows a checkmark for visited pages on the menu
|
||||||
|
showVisitedLinks = false
|
||||||
|
# Disable search function. It will hide search bar
|
||||||
|
disableSearch = false
|
||||||
|
# Javascript and CSS cache are automatically busted when new version of site is generated.
|
||||||
|
# Set this to true to disable this behavior (some proxies don't handle well this optimization)
|
||||||
|
disableAssetsBusting = false
|
||||||
|
# Set this to true to disable copy-to-clipboard button for inline code.
|
||||||
|
disableInlineCopyToClipBoard = false
|
||||||
|
# A title for shortcuts in menu is set by default. Set this to true to disable it.
|
||||||
|
disableShortcutsTitle = false
|
||||||
|
# When using mulitlingual website, disable the switch language button.
|
||||||
|
disableLanguageSwitchingButton = false
|
||||||
|
# Hide breadcrumbs in the header and only show the current page title
|
||||||
|
disableBreadcrumb = false
|
||||||
|
# Hide Next and Previous page buttons normally displayed full height beside content
|
||||||
|
disableNextPrev = true
|
||||||
|
# Order sections in menu by "weight" or "title". Default to "weight"
|
||||||
|
ordersectionsby = "weight"
|
||||||
|
# Provide a list of custom css files to load relative from the `static/` folder in the site root.
|
||||||
|
custom_css = ["css/labels.css", "css/shadow_around_images.css"]
|
||||||
|
|
||||||
|
[outputs]
|
||||||
|
home = ["HTML", "RSS", "JSON"]
|
||||||
|
|
||||||
|
[[menu.shortcuts]]
|
||||||
|
name = "<i class='fas fa-home'></i> Homepage"
|
||||||
|
identifier = "homepage"
|
||||||
|
url = "https://infectionmonkey.com"
|
||||||
|
weight = 10
|
||||||
|
|
||||||
|
[[menu.shortcuts]]
|
||||||
|
name = "<i class='fab fa-github'></i> GitHub"
|
||||||
|
identifier = "github"
|
||||||
|
url = "https://github.com/guardicore/monkey"
|
||||||
|
weight = 20
|
||||||
|
|
||||||
|
[[menu.shortcuts]]
|
||||||
|
name = "<i class='fab fa-slack'></i> Slack"
|
||||||
|
identifier = "slack"
|
||||||
|
url = "https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU"
|
||||||
|
weight = 30
|
||||||
|
|
||||||
|
[[menu.shortcuts]]
|
||||||
|
name = "<i class='fas fa-inbox'></i> Email"
|
||||||
|
identifier = "email"
|
||||||
|
url = "mailto:support@infectionmonkey.com"
|
||||||
|
weight = 40
|
||||||
|
|
||||||
|
# Enables raw html in markdown.
|
||||||
|
[markup.goldmark.renderer]
|
||||||
|
unsafe = true
|
|
@ -0,0 +1,2 @@
|
||||||
|
baseURL = "https://www.guardicore.com/infectionmonkey/docs"
|
||||||
|
canonifyURLs = true
|
|
@ -0,0 +1,2 @@
|
||||||
|
baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
|
||||||
|
canonifyURLs = true
|
|
@ -0,0 +1,154 @@
|
||||||
|
---
|
||||||
|
title: "FAQ"
|
||||||
|
date: 2020-06-18T15:11:52+03:00
|
||||||
|
draft: false
|
||||||
|
pre: "<i class='fas fa-question'></i> "
|
||||||
|
---
|
||||||
|
|
||||||
|
Here are some of the most common questions we receive about the Infection Monkey. If the answer you’re looking for isn’t here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
|
||||||
|
|
||||||
|
- [Where can I get the latest Monkey version? 📰](#where-can-i-get-the-latest-monkey-version)
|
||||||
|
- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
|
||||||
|
- [Should I run the Monkey continuously?](#should-i-run-the-monkey-continuously)
|
||||||
|
- [Which queries does Monkey perform to the Internet exactly?](#which-queries-does-monkey-perform-to-the-internet-exactly)
|
||||||
|
- [Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?](#where-can-i-find-the-log-files-of-the-monkey-and-the-monkey-island-and-how-can-i-read-them)
|
||||||
|
- [Monkey Island](#monkey-island)
|
||||||
|
- [Monkey agent](#monkey-agent)
|
||||||
|
- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
|
||||||
|
- [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
|
||||||
|
- [What’s the Monkey’s impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
|
||||||
|
- [Is it safe to use real passwords and usernames in the Monkey’s configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
|
||||||
|
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
|
||||||
|
- [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
|
||||||
|
- [After I’ve set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
|
||||||
|
- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
|
||||||
|
- [The report returns a blank screen](#the-report-returns-a-blank-screen)
|
||||||
|
- [How can I get involved with the project? 👩💻👨💻](#how-can-i-get-involved-with-the-project)
|
||||||
|
|
||||||
|
## Where can I get the latest Monkey version? 📰
|
||||||
|
|
||||||
|
For the latest **stable** release for users, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
|
||||||
|
|
||||||
|
If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
|
||||||
|
|
||||||
|
## How long does a single Monkey run for? Is there a time limit?
|
||||||
|
|
||||||
|
The Monkey shuts off either when it can't find new victims, or when it has exceeded the quota of victims as defined in the configuration.
|
||||||
|
|
||||||
|
## Should I run the Monkey continuously?
|
||||||
|
|
||||||
|
Yes! This will allow you to verify that no new security issues were identified by the Monkey since the last time you ran it.
|
||||||
|
|
||||||
|
Does the Infection Monkey require a connection to the Internet?
|
||||||
|
|
||||||
|
The Infection Monkey does not require internet access to function.
|
||||||
|
|
||||||
|
If internet access is available, the Monkey will use the Internet for two purposes:
|
||||||
|
|
||||||
|
- To check for updates.
|
||||||
|
- To check if machines can reach the internet.
|
||||||
|
|
||||||
|
### Which queries does Monkey perform to the Internet exactly?
|
||||||
|
|
||||||
|
The Monkey performs queries out to the Internet on two separate occasions:
|
||||||
|
|
||||||
|
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `updates.infectionmonkey.com` and `www.google.com`. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
|
||||||
|
1. After installation of the Monkey Island, the Monkey Island sends a request to check for updates. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g. Windows Server, Debian Package, AWS Marketplace, etc.) and the server's version (e.g. "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However due to the anonymous nature of this data we use this to get an aggregate assumption as to how many deployments we see over a specific time period - no "personal" tracking.
|
||||||
|
|
||||||
|
## Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?
|
||||||
|
|
||||||
|
### Monkey Island
|
||||||
|
|
||||||
|
The Monkey Island’s log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
|
||||||
|
|
||||||
|
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
|
||||||
|
|
||||||
|
It can also be found as a local file on the Monkey Island server, where the Monkey Island was executed, called `info.log`.
|
||||||
|
|
||||||
|
The log enables you to see which requests were requested from the server, and extra logs from the backend logic. The log will contain entries like these ones for example:
|
||||||
|
|
||||||
|
```log
|
||||||
|
2019-07-23 10:52:23,927 - wsgi.py:374 - _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
|
||||||
|
2019-07-23 10:52:23,989 - client_run.py:23 - get() - INFO - Monkey is not running
|
||||||
|
2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
|
||||||
|
```
|
||||||
|
|
||||||
|
### Monkey agent
|
||||||
|
|
||||||
|
The Monkey log file can be found in the following paths on machines where it was executed:
|
||||||
|
|
||||||
|
- Path on Linux: `/tmp/user-1563`
|
||||||
|
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||||
|
|
||||||
|
The logs contain information about the internals of the Monkey’s execution. The log will contain entries like these ones for example:
|
||||||
|
|
||||||
|
```log
|
||||||
|
2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
|
||||||
|
2019-07-22 19:16:44,231 [77598:140654230214464:INFO] monkey.initialize.54: Monkey is initializing...
|
||||||
|
2019-07-22 19:16:44,231 [77598:140654230214464:DEBUG] system_singleton.try_lock.95: Global singleton mutex '{2384ec59-0df8-4ab9-918c-843740924a28}' acquired
|
||||||
|
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] monkey.initialize.81: Added default server: 10.15.1.96:5000
|
||||||
|
2019-07-22 19:16:44,234 [77598:140654230214464:INFO] monkey.start.87: Monkey is running...
|
||||||
|
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] control.find_server.65: Trying to wake up with Monkey Island servers list: ['10.15.1.96:5000', '192.0.2.0:5000']
|
||||||
|
2019-07-22 19:16:44,235 [77598:140654230214464:DEBUG] control.find_server.78: Trying to connect to server: 10.15.1.96:5000
|
||||||
|
2019-07-22 19:16:44,238 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): 10.15.1.96:5000
|
||||||
|
2019-07-22 19:16:44,249 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://10.15.1.96:5000 "GET /api?action=is-up HTTP/1.1" 200 15
|
||||||
|
2019-07-22 19:16:44,253 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): updates.infectionmonkey.com:443
|
||||||
|
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
|
||||||
|
```
|
||||||
|
|
||||||
|
## Running the Monkey in a production environment
|
||||||
|
|
||||||
|
### How much of a footprint does the Monkey leave?
|
||||||
|
|
||||||
|
The Monkey leaves hardly any trace on the target system. It will leave:
|
||||||
|
|
||||||
|
- Log files in the following locations:
|
||||||
|
- Path on Linux: `/tmp/user-1563`
|
||||||
|
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||||
|
|
||||||
|
### What’s the Monkey’s impact on system resources usage?
|
||||||
|
|
||||||
|
The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
|
||||||
|
|
||||||
|
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
|
||||||
|
|
||||||
|
### Is it safe to use real passwords and usernames in the Monkey’s configuration?
|
||||||
|
|
||||||
|
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
|
||||||
|
|
||||||
|
We advise to limit access to the Monkey Island server by following our [password protection guide](../usage/island/password-guide).
|
||||||
|
|
||||||
|
### How do you store sensitive information on Monkey Island?
|
||||||
|
|
||||||
|
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island’s database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
|
||||||
|
|
||||||
|
When you reset the Monkey Island configuration, the Monkey Island wipes the information.
|
||||||
|
|
||||||
|
### How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?
|
||||||
|
|
||||||
|
The Monkey does not use any exploits or attacks that may impact the victim system.
|
||||||
|
|
||||||
|
This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we aren’t using it.
|
||||||
|
|
||||||
|
## After I’ve set up Monkey Island, how can I execute the Monkey?
|
||||||
|
|
||||||
|
See our detailed [getting started](../content/usage/getting-started) guide.
|
||||||
|
|
||||||
|
## How can I make the monkey propagate “deeper” into the network?
|
||||||
|
|
||||||
|
If you wish to simulate a very “deep” attack into your network, you can try to increase the *propagation depth* parameter in the configuration. This parameter tells the Monkey how far to propagate into your network from the “patient zero” machine in which it was launched manually.
|
||||||
|
|
||||||
|
To do this, change the “Distance from Island” parameter in the “Basic - Network” tab of the configuration:
|
||||||
|
|
||||||
|
![How to increase propagation depth](/images/faq/prop_depth.png "How to increase propagation depth")
|
||||||
|
|
||||||
|
## The report returns a blank screen
|
||||||
|
|
||||||
|
This is sometimes caused when Monkey Island is installed with an old version of MongoDB. Make sure your MongoDB version is up to date using the `mongod --version` command on Linux or the `mongod -version` command on Windows. If your version is older than **4.0.10**, this might be the problem. To update your Mongo version:
|
||||||
|
|
||||||
|
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/).
|
||||||
|
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of mongodb using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Island again and everything should work.
|
||||||
|
|
||||||
|
## How can I get involved with the project? 👩💻👨💻
|
||||||
|
|
||||||
|
The Monkey is an open-source project, and we weclome contributions and contributors. Check out the [contribution documentation](../development) for more information.
|
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
title: "Infection Monkey Documentation Hub"
|
||||||
|
date: 2020-05-26T18:15:37+03:00
|
||||||
|
draft: false
|
||||||
|
---
|
||||||
|
|
||||||
|
# Infection Monkey documentation hub
|
||||||
|
|
||||||
|
{{< homepage_shortcuts >}}
|
||||||
|
|
||||||
|
## What is Guardicore Infection Monkey?
|
||||||
|
|
||||||
|
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island Command and Control server.
|
||||||
|
|
||||||
|
![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
|
||||||
|
|
||||||
|
The Infection Monkey is comprised of two parts:
|
||||||
|
|
||||||
|
* Monkey - A tool which infects other machines and propagates to them.
|
||||||
|
* Monkey Island - A dedicated UI to visualize the Infection Monkey's progress inside the data center.
|
||||||
|
|
||||||
|
To read more about the Monkey and download it, visit [our homepage](https://infectionmonkey.com/).
|
||||||
|
|
||||||
|
## Getting Started
|
||||||
|
|
||||||
|
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides](setup), and read our [getting started guide](usage/getting-started) for a quick-start on Monkey!
|
||||||
|
|
||||||
|
## Support and community
|
||||||
|
|
||||||
|
If you need help or want to talk all things Monkey, you can [join our public Slack workspace](https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU) or [contact us via Email](mailto:support@infectionmonkey.com).
|
|
@ -0,0 +1,43 @@
|
||||||
|
+++
|
||||||
|
title = "Contribute"
|
||||||
|
date = 2020-05-26T20:55:04+03:00
|
||||||
|
weight = 30
|
||||||
|
chapter = true
|
||||||
|
pre = '<i class="fas fa-code"></i> '
|
||||||
|
tags = ["development", "contribute"]
|
||||||
|
+++
|
||||||
|
|
||||||
|
# Securing networks together
|
||||||
|
|
||||||
|
Want to help secure networks? That's great!
|
||||||
|
|
||||||
|
## How should I start?
|
||||||
|
|
||||||
|
Here's a few short links to help you get started.
|
||||||
|
|
||||||
|
* [Getting up and running](../setup-development-environment) - To help you get a working development setup.
|
||||||
|
* [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - Some guidelines to help you submit.
|
||||||
|
|
||||||
|
## What are we looking for?
|
||||||
|
|
||||||
|
You can take a look at [our roadmap](https://github.com/guardicore/monkey/projects/5) to see what issues we're thinking about doing soon. We are looking for:
|
||||||
|
|
||||||
|
### More exploits! 💥
|
||||||
|
|
||||||
|
The best way to find weak spots in the network is by attacking it. The [Exploit template](https://github.com/guardicore/monkey/wiki/Exploit-templates) page will help you add exploits.
|
||||||
|
|
||||||
|
It's important to note that the Infection Monkey must be perfectly reliable otherwise no one will use it, so avoid memory corruption exploits _unless they're rock solid_ and focus on the logical vulns such as Shellshock.
|
||||||
|
|
||||||
|
### Analysis plugins 🔬
|
||||||
|
|
||||||
|
Successfully attacking every server in the network is no good unless the Monkey can explain how to prevent the attack. Whether it's detecting when the Monkey is using stolen credentials or when the Monkey can escape locked down networks, this is the part that actually helps secure different parts.
|
||||||
|
|
||||||
|
### Better code 💪
|
||||||
|
|
||||||
|
We always want to improve the core Monkey code, to make it smaller, faster and more reliable. If you have an idea of how to do it, or just want to modularise/improve test coverage for the code, do share!
|
||||||
|
|
||||||
|
### Documentation 📚
|
||||||
|
|
||||||
|
Every project requires better documentation. The Monkey is no different, so feel free to open PRs with suggestions, improvements or issues asking us to document different parts of the Monkey.
|
||||||
|
|
||||||
|
The Monkey's documentation is stored in the `/docs/content` directory.
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: "Adding Exploits"
|
||||||
|
date: 2020-06-08T19:53:00+03:00
|
||||||
|
draft: true
|
||||||
|
---
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
title: "Adding Post Breach Actions"
|
||||||
|
date: 2020-06-08T19:53:13+03:00
|
||||||
|
draft: true
|
||||||
|
---
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
title: "Adding System Info Collectors"
|
||||||
|
date: 2020-06-09T11:03:42+03:00
|
||||||
|
draft: true
|
||||||
|
---
|
||||||
|
|
|
@ -0,0 +1,103 @@
|
||||||
|
---
|
||||||
|
title: "Contribute Documentation"
|
||||||
|
date: 2020-06-17T17:31:54+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["contribute"]
|
||||||
|
---
|
||||||
|
|
||||||
|
The `/docs` folder contains the Monkey Documentation site.
|
||||||
|
|
||||||
|
The site is based on [Hugo](https://gohugo.io/) and the [learn](https://themes.gohugo.io/theme/hugo-theme-learn/en) theme.
|
||||||
|
|
||||||
|
- [Directory Structure](#directory-structure)
|
||||||
|
- [content](#content)
|
||||||
|
- [static](#static)
|
||||||
|
- [config](#config)
|
||||||
|
- [themes](#themes)
|
||||||
|
- [layouts and archtypes](#layouts-and-archtypes)
|
||||||
|
- [public and resources](#public-and-resources)
|
||||||
|
- [How to contribute](#how-to-contribute)
|
||||||
|
- [Requirements](#requirements)
|
||||||
|
- [Adding and editing content](#adding-and-editing-content)
|
||||||
|
- [Add a new page](#add-a-new-page)
|
||||||
|
- [Editing an existing page](#editing-an-existing-page)
|
||||||
|
- [Building the content](#building-the-content)
|
||||||
|
- [Serve the documentation locally](#serve-the-documentation-locally)
|
||||||
|
- [Build the content for deployment](#build-the-content-for-deployment)
|
||||||
|
- [Troubleshooting](#troubleshooting)
|
||||||
|
- [`Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`](#error-unable-to-locate-config-file-or-config-directory-perhaps-you-need-to-create-a-new-site)
|
||||||
|
- [`failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?](#failed-to-extract-shortcode-template-for-shortcode-children-not-found-or-theme-doesnt-seem-right)
|
||||||
|
- [CSS is missing](#css-is-missing)
|
||||||
|
|
||||||
|
## Directory Structure
|
||||||
|
|
||||||
|
By order of importance:
|
||||||
|
|
||||||
|
### content
|
||||||
|
|
||||||
|
The most important directory is `/content`: This is the directory which contains the content files. [Read this to understand how pages are organized in that folder](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/pages/).
|
||||||
|
|
||||||
|
### static
|
||||||
|
|
||||||
|
In this directory you should place images, `css` files, `js` files, and other static content the site should serve. To access that static content in a page, use something similar to this:
|
||||||
|
|
||||||
|
```markdown
|
||||||
|
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
|
||||||
|
```
|
||||||
|
|
||||||
|
### config
|
||||||
|
|
||||||
|
This folder controls a lot of parameters regarding the site generation.
|
||||||
|
|
||||||
|
### themes
|
||||||
|
|
||||||
|
This is the theme we're using. It's a submodule (so to get it you need to run `git submodule update`). It's our own fork of the [learn](https://themes.gohugo.io/hugo-theme-learn/) theme. If we want to make changes to the theme itself or pull updates from the upstream you'll do it here.
|
||||||
|
|
||||||
|
### layouts and archtypes
|
||||||
|
|
||||||
|
This directory includes custom [HTML partials](https://gohugo.io/templates/partials/), custom [shortcodes](https://gohugo.io/content-management/shortcodes/), and content templates. Best to not mess with the existing stuff here too much, but rather add new things.
|
||||||
|
|
||||||
|
### public and resources
|
||||||
|
|
||||||
|
These are the build output of `hugo` and should never be `commit`-ed to git.
|
||||||
|
|
||||||
|
## How to contribute
|
||||||
|
|
||||||
|
### Requirements
|
||||||
|
|
||||||
|
You have to [install `hugo`](https://gohugo.io/getting-started/installing/), a text editor that's good for markdown (`vscode` and `vim` are good options), and `git`.
|
||||||
|
|
||||||
|
### Adding and editing content
|
||||||
|
|
||||||
|
#### Add a new page
|
||||||
|
|
||||||
|
Run `hugo new folder/page.md`. Optionally add `--kind chapter` if this is a new chapter page. For example, `hugo new usage/getting-started.md` created the Getting Started page.
|
||||||
|
|
||||||
|
#### Editing an existing page
|
||||||
|
|
||||||
|
Edit the markdown file(s). [Here's a markdown cheatsheet](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/markdown/). If you want to add images, add them to the `static/images` folder and refer to them by name.
|
||||||
|
|
||||||
|
### Building the content
|
||||||
|
|
||||||
|
#### Serve the documentation locally
|
||||||
|
|
||||||
|
Run `hugo server -D`. The server will be available locally at `http://localhost:1313/`. You can change the content/theme and the site will refresh automatically to reflect your changes.
|
||||||
|
|
||||||
|
#### Build the content for deployment
|
||||||
|
|
||||||
|
Run `hugo --environment staging` or `hugo --environment production`. This will create a static site in the `public` directory. This directory should be ignored by `git` - **make sure you don't add and commit it by mistake!**
|
||||||
|
|
||||||
|
#### Troubleshooting
|
||||||
|
|
||||||
|
##### `Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`
|
||||||
|
|
||||||
|
What is your working directory? It should be `monkey/docs`.
|
||||||
|
|
||||||
|
##### `failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?
|
||||||
|
|
||||||
|
Have you ran `git submodule update`?
|
||||||
|
|
||||||
|
##### CSS is missing
|
||||||
|
|
||||||
|
- Make sure that you're accessing the correct URL.
|
||||||
|
- Check the `config.toml` file.
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
title: "Setting up a development environment"
|
||||||
|
date: 2020-06-08T19:53:00+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["contribute"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Deployment scripts
|
||||||
|
|
||||||
|
To setup development environment using scripts look at the readme under [`/deployment_scripts`](https://github.com/guardicore/monkey/blob/develop/deployment_scripts). If you want to setup it manually or if run into some problems, read further below.
|
||||||
|
|
||||||
|
## Agent
|
||||||
|
|
||||||
|
The Agent, (what we refer as the Monkey), is a single Python project under the [`infection_monkey`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey) folder. Built for Python 3.7, you can get it up and running by setting up a [virtual environment](https://docs.python-guide.org/dev/virtualenvs/) and inside it installing the requirements listed under [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/requirements.txt).
|
||||||
|
|
||||||
|
In order to compile the Monkey for distribution by the Monkey Island, you need to run the instructions listed in [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/readme.txt) on each supported environment.
|
||||||
|
|
||||||
|
This means setting up an environment with Linux 32/64-bit with Python installed and a Windows 64-bit machine with developer tools + 32/64-bit Python versions.
|
||||||
|
|
||||||
|
## Monkey Island
|
||||||
|
|
||||||
|
The Monkey Island is a Python backend React frontend project. Similar to the agent, the backend's requirements are listed in the matching [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/requirements.txt).
|
||||||
|
|
||||||
|
To setup a working front environment, run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/readme.txt)
|
|
@ -0,0 +1,18 @@
|
||||||
|
+++
|
||||||
|
title = "Setup"
|
||||||
|
date = 2020-05-26T20:55:04+03:00
|
||||||
|
weight = 5
|
||||||
|
chapter = true
|
||||||
|
pre = '<i class="fas fa-cogs"></i> '
|
||||||
|
tags = ["setup"]
|
||||||
|
+++
|
||||||
|
|
||||||
|
# Setting up Infection Monkey
|
||||||
|
|
||||||
|
Setting up Infection Monkey is really easy! First, you need to {{% button href="https://infectionmonkey.com/" icon="fas fa-download" %}}download the Infection Monkey from our site{{% /button %}}.
|
||||||
|
|
||||||
|
Once you've downloaded an installer, you can follow the relevant guide for your environment:
|
||||||
|
|
||||||
|
{{% children %}}
|
||||||
|
|
||||||
|
Once you're done setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
|
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
title: "AWS"
|
||||||
|
date: 2020-05-26T20:57:36+03:00
|
||||||
|
draft: false
|
||||||
|
pre: '<i class="fab fa-aws"></i> '
|
||||||
|
weight: 5
|
||||||
|
tags: ["setup", "aws"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
On the [Infection Monkey’s AWS Marketplace page](https://aws.amazon.com/marketplace/pp/GuardiCore-Infection-Monkey/B07B3J7K6D), click **Continue to Subscribe**.
|
||||||
|
|
||||||
|
1. Choose the desired region.
|
||||||
|
1. Choose an EC2 instance type with at least 1GB of RAM for optimal performance or stick with the recommended.
|
||||||
|
1. Select the VPC and subnet you want the instance to be in.
|
||||||
|
1. In the Security Group section, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
|
||||||
|
1. Choose an existing EC2 key pair for authenticating with your new instance.
|
||||||
|
1. Click **Launch with 1-click.**
|
||||||
|
|
||||||
|
At this point, AWS will instance and deploy your new machine.
|
||||||
|
|
||||||
|
When ready, you can browse to the Infection Monkey running on your fresh deployment at:
|
||||||
|
|
||||||
|
`https://{public-ip}:5000`
|
||||||
|
|
||||||
|
You will be presented a login page. Use the username **monkey**, and the new EC2 instace’s instance ID for password. You can find the instance id by going to the EC2 console and selecting your instance. It should appear in the details pane below.
|
||||||
|
|
||||||
|
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
|
||||||
|
|
||||||
|
## Integration with AWS services
|
||||||
|
|
||||||
|
The Monkey has built-in integrations with AWS services for better execution and reporting. See [Usage -> Integrations](../../usage/integrations) for more details.
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
|
||||||
|
|
||||||
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
title: "Azure"
|
||||||
|
date: 2020-05-26T20:57:39+03:00
|
||||||
|
draft: false
|
||||||
|
pre: '<i class="fab fa-microsoft"></i> '
|
||||||
|
weight: 6
|
||||||
|
tags: ["setup", "azure"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
Select [Infection Monkey from the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/guardicore.infection_monkey) and click **GET IT NOW**.
|
||||||
|
|
||||||
|
1. Under **Basics**:
|
||||||
|
1. Choose a name for your Infection Monkey instance, such as InfectionMonkey.
|
||||||
|
1. Choose a username and password or provide a SSH public key for authentication.
|
||||||
|
1. Choose a resource group and the location your instance will be deployed in.
|
||||||
|
1. Under **Size**
|
||||||
|
1. Choose a machine size with at least 1GB of RAM for optimal performance.
|
||||||
|
1. Under **Settings**
|
||||||
|
1. Choose the network the new instance will be a member of.
|
||||||
|
1. In the **Network Security Group** field, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
|
||||||
|
1. Under **Summary**
|
||||||
|
1. Review the details of the offer and click **Create**.
|
||||||
|
|
||||||
|
At this point, Azure will instance and deploy your new machine. When ready, you can browse to the Infection Monkey running on your fresh deployment at:
|
||||||
|
|
||||||
|
`https://{public-ip-address}:5000`
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
|
||||||
|
|
||||||
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,64 @@
|
||||||
|
---
|
||||||
|
title: "Debian"
|
||||||
|
date: 2020-05-26T20:57:19+03:00
|
||||||
|
draft: false
|
||||||
|
pre: '<i class="fab fa-linux"></i> '
|
||||||
|
weight: 1
|
||||||
|
disableToc: false
|
||||||
|
tags: ["setup", "debian"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
To extract the `tar.gz` file, run `tar -xvzf monkey-island-debian.tar.gz`.
|
||||||
|
|
||||||
|
To deploy the package, once you’ve extracted it, run the following commands:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo apt update
|
||||||
|
sudo dpkg -i monkey_island.deb # this might print errors
|
||||||
|
```
|
||||||
|
|
||||||
|
If at this point, dpkg printed errors that look like this:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
dpkg: error processing package gc-monkey-island (--install):
|
||||||
|
dependency problems - leaving unconfigured
|
||||||
|
Errors were encountered while processing:
|
||||||
|
gc-monkey-island
|
||||||
|
```
|
||||||
|
|
||||||
|
That just means that not all dependencies were pre-installed on your system. That’s no problem! Just run the following command, which will install all dependencies and then install the Monkey Island:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo apt install -f
|
||||||
|
```
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
### Trying to install on Ubuntu <16.04
|
||||||
|
|
||||||
|
If you’re trying to install the Monkey Island on Ubuntu 16.04 or older, you need to install the dependencies yourself, since Python 3.7 is only installable from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow the following steps:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo apt update
|
||||||
|
sudo apt-get install libcurl4-openssl-dev
|
||||||
|
sudo apt-get install software-properties-common
|
||||||
|
sudo add-apt-repository ppa:deadsnakes/ppa
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install python3.7-dev python3.7-venv python3-venv build-essential
|
||||||
|
sudo dpkg -i monkey_island.deb # this might print errors
|
||||||
|
sudo apt install -f
|
||||||
|
```
|
||||||
|
|
||||||
|
### The Monkey Island interface isn't accessible after installation
|
||||||
|
|
||||||
|
To check the status of the Monkey Island after the installation, run the following command: `sudo service monkey-island status`.
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
To upgrade when a new version comes out, download the new Monkey `.deb` file and install it. You should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After which, the installation should complete successfully.
|
||||||
|
|
||||||
|
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
||||||
|
|
||||||
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
title: "Docker"
|
||||||
|
date: 2020-05-26T20:57:28+03:00
|
||||||
|
draft: false
|
||||||
|
pre: '<i class="fab fa-docker"></i> '
|
||||||
|
weight: 4
|
||||||
|
tags: ["setup", "docker"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
|
||||||
|
|
||||||
|
Once you’ve extracted the container from the tar.gz file, run the following commands:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo docker load -i dk.monkeyisland.latest.tar
|
||||||
|
sudo docker pull mongo
|
||||||
|
sudo mkdir -p /var/monkey-mongo/data/db
|
||||||
|
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo
|
||||||
|
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.8.2
|
||||||
|
```
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
|
||||||
|
|
||||||
|
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
||||||
|
|
||||||
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
title: "VMware"
|
||||||
|
date: 2020-05-26T20:57:14+03:00
|
||||||
|
draft: false
|
||||||
|
pre: '<i class="fas fa-laptop-code"></i> '
|
||||||
|
weight: 3
|
||||||
|
tags: ["setup", "vmware"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
1. Deploy the Infection Monkey OVA by choosing Deploy OVF Template and follow the wizard instructions. *Note: make sure port 5000 and 5001 on the machine are accessible for inbound TCP traffic.*
|
||||||
|
2. Turn on the Infection Monkey VM.
|
||||||
|
3. Log in to the machine with the following credentials:
|
||||||
|
1. Username: **monkeyuser**
|
||||||
|
2. Password: **Noon.Earth.Always**
|
||||||
|
4. It's recommended to change the machine passwords by running the following commands: `sudo passwd monkeyuser`, `sudo passwd root`.
|
||||||
|
|
||||||
|
## OVA network modes
|
||||||
|
|
||||||
|
The OVA can be used in one of two modes:
|
||||||
|
|
||||||
|
1. In a network with DHCP configured. In this case, the Monkey Island will automatically query and receive an IP address from the network.
|
||||||
|
1. With a static IP address.
|
||||||
|
|
||||||
|
In this case, you should login to the VM console with
|
||||||
|
username `root` and password `G3aJ9szrvkxTmfAG`. After logging in, edit the interfaces file. You can do that by writing the following command in the prompt:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo nano /etc/network/interfaces
|
||||||
|
```
|
||||||
|
|
||||||
|
And change the lines:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
auto ens160
|
||||||
|
iface ens160 inet dhcp
|
||||||
|
```
|
||||||
|
|
||||||
|
to the following:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
auto ens160
|
||||||
|
iface ens160 inet static
|
||||||
|
address AAA.BBB.CCC.DDD
|
||||||
|
netmask XXX.XXX.XXX.XXX
|
||||||
|
gateway YYY.YYY.YYY.YYY
|
||||||
|
```
|
||||||
|
|
||||||
|
Save the changes then run the command
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo ifdown ens160 && ifup ens160
|
||||||
|
```
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
|
||||||
|
|
||||||
|
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
||||||
|
|
||||||
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
title: "Windows"
|
||||||
|
date: 2020-05-26T20:57:10+03:00
|
||||||
|
draft: false
|
||||||
|
pre: '<i class="fab fa-windows"></i> '
|
||||||
|
weight: 2
|
||||||
|
tags: ["setup", "windows"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
Run the installer, and you should be met with the following screen:
|
||||||
|
|
||||||
|
![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
|
||||||
|
|
||||||
|
1. Follow the steps of the installation.
|
||||||
|
1. Run the Monkey Island by clicking on the desktop shortcut.
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
### Missing windows update
|
||||||
|
|
||||||
|
The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) to be installed. If you’re having trouble running the installer, please make sure to install that update via Windows Update or manually from the link.
|
||||||
|
|
||||||
|
### Supported browsers
|
||||||
|
|
||||||
|
The Monkey Island supports Chrome (and Chrome-based) browsers. Some Windows Servers only have Internet Explorer installed. Make sure to use Chrome or a similar modern browser. [You can download Google Chrome from here](https://www.google.com/chrome/).
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
To upgrade, download the new installer and run it. The new Monkey version should be installed over the old one.
|
||||||
|
|
||||||
|
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
||||||
|
|
||||||
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,13 @@
|
||||||
|
+++
|
||||||
|
title = "Usage"
|
||||||
|
date = 2020-05-26T20:57:53+03:00
|
||||||
|
weight = 10
|
||||||
|
chapter = true
|
||||||
|
pre = '<i class="fas fa-users-cog"></i> '
|
||||||
|
+++
|
||||||
|
|
||||||
|
# Usage
|
||||||
|
|
||||||
|
If you're just starting with Infection Monkey, check out our [Getting Started](getting-started) page.
|
||||||
|
|
||||||
|
If you haven't downloaded Monkey yet, {{% button href="https://www.guardicore.com/infectionmonkey/#download" icon="fas fa-download" %}}Get Infection Monkey here{{% /button %}}!
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
title: "Accounts and Security"
|
||||||
|
date: 2020-06-22T15:36:56+03:00
|
||||||
|
draft: false
|
||||||
|
weight: 50
|
||||||
|
pre: "<i class='fas fa-user-lock'></i> "
|
||||||
|
tags: ["usage", "password"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Security in Infection Monkey
|
||||||
|
|
||||||
|
The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.
|
||||||
|
|
||||||
|
If you want island to be accessible without credentials press *I want anyone to access the island*. Please note that this option is insecure: you should only pick this for use in development environments.
|
||||||
|
|
||||||
|
## Resetting account credentials
|
||||||
|
|
||||||
|
To reset credentials edit `monkey_island\cc\server_config.json` by deleting `user` and `password_hash` variables. Then restart the Monkey Island server and you should be prompted with registration form again.
|
||||||
|
|
||||||
|
Example `server_config.json` for account reset:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"server_config": "password",
|
||||||
|
"deployment": "develop"
|
||||||
|
}
|
||||||
|
```
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
title: "Configuration"
|
||||||
|
date: 2020-06-07T19:08:51+03:00
|
||||||
|
draft: false
|
||||||
|
chapter: true
|
||||||
|
weight: 3
|
||||||
|
pre: "<i class='fas fa-sliders-h'></i> "
|
||||||
|
---
|
||||||
|
|
||||||
|
# Configure the Monkey
|
||||||
|
|
||||||
|
The Monkey is highly configurable. Nearly every part of it can be modified to turn it to a fast acting worm or into a port scanning and system information collecting machine.
|
||||||
|
|
||||||
|
{{% notice warning %}}
|
||||||
|
This section of the documentation is incomplete and under active construction.
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
See these documentation pages for information on each configuration value:
|
||||||
|
|
||||||
|
{{% children description=true %}}
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
title: "Credentials"
|
||||||
|
date: 2020-06-09T12:20:08+03:00
|
||||||
|
draft: false
|
||||||
|
description: "Configure credentials that the Monkey will use for propagation."
|
||||||
|
---
|
||||||
|
|
||||||
|
In this screen you can feed the Monkey with “stolen” credentials for your network, simulating an attacker with inside knowledge.
|
||||||
|
|
||||||
|
![Configure credentials](/images/usage/configruation/credentials.png "Configure credentials")
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
title: "Network"
|
||||||
|
date: 2020-06-09T12:20:14+03:00
|
||||||
|
draft: false
|
||||||
|
description: "Configure settings related to the Monkey's network activity."
|
||||||
|
---
|
||||||
|
|
||||||
|
Here you can control multiple important settings, such as:
|
||||||
|
|
||||||
|
* Network propagation depth - How many hops from the base machine will the Monkey spread
|
||||||
|
* Local network scan - Should the Monkey attempt to attack any machine in its subnet
|
||||||
|
* Scanner IP/subnet list - Specific IP ranges that the Monkey should try to attack.
|
|
@ -0,0 +1,54 @@
|
||||||
|
---
|
||||||
|
title: "Verify Integrity - Checksums"
|
||||||
|
date: 2020-06-08T19:53:47+03:00
|
||||||
|
draft: false
|
||||||
|
weight: 100
|
||||||
|
pre: "<i class='fas fa-certificate'></i> "
|
||||||
|
---
|
||||||
|
|
||||||
|
The official distribution of Infection Monkey is compiled and supplied by Guardicore ([download from our official site here](https://www.guardicore.com/infectionmonkey/#download)). The team signs all software packages to certify that a particular Infection Monkey package is a valid and unaltered Infection Monkey release. Before installing Monkey, you should validate the package using the SHA-256 checksum.
|
||||||
|
|
||||||
|
## How to get SHA-256 checksum
|
||||||
|
|
||||||
|
### On Windows
|
||||||
|
|
||||||
|
Use the `Get-FileHash` <i class="fas fa-terminal"></i> PowerShell commandlet, like so:
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List
|
||||||
|
|
||||||
|
# Should print
|
||||||
|
# Algorithm : SHA256
|
||||||
|
# Hash : 2BE528685D675C882604D98382ADB739F5BA0A7E234E3569B21F535173BD9569
|
||||||
|
# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe
|
||||||
|
```
|
||||||
|
|
||||||
|
### On Linux
|
||||||
|
|
||||||
|
Use the `sha256sum` <i class="fas fa-terminal"></i> shell command, like so:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sha256sum monkey-linux-64
|
||||||
|
# Should print:
|
||||||
|
# 734dd2580f3d483210daf54c063a0a972911bbe9afb6ebc6278f86cd6b05e7ab monkey-linux-64
|
||||||
|
```
|
||||||
|
|
||||||
|
## Latest version checksums
|
||||||
|
|
||||||
|
| Filename | Type | Version | SHA256 hash |
|
||||||
|
|-|-|-|-|
|
||||||
|
monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550`
|
||||||
|
monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f`
|
||||||
|
monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5`
|
||||||
|
monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478`
|
||||||
|
infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2`
|
||||||
|
Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569`
|
||||||
|
Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a`
|
||||||
|
infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d`
|
||||||
|
infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75`
|
||||||
|
|
||||||
|
## All checksums
|
||||||
|
|
||||||
|
### 1.8.0 and older
|
||||||
|
|
||||||
|
You can find all these checksums in [this page](https://www.guardicore.com/infectionmonkey/checksums.html).
|
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
title: "Getting Started"
|
||||||
|
date: 2020-05-26T21:01:12+03:00
|
||||||
|
draft: false
|
||||||
|
weight: 1
|
||||||
|
pre: "<i class='fas fa-play-circle'></i> "
|
||||||
|
tags: ["usage"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## Using the Infection Monkey
|
||||||
|
|
||||||
|
After deploying the Monkey Island in your environment, navigate to `https://<server-ip>:5000`.
|
||||||
|
|
||||||
|
### First-time setup
|
||||||
|
|
||||||
|
On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../accounts-and-security).
|
||||||
|
|
||||||
|
### Run the Monkey
|
||||||
|
|
||||||
|
To get the Infection Monkey running as fast as possible, click **Run Monkey**. Optionally, you can configure the Monkey before you continue by clicking **Configuration** (see [how to configure the monkey](../configuration)).
|
||||||
|
|
||||||
|
To run the monkey, select one of the following options:
|
||||||
|
|
||||||
|
![Run Page](/images/usage/getting-started/run_page_with_arrows.jpg "Run Page")
|
||||||
|
|
||||||
|
1. Click **Run on C&C Server** to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate through local network from Monkey Island machine.
|
||||||
|
2. Click **Run on machine of your choice** to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate.
|
||||||
|
|
||||||
|
![Run on machine of your choice](/images/usage/getting-started/run_page_button_no_arrow.jpg "Run on machine of your choice")
|
||||||
|
|
||||||
|
{{% notice tip %}}
|
||||||
|
If you're running in an AWS cloud environment, check out [Usage -> Integrations](../../usage/integrations) for information about how Monkey integrates with AWS.
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
### Infection Map
|
||||||
|
|
||||||
|
Next, click **Infection Map** to see the Infection Monkey in action.
|
||||||
|
|
||||||
|
![Run page to infection map page](/images/usage/getting-started/run_page_button.JPG "Run page to infection map page")
|
||||||
|
|
||||||
|
At first, the infection map will look like this:
|
||||||
|
|
||||||
|
![Start of Monkey execution](/images/usage/getting-started/run_island.JPG "Start of Monkey execution")
|
||||||
|
|
||||||
|
Within a few minutes, the Infection Monkey should be able to find and attack accessible machines.
|
||||||
|
|
||||||
|
![Middle of Monkey execution](/images/usage/getting-started/single_exploitation.JPG "Middle of Monkey execution")
|
||||||
|
|
||||||
|
As the Infection Monkey continues, the map should be filled with accessible and “hacked” machines. Once all the Infection Monkeys have finished propagating, click **Reports** to see the reports. See [Infection Monkey Reports](../reports) for more info.
|
||||||
|
|
||||||
|
![End of Monkey execution](/images/usage/getting-started/exploitation_tunneling_arrow.jpg "End of Monkey execution")
|
||||||
|
|
||||||
|
Congratulations, you finished first successful execution of the Infection Monkey! 🎉 To thoroughly test your network, you can run the Infection Monkey from different starting locations using different configurations.
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
title: "Integrations"
|
||||||
|
date: 2020-06-28T10:38:05+03:00
|
||||||
|
draft: false
|
||||||
|
chapter: true
|
||||||
|
weight: 10
|
||||||
|
pre: "<i class='fas fa-directions'></i> "
|
||||||
|
---
|
||||||
|
|
||||||
|
# Integrate the Monkey with 3rd party software
|
||||||
|
|
||||||
|
The Monkey likes working together. See these documentation pages for information on each integration the Monkey currently offers:
|
||||||
|
|
||||||
|
{{% children description=true %}}
|
|
@ -0,0 +1,150 @@
|
||||||
|
---
|
||||||
|
title: "Running the monkey on AWS EC2 instances"
|
||||||
|
date: 2020-06-28T10:44:05+03:00
|
||||||
|
draft: false
|
||||||
|
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
|
||||||
|
tags: ["aws", "integration"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## When to use this feature
|
||||||
|
|
||||||
|
If your network is deployed on Amazon Web Services (with EC2 instances), and you'd like to run the Infection Monkey in order to test it, this page is for you. You can easily run the monkey on **various instances** within your network - in a secure fashion, **without** feeding the Island with any credentials or running shell commands on the machines you want to test.
|
||||||
|
|
||||||
|
The results will be exported to AWS security hub automatically, as well. To see more information about that, see the [Infection Monkey and AWS Security Hub documentation](https://github.com/guardicore/monkey/wiki/Infection-Monkey-and-AWS-Security-Hub).
|
||||||
|
|
||||||
|
![AWS EC2 logo](/images/usage/integrations/aws-ec2.svg?height=250px "AWS EC2 logo")
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
Assuming your network is already set up in AWS EC2, follow these quick steps to get up and running.
|
||||||
|
|
||||||
|
### Monkey Island deployment
|
||||||
|
|
||||||
|
In order to run the Monkeys directly from the Monkey Island server, you need to deploy the Monkey Island server to an AWS EC2 instance in the same network which you want to test. For information about deploying the Monkey Island server, see [setup](../../../setup).
|
||||||
|
|
||||||
|
### Setup IAM roles
|
||||||
|
|
||||||
|
In order for the Island to successfully view your instances, you'll need to set appropriate IAM roles to your instances. You can read more about IAM roles [in Amazon's documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html), but it's not necessary in order to follow this setup.
|
||||||
|
|
||||||
|
#### Creating a custom IAM role
|
||||||
|
|
||||||
|
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this:
|
||||||
|
|
||||||
|
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
|
||||||
|
|
||||||
|
#### Applying the IAM role to an instance
|
||||||
|
|
||||||
|
For each instance you'd like to access from the island, apply the new IAM role you've just created to the instance. For example:
|
||||||
|
|
||||||
|
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-4.png "Applying a custom IAM role")
|
||||||
|
|
||||||
|
After applying the IAM role you should see this screen:
|
||||||
|
|
||||||
|
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-5.png "Applying a custom IAM role")
|
||||||
|
|
||||||
|
**Note: after setting IAM roles, the roles might take a few minutes (up to 10 minutes sometimes) to effectively kick in.** This is how AWS works and is not related to the Monkey implementation. See [this StackOverflow thread for more details.](https://stackoverflow.com/questions/20156043/how-long-should-i-wait-after-applying-an-aws-iam-policy-before-it-is-valid)
|
||||||
|
|
||||||
|
### Setup SSM agent
|
||||||
|
|
||||||
|
If your EC2 instances don't have the _SSM agent_ installed, they will not be able to execute SSM commands, which means you won't see them in the AWS machines table on the monkey island. Generally speaking, most new EC2 instances ought to have SSM pre-installed; The SSM Agent is installed, by default, on Amazon Linux base AMIs dated 2017.09 and later, and on Amazon Linux 2, Ubuntu Server 16.04, and Ubuntu Server 18.04 LTS AMIs.
|
||||||
|
|
||||||
|
See [Amazon's documentation about working with SSM agents](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) for more details on how to check if you have an SSM agent and how to manually install one if you don't have one.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
### Running the monkey
|
||||||
|
|
||||||
|
When you run the monkey island on an AWS instance, the island detects it's running on AWS and present the following option in the _"Run Monkey"_ page, like so:
|
||||||
|
|
||||||
|
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-1.png "Running a Monkey on EC2 Instance")
|
||||||
|
|
||||||
|
And then you can choose one of the available instances as "patient zero" like so:
|
||||||
|
|
||||||
|
1. Click on "Run on AWS"
|
||||||
|
2. Choose the relevant Network Interface
|
||||||
|
3. Select the machines you'd like to run the Monkey on
|
||||||
|
4. Click "Run on Selected Machines", and watch the monkey go! 🐒
|
||||||
|
|
||||||
|
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-2.png "Running a Monkey on EC2 Instance")
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
|
||||||
|
- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in AWS IAM documentation.
|
||||||
|
- You can see the monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
|
||||||
|
|
||||||
|
### Appendix A: Specific policy permissions required
|
||||||
|
|
||||||
|
The IAM role will need to have, at least, the following specific permissions:
|
||||||
|
|
||||||
|
#### For executing the Monkey on other machines - SSM
|
||||||
|
|
||||||
|
- `"ssm:SendCommand"`
|
||||||
|
- `"ssm:DescribeInstanceInformation"`
|
||||||
|
- `"ssm:GetCommandInvocation"`
|
||||||
|
|
||||||
|
Here's the policy of the IAM role, as a JSON object:
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Sid": "VisualEditor0",
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"ssm:SendCommand",
|
||||||
|
"ssm:DescribeInstanceInformation",
|
||||||
|
"ssm:GetCommandInvocation"
|
||||||
|
],
|
||||||
|
"Resource": "*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### For exporting security findings to the Security Hub - security hub
|
||||||
|
|
||||||
|
_Note: these can be set on the Monkey Island machine alone, since it's the only one exporting findings to the AWS secutiry hub._
|
||||||
|
|
||||||
|
- `"securityhub:UpdateFindings"`
|
||||||
|
- `"securityhub:BatchImportFindings"`
|
||||||
|
|
||||||
|
Here's the policy for SecurityHub, as a JSON object:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Sid": "VisualEditor0",
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"securityhub:UpdateFindings",
|
||||||
|
"securityhub:BatchImportFindings"
|
||||||
|
],
|
||||||
|
"Resource": "*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
The JSON object for both of the policies combined therefore is:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Sid": "VisualEditor0",
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"ssm:SendCommand",
|
||||||
|
"ssm:DescribeInstanceInformation",
|
||||||
|
"securityhub:UpdateFindings",
|
||||||
|
"securityhub:BatchImportFindings",
|
||||||
|
"ssm:GetCommandInvocation"
|
||||||
|
],
|
||||||
|
"Resource": "*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
title: "AWS Security Hub integration"
|
||||||
|
date: 2020-06-28T10:38:12+03:00
|
||||||
|
draft: false
|
||||||
|
description: "Correlate the Monkey's findings with the native security solutions and benchmark scores."
|
||||||
|
tags: ["aws", "integration"]
|
||||||
|
---
|
||||||
|
|
||||||
|
The Infection Monkey integration with the [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.
|
||||||
|
|
||||||
|
![AWS security hub logo](/images/usage/integrations/AWS-Security-Hub-logo.png "AWS security hub logo")
|
||||||
|
|
||||||
|
The integration will send _all_ Infection Monkey findings (typically low tens of findings) to the security hub at the end of a Monkey breach simulation.
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
If the correct permissions have been set on the AWS IAM role of the Monkey Island machine, then the Island will automatically export its findings to the AWS security hub.
|
||||||
|
|
||||||
|
### Specific permissions required for security hub
|
||||||
|
|
||||||
|
- `"securityhub:UpdateFindings"`
|
||||||
|
- `"securityhub:BatchImportFindings"`
|
||||||
|
|
||||||
|
Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure.
|
||||||
|
|
||||||
|
## Integration details
|
||||||
|
|
||||||
|
The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`.
|
||||||
|
|
||||||
|
Specifically, the Island sends findings for all vulnerabilities it finds along with generic findings on the network (such as segmentation issues). Our normalized severity is 100, while most issues we report range between 1 and 10.
|
||||||
|
|
||||||
|
## Regions
|
||||||
|
|
||||||
|
The Infection Monkey is usable on all public AWS instances.
|
||||||
|
|
||||||
|
## Example
|
||||||
|
|
||||||
|
After setting up a monkey environment in AWS and attaching the correct IAM roles to the monkey island machine, the report findings were exported to the security hub.
|
||||||
|
|
||||||
|
1. Navigate to `Findings`.
|
||||||
|
2. Press on a specific finding to see more details and possible solutions.
|
||||||
|
|
||||||
|
![AWS Security hub console example](images/usage/integrations/security-hub-console-example.png "AWS Security hub console example")
|
|
@ -0,0 +1,13 @@
|
||||||
|
+++
|
||||||
|
title = "Reports"
|
||||||
|
date = 2020-06-24T21:16:03+03:00
|
||||||
|
weight = 5
|
||||||
|
chapter = true
|
||||||
|
pre = "<i class='fas fa-scroll'></i> "
|
||||||
|
+++
|
||||||
|
|
||||||
|
# Infection Monkey's Reports
|
||||||
|
|
||||||
|
The Monkey offers three reports:
|
||||||
|
|
||||||
|
{{% children %}}
|
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
title: "MITRE ATT&CK report"
|
||||||
|
date: 2020-06-24T21:17:18+03:00
|
||||||
|
draft: false
|
||||||
|
---
|
||||||
|
|
||||||
|
{{% notice info %}}
|
||||||
|
Check out [the documentation for the other reports as well](../).
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
The Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
|
||||||
|
|
||||||
|
Watch an overview video:
|
||||||
|
|
||||||
|
{{% youtube 3tNrlutqazQ %}}
|
||||||
|
|
||||||
|
## How to use the report
|
||||||
|
|
||||||
|
The MITRE ATT&CK report is centred around the ATT&CK matrix:
|
||||||
|
|
||||||
|
![MITRE Report](/images/usage/reports/mitre-report-0.jpg "MITRE Report")
|
||||||
|
|
||||||
|
The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
|
||||||
|
|
||||||
|
- {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
|
||||||
|
- {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didn’t manage to. That means your network isn’t vulnerable to the way Monkey employs this technique.
|
||||||
|
- {{< label other Grey >}}: The Monkey **didn't try** the technique this time. Perhaps it wasn't relevant to this network or wasn't configured.
|
||||||
|
|
||||||
|
Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, let’s look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique that’s a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
|
||||||
|
|
||||||
|
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
|
||||||
|
|
||||||
|
In this example, you can see how the Monkey was able to use one old `root` password to access all machines in the network. When scrolling to the bottom of this list, you can also see the mitigation recommended, including **Account Use Policies** and implementing **Multiple Factor Authentication**.
|
||||||
|
|
||||||
|
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access-mitigations.png "MITRE Report Credentials Access technique")
|
|
@ -0,0 +1,97 @@
|
||||||
|
---
|
||||||
|
title: "Security report"
|
||||||
|
date: 2020-06-24T21:16:10+03:00
|
||||||
|
draft: false
|
||||||
|
---
|
||||||
|
|
||||||
|
{{% notice info %}}
|
||||||
|
Check out [the documentation for the other reports as well](../).
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
The Monkey's Security Report is built to provide you with actionable recommendations and insight to the Attacker's view of your network. You can download a PDF of this example report:
|
||||||
|
|
||||||
|
{{%attachments title="Download the PDF" pattern=".*(pdf)"/%}}
|
||||||
|
|
||||||
|
The report is split into 3 main categories: "Overview", "Recommendations" and "The network from the Monkey's eyes".
|
||||||
|
|
||||||
|
- [Overview](#overview)
|
||||||
|
- [High level information](#high-level-information)
|
||||||
|
- [Used Credentials](#used-credentials)
|
||||||
|
- [Exploits and targets](#exploits-and-targets)
|
||||||
|
- [Security Findings](#security-findings)
|
||||||
|
- [Recommendations](#recommendations)
|
||||||
|
- [Machine related recommendations relating to specific CVEs](#machine-related-recommendations-relating-to-specific-cves)
|
||||||
|
- [Machine related recommendations relating to network security and segmentation](#machine-related-recommendations-relating-to-network-security-and-segmentation)
|
||||||
|
- [The network from the Monkey's eyes](#the-network-from-the-monkeys-eyes)
|
||||||
|
- [Network infection map](#network-infection-map)
|
||||||
|
- [Scanned servers](#scanned-servers)
|
||||||
|
- [Exploits and post-breach actions](#exploits-and-post-breach-actions)
|
||||||
|
- [Stolen Credentials](#stolen-credentials)
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
The overview section of the report provides high-level information about the Monkey execution and the main security findings that the Monkey has found.
|
||||||
|
|
||||||
|
### High level information
|
||||||
|
|
||||||
|
The report starts with information about the execution, including how long the simulation took and from which machine the infection started from.
|
||||||
|
|
||||||
|
![Overview](/images/usage/reports/sec_report_1_overview.png "Overview")
|
||||||
|
|
||||||
|
### Used Credentials
|
||||||
|
|
||||||
|
The report will show which credentials were used for brute-forcing.
|
||||||
|
|
||||||
|
![Used Credentials](/images/usage/reports/sec_report_2_users_passwords.png "Used Credentials")
|
||||||
|
|
||||||
|
### Exploits and targets
|
||||||
|
|
||||||
|
The report shows which exploits were attempted in this simulation and which targets the Monkey scanned and tried to exploit.
|
||||||
|
|
||||||
|
![Exploits and Targets](/images/usage/reports/sec_report_3_exploits_ips.png "Exploits and Targets")
|
||||||
|
|
||||||
|
### Security Findings
|
||||||
|
|
||||||
|
The report highlights the most important security threats and issues the Monkey discovered during the attack.
|
||||||
|
|
||||||
|
![Threats and issues](/images/usage/reports/sec_report_4_threats_and_issues.png "Threats and issues")
|
||||||
|
|
||||||
|
## Recommendations
|
||||||
|
|
||||||
|
This section contains the Monkey's recommendations for improving your security - what mitigations you need to implement.
|
||||||
|
|
||||||
|
### Machine related recommendations relating to specific CVEs
|
||||||
|
|
||||||
|
![Machine related recommendations](/images/usage/reports/sec_report_5_machine_related.png "Machine related recommendations")
|
||||||
|
|
||||||
|
### Machine related recommendations relating to network security and segmentation
|
||||||
|
|
||||||
|
![Machine related recommendations](/images/usage/reports/sec_report_6_machine_related_network.png "Machine related recommendations")
|
||||||
|
|
||||||
|
## The network from the Monkey's eyes
|
||||||
|
|
||||||
|
This section contains the Infection Map and some summary tables on servers the Monkey has found.
|
||||||
|
|
||||||
|
### Network infection map
|
||||||
|
|
||||||
|
This part shows the network map and a breakdown of how many machines were breached.
|
||||||
|
|
||||||
|
![Network map](/images/usage/reports/sec_report_7_network_map.png "Network map")
|
||||||
|
|
||||||
|
### Scanned servers
|
||||||
|
|
||||||
|
This part shows the attack surface the Monkey has found.
|
||||||
|
|
||||||
|
![Scanned servers](/images/usage/reports/sec_report_8_network_services.png "Scanned servers")
|
||||||
|
|
||||||
|
### Exploits and post-breach actions
|
||||||
|
|
||||||
|
This part shows which exploits and Post Breach Actions the Monkey has performed in this simulation.
|
||||||
|
|
||||||
|
![Exploits and PBAs](/images/usage/reports/sec_report_9_exploits_pbas.png "Exploits and PBAs")
|
||||||
|
|
||||||
|
### Stolen Credentials
|
||||||
|
|
||||||
|
This part shows which credentials the Monkey was able to steal from breached machines in this simulation.
|
||||||
|
|
||||||
|
![Stolen creds](/images/usage/reports/sec_report_10_stolen_credentials.png "Stolen creds")
|
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
title: "Zero Trust report"
|
||||||
|
date: 2020-06-24T21:16:18+03:00
|
||||||
|
draft: false
|
||||||
|
---
|
||||||
|
|
||||||
|
{{% notice info %}}
|
||||||
|
Check out [the documentation for the other reports as well](../).
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
The Guardicore Infection Monkey runs different tests to evaluate your network adherence to key components of the Zero Trust framework as established by Forrester, such as whether you have applied segmentation, user identity, encryption and more. Then, the Monkey generates a status report with detailed explanations of security gaps and prescriptive instructions on how to rectify them.
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
This diagram provides a quick glance at how your organization scores on each component of the Forrester’s Zero Trust model with **Failed**, **Verify**, **Passed** and **Unexecuted** verdicts.
|
||||||
|
|
||||||
|
- {{< label danger Failed >}} At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement.
|
||||||
|
- {{< label warning Verify >}} At least one of the tests’ results related to this component requires further manual verification.
|
||||||
|
- {{< label success Passed >}} All Tests related to this pillar passed. No violation of a Zero Trust guiding principle was detected.
|
||||||
|
- {{< label other Unexecuted >}} This status means no tests were executed for this pillar.
|
||||||
|
|
||||||
|
![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
|
||||||
|
|
||||||
|
## Test Results
|
||||||
|
|
||||||
|
See how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust components so you can quickly navigate to the components you care about first.
|
||||||
|
|
||||||
|
![Zero Trust Report test results](/images/usage/reports/ztreport2.png "Zero Trust Report test results")
|
||||||
|
|
||||||
|
## Findings
|
||||||
|
|
||||||
|
Deep-dive into the details of each test, and see the explicit events and exact timestamps in which things happened in your network. This will enable you to match up with your SOC logs and alerts and to gain deeper insight as to what exactly happened during each of the tests.
|
||||||
|
|
||||||
|
![Zero Trust Report Findings](/images/usage/reports/ztreport3.png "Zero Trust Report Findings")
|
||||||
|
|
||||||
|
## Events
|
||||||
|
|
||||||
|
The results are exportable. Click Export after clicking on Events to view them in a machine-readable format.
|
||||||
|
|
||||||
|
![Zero Trust Report events](/images/usage/reports/ztreport4.png "Zero Trust Report events")
|
||||||
|
|
||||||
|
## Overview Video
|
||||||
|
|
||||||
|
You can check out an overview video here:
|
||||||
|
|
||||||
|
{{% youtube z4FNu3WCd9o %}}
|
|
@ -0,0 +1,104 @@
|
||||||
|
---
|
||||||
|
title: "Scenarios"
|
||||||
|
date: 2020-05-26T21:01:19+03:00
|
||||||
|
draft: false
|
||||||
|
weight: 2
|
||||||
|
tags: ["usage"]
|
||||||
|
pre: "<i class='fas fa-map-marked-alt'></i> "
|
||||||
|
---
|
||||||
|
|
||||||
|
In this page we show how you can use the Infection Monkey to simulate breach and attack scenarios as well as to share some cool tips and tricks you can use to up your Infection Monkey game. This page is aimed at both novice and experienced Monkey users. You can also refer to [our FAQ](../../faq) for more specific questions and answers.
|
||||||
|
|
||||||
|
Here are a few scenarios that can be replicated in your own environment by executing the Monkey from different locations within the network, or with some tweaks to the Monkey’s configuration.
|
||||||
|
|
||||||
|
{{% notice note %}}
|
||||||
|
No worries! The Monkey does not cause any permanent system modifications that impact security or operations. You will be able to track the Monkey using the log files it leaves in well defined locations. [See our FAQ for more details](../faq).
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
- [Your network has been breached via internet facing servers](#your-network-has-been-breached-via-internet-facing-servers)
|
||||||
|
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey)
|
||||||
|
- [You are the newest victim of a phishing fraud! 🎣](#you-are-the-newest-victim-of-a-phishing-fraud)
|
||||||
|
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-1)
|
||||||
|
- [You want to test your network segmentation](#you-want-to-test-your-network-segmentation)
|
||||||
|
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-2)
|
||||||
|
- [You want to verify your security solutions, procedures and teams are working as intended](#you-want-to-verify-your-security-solutions-procedures-and-teams-are-working-as-intended)
|
||||||
|
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-3)
|
||||||
|
- [Other useful tips](#other-useful-tips)
|
||||||
|
|
||||||
|
## Your network has been breached via internet facing servers
|
||||||
|
|
||||||
|
Whether it was the [Hex-men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit your Internet-facing DB server, a [cryptomining operation that attacked your WordPress site](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign – the attackers are now trying to go deeper into your network.
|
||||||
|
|
||||||
|
### Simulate this scenario using the Monkey
|
||||||
|
|
||||||
|
To simulate this breach scenario, execute the Infection Monkey on different machines that host internet-facing services such as your web servers (Apache, Tomcat, NGINX…) or your VPN servers. To see how to execute the Monkey on these servers, [refer to this FAQ question](../../faq#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey).
|
||||||
|
|
||||||
|
{{% notice tip %}}
|
||||||
|
If you want to simulate a very “deep” attack into your network, see our [configuration documentation](../configuration).
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
After executing the Monkey, evaluate the results of this simulation using the information in the Report page. There you will find a summary of the most important things the simulation has discovered, a detailed report of all the Monkey’s findings and more. You can also use the Infection Map to analyze the Monkey’s progress through the network, and to see each Monkey’s detailed telemetry and logs.
|
||||||
|
|
||||||
|
## You are the newest victim of a phishing fraud! 🎣
|
||||||
|
|
||||||
|
Almost everyone is prone to phishing attacks. Results of a successful phishing attempt can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
|
||||||
|
|
||||||
|
This scenario begins in a section of the network which is a potential phishing spot. Phishing attacks target human users - as such, these types of attacks try to penetrate the network via a service an employee is using, such as an email with an attached malware or social media message with a link redirecting to a malicious website. These are just two examples of where and how an attacker may choose to launch their campaign.
|
||||||
|
|
||||||
|
### Simulate this scenario using the Monkey
|
||||||
|
|
||||||
|
To simulate the damage from a successful phishing attack using the Infection Monkey, choose machines in your network from potentially problematic group of machines, such as the laptop of one of your heavy email users or one of your strong IT users (think of people who are more likely to correspond with people outside of your organization).
|
||||||
|
|
||||||
|
- After setting up the Island add the users’ **real** credentials (usernames and passwords) to the Monkey’s configuration (Don’t worry, this sensitive data is not accessible and is not distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Island’s configuration). Now you can simulate an attacker attempting to probe deeper in the network with credentials “successfully” phished.
|
||||||
|
- You can configure these credentials for the Monkey as follows:
|
||||||
|
From the **“Basic - Credentials”** tab of the Island’s configuration, under the **“Exploit password list”** press the ‘+’ button and add the passwords you would like the Monkey to use. Do the same with usernames in the **“Exploit user list”**.
|
||||||
|
|
||||||
|
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
|
||||||
|
|
||||||
|
After supplying the Monkey with the passwords and usernames, execute the Monkey from the simulated “victim” machines. To do this, click “**2. Run Monkey**” from the left sidebar menu and choose “**Run on machine of your choice**”.
|
||||||
|
|
||||||
|
## You want to test your network segmentation
|
||||||
|
|
||||||
|
Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually, typically using policies. A useful way to test the effectiveness of your segmentation is to ensure that your network segments are properly separated, e,g, your Development is separated from your Production, your applications are separated from one another etc. "to security test is to verify that your network segmentation is configured properly. This way you make sure that even if a certain attacker has breached your defenses, it can’t move laterally from point A to point B.
|
||||||
|
|
||||||
|
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with its cross-segment traffic testing feature.
|
||||||
|
|
||||||
|
### Simulate this scenario using the Monkey
|
||||||
|
|
||||||
|
As an example, the following configuration makes sure machines in the “10.0.0.0/24” segment (segment A) and the “11.0.0.2/32” segment (segment B) can’t communicate with each other, along with an additional machine in 13.37.41.50.
|
||||||
|
|
||||||
|
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
|
||||||
|
|
||||||
|
## You want to verify your security solutions, procedures and teams are working as intended
|
||||||
|
|
||||||
|
The Infection Monkey can help you verify that your security solutions are working the way you expected them to. These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
|
||||||
|
|
||||||
|
### Simulate this scenario using the Monkey
|
||||||
|
|
||||||
|
Run the Monkey with whichever configuration you prefer. The default is good enough for many cases; but for example, you can add some old users and passwords. Running the Monkey on both the Island and on a few other machines in the network is also recommended, as it increases coverage and propagation rates.
|
||||||
|
|
||||||
|
After running the Monkey, follow the Monkeys’ actions on the Monkey Island’s infection map.
|
||||||
|
|
||||||
|
Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security solutions are identifying and correctly alerting on different attacks.
|
||||||
|
|
||||||
|
- The red arrows indicate successful exploitations. If you see red arrows, those incidents ought to be reported as exploitation attempts, so check whether you are receiving alerts from your security systems as expected.
|
||||||
|
- The orange arrows indicate scanning activity, usually used by attackers to locate potential vulnerabilities. If you see orange arrows, those incidents ought to be reported as scanning attempts (and possibly as segmentation violations).
|
||||||
|
- The blue arrows indicate tunneling activity, usually used by attackers to infiltrate “protected” networks from the Internet. Perhaps someone is trying to bypass your firewall to gain access to a protected service in your network? Check if your micro-segmentation / firewall solution identify or report anything.
|
||||||
|
|
||||||
|
While running this scenario, be on the lookout for the action that should arise: Did you get a phone call telling you about suspicious activity inside your network? Are events flowing into your security events aggregators? Are you getting emails from your IR teams? Is the endpoint protection software you installed on machines in the network reporting on anything? Are your compliance scanners detecting anything wrong?
|
||||||
|
|
||||||
|
## Other useful tips
|
||||||
|
|
||||||
|
Here are a few tips which can help you push the Infection Monkey even further:
|
||||||
|
|
||||||
|
- Make sure the Monkey is configured to scan its local network but in addition, configure it with specific targets. To add these targets, add their IP addresses (or the IP ranges in which they reside) to the Scan IP/subnet list using the `+` button. Here’s an example of how this is achieved:
|
||||||
|
|
||||||
|
![How to configure Scan IP/subnet list](/images/usage/scenarios/scan-list-config.png "How to configure Scan IP/subnet list")
|
||||||
|
|
||||||
|
- Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the island’s configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
|
||||||
|
|
||||||
|
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
|
||||||
|
|
||||||
|
- To see the Monkey executing in real-time on your servers, add the **post-breach action** command: `wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server. let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored inside your network. See below:
|
||||||
|
|
||||||
|
![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.")
|
|
@ -0,0 +1 @@
|
||||||
|
<link rel="shortcut icon" href="{{ .Site.BaseURL }}/images/favicon.ico" type="image/x-icon" />
|
|
@ -0,0 +1,8 @@
|
||||||
|
<div style="width: 100%;">
|
||||||
|
<a id="logo" href="{{ .Site.BaseURL }}" style="width: 100%;">
|
||||||
|
<video autoplay loop muted playsinline style="width: 100%;">
|
||||||
|
<source src="{{ .Site.BaseURL }}/images/logo.webm" type="video/webm">
|
||||||
|
<source src="{{ .Site.BaseURL }}/images/logo.mp4" type="video/mp4">
|
||||||
|
</video>
|
||||||
|
</a>
|
||||||
|
</div>
|
|
@ -0,0 +1,85 @@
|
||||||
|
<link rel="stylesheet" href="css/bootstrap-grid.min.css">
|
||||||
|
<!-- Lifting specific elements from bootstrap -->
|
||||||
|
<style>
|
||||||
|
.justify-content-start {
|
||||||
|
-ms-flex-pack: start !important;
|
||||||
|
justify-content: flex-start !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.justify-content-end {
|
||||||
|
-ms-flex-pack: end !important;
|
||||||
|
justify-content: flex-end !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.justify-content-center {
|
||||||
|
-ms-flex-pack: center !important;
|
||||||
|
justify-content: center !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.justify-content-between {
|
||||||
|
-ms-flex-pack: justify !important;
|
||||||
|
justify-content: space-between !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.justify-content-around {
|
||||||
|
-ms-flex-pack: distribute !important;
|
||||||
|
justify-content: space-around !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.shadow {
|
||||||
|
box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15) !important;
|
||||||
|
}
|
||||||
|
.d-block {
|
||||||
|
display: block !important;
|
||||||
|
}
|
||||||
|
.text-center {
|
||||||
|
text-align: center !important;
|
||||||
|
}
|
||||||
|
.mb-4,
|
||||||
|
.my-4 {
|
||||||
|
margin-bottom: 1.5rem !important;
|
||||||
|
}
|
||||||
|
.pr-4,
|
||||||
|
.px-4 {
|
||||||
|
padding-right: 1.5rem !important;
|
||||||
|
}
|
||||||
|
.pt-5,
|
||||||
|
.py-5 {
|
||||||
|
padding-top: 3rem !important;
|
||||||
|
}
|
||||||
|
.mb-3,
|
||||||
|
.my-3 {
|
||||||
|
margin-bottom: 1rem !important;
|
||||||
|
}
|
||||||
|
.mt-0,
|
||||||
|
.my-0 {
|
||||||
|
margin-top: 0 !important;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<section id="homepage-shortcuts">
|
||||||
|
<div class="container">
|
||||||
|
<div class="row justify-content-center">
|
||||||
|
<div class="col-lg-4 col-sm-6 mb-3">
|
||||||
|
<a href="setup/" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||||
|
<i class="fas fa-cogs d-block mb-4" style="font-size: x-large;"></i>
|
||||||
|
<h4 class="mb-3 mt-0">Setup</h4>
|
||||||
|
<p class="mb-0">See how to install the Infection Monkey.</p>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="col-lg-4 col-sm-6 mb-3">
|
||||||
|
<a href="usage/getting-started/" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||||
|
<i class="fas fa-play-circle d-block mb-4" style="font-size: x-large;"></i>
|
||||||
|
<h4 class="mb-3 mt-0">Getting Started</h4>
|
||||||
|
<p class="mb-0">Set the Monkey wild in your datacenter.</p>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="col-lg-4 col-sm-6 mb-3">
|
||||||
|
<a href="faq/" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||||
|
<i class="fas fa-question d-block mb-4" style="font-size: x-large;"></i>
|
||||||
|
<h4 class="mb-3 mt-0">FAQs</h4>
|
||||||
|
<p class="mb-0">Read common questions and answers.</p>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
|
@ -0,0 +1 @@
|
||||||
|
<span class="label {{ .Get 0 }}"><strong>{{ .Get 1 }}</strong></span>
|
|
@ -0,0 +1,15 @@
|
||||||
|
/*!
|
||||||
|
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||||
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||||
|
*/
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Font Awesome 5 Brands';
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: 400;
|
||||||
|
font-display: block;
|
||||||
|
src: url("../webfonts/fa-brands-400.eot");
|
||||||
|
src: url("../webfonts/fa-brands-400.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-brands-400.woff2") format("woff2"), url("../webfonts/fa-brands-400.woff") format("woff"), url("../webfonts/fa-brands-400.ttf") format("truetype"), url("../webfonts/fa-brands-400.svg#fontawesome") format("svg"); }
|
||||||
|
|
||||||
|
.fab {
|
||||||
|
font-family: 'Font Awesome 5 Brands';
|
||||||
|
font-weight: 400; }
|
|
@ -0,0 +1,5 @@
|
||||||
|
/*!
|
||||||
|
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||||
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||||
|
*/
|
||||||
|
@font-face{font-family:"Font Awesome 5 Brands";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-brands-400.eot);src:url(../webfonts/fa-brands-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.woff) format("woff"),url(../webfonts/fa-brands-400.ttf) format("truetype"),url(../webfonts/fa-brands-400.svg#fontawesome) format("svg")}.fab{font-family:"Font Awesome 5 Brands";font-weight:400}
|
|
@ -0,0 +1,12 @@
|
||||||
|
.label {
|
||||||
|
color: white;
|
||||||
|
padding: 3px;
|
||||||
|
border-radius: 5px;
|
||||||
|
-moz-border-radius: 5px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.success {background-color: #4CAF50;} /* Green */
|
||||||
|
.info {background-color: #2196F3;} /* Blue */
|
||||||
|
.warning {background-color: #ff9800;} /* Orange */
|
||||||
|
.danger {background-color: #f44336;} /* Red */
|
||||||
|
.other {background-color: #e7e7e7; color: black;} /* Gray */
|
|
@ -0,0 +1,15 @@
|
||||||
|
/*!
|
||||||
|
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||||
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||||
|
*/
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Font Awesome 5 Free';
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: 400;
|
||||||
|
font-display: block;
|
||||||
|
src: url("../webfonts/fa-regular-400.eot");
|
||||||
|
src: url("../webfonts/fa-regular-400.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-regular-400.woff2") format("woff2"), url("../webfonts/fa-regular-400.woff") format("woff"), url("../webfonts/fa-regular-400.ttf") format("truetype"), url("../webfonts/fa-regular-400.svg#fontawesome") format("svg"); }
|
||||||
|
|
||||||
|
.far {
|
||||||
|
font-family: 'Font Awesome 5 Free';
|
||||||
|
font-weight: 400; }
|
|
@ -0,0 +1,5 @@
|
||||||
|
/*!
|
||||||
|
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||||
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||||
|
*/
|
||||||
|
@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-regular-400.eot);src:url(../webfonts/fa-regular-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.woff) format("woff"),url(../webfonts/fa-regular-400.ttf) format("truetype"),url(../webfonts/fa-regular-400.svg#fontawesome) format("svg")}.far{font-family:"Font Awesome 5 Free";font-weight:400}
|
|
@ -0,0 +1,10 @@
|
||||||
|
/* Add a shadow around images in content pages. Most of our content is screenshots, and the Island's background merges with
|
||||||
|
the documentation background. Only #body-inner so that the Logo image won't get a border around it */
|
||||||
|
#body-inner img {
|
||||||
|
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We don't want shadow around this image in particular */
|
||||||
|
#body-inner img[src*="/images/monkey-teacher.svg"] {
|
||||||
|
box-shadow: none; !important;
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
/*!
|
||||||
|
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||||
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||||
|
*/
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Font Awesome 5 Free';
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: 900;
|
||||||
|
font-display: block;
|
||||||
|
src: url("../webfonts/fa-solid-900.eot");
|
||||||
|
src: url("../webfonts/fa-solid-900.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-solid-900.woff2") format("woff2"), url("../webfonts/fa-solid-900.woff") format("woff"), url("../webfonts/fa-solid-900.ttf") format("truetype"), url("../webfonts/fa-solid-900.svg#fontawesome") format("svg"); }
|
||||||
|
|
||||||
|
.fa,
|
||||||
|
.fas {
|
||||||
|
font-family: 'Font Awesome 5 Free';
|
||||||
|
font-weight: 900; }
|
|
@ -0,0 +1,5 @@
|
||||||
|
/*!
|
||||||
|
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||||
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||||
|
*/
|
||||||
|
@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:900;font-display:block;src:url(../webfonts/fa-solid-900.eot);src:url(../webfonts/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.woff) format("woff"),url(../webfonts/fa-solid-900.ttf) format("truetype"),url(../webfonts/fa-solid-900.svg#fontawesome) format("svg")}.fa,.fas{font-family:"Font Awesome 5 Free";font-weight:900}
|
|
@ -0,0 +1,371 @@
|
||||||
|
/*!
|
||||||
|
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||||
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||||
|
*/
|
||||||
|
svg:not(:root).svg-inline--fa {
|
||||||
|
overflow: visible; }
|
||||||
|
|
||||||
|
.svg-inline--fa {
|
||||||
|
display: inline-block;
|
||||||
|
font-size: inherit;
|
||||||
|
height: 1em;
|
||||||
|
overflow: visible;
|
||||||
|
vertical-align: -.125em; }
|
||||||
|
.svg-inline--fa.fa-lg {
|
||||||
|
vertical-align: -.225em; }
|
||||||
|
.svg-inline--fa.fa-w-1 {
|
||||||
|
width: 0.0625em; }
|
||||||
|
.svg-inline--fa.fa-w-2 {
|
||||||
|
width: 0.125em; }
|
||||||
|
.svg-inline--fa.fa-w-3 {
|
||||||
|
width: 0.1875em; }
|
||||||
|
.svg-inline--fa.fa-w-4 {
|
||||||
|
width: 0.25em; }
|
||||||
|
.svg-inline--fa.fa-w-5 {
|
||||||
|
width: 0.3125em; }
|
||||||
|
.svg-inline--fa.fa-w-6 {
|
||||||
|
width: 0.375em; }
|
||||||
|
.svg-inline--fa.fa-w-7 {
|
||||||
|
width: 0.4375em; }
|
||||||
|
.svg-inline--fa.fa-w-8 {
|
||||||
|
width: 0.5em; }
|
||||||
|
.svg-inline--fa.fa-w-9 {
|
||||||
|
width: 0.5625em; }
|
||||||
|
.svg-inline--fa.fa-w-10 {
|
||||||
|
width: 0.625em; }
|
||||||
|
.svg-inline--fa.fa-w-11 {
|
||||||
|
width: 0.6875em; }
|
||||||
|
.svg-inline--fa.fa-w-12 {
|
||||||
|
width: 0.75em; }
|
||||||
|
.svg-inline--fa.fa-w-13 {
|
||||||
|
width: 0.8125em; }
|
||||||
|
.svg-inline--fa.fa-w-14 {
|
||||||
|
width: 0.875em; }
|
||||||
|
.svg-inline--fa.fa-w-15 {
|
||||||
|
width: 0.9375em; }
|
||||||
|
.svg-inline--fa.fa-w-16 {
|
||||||
|
width: 1em; }
|
||||||
|
.svg-inline--fa.fa-w-17 {
|
||||||
|
width: 1.0625em; }
|
||||||
|
.svg-inline--fa.fa-w-18 {
|
||||||
|
width: 1.125em; }
|
||||||
|
.svg-inline--fa.fa-w-19 {
|
||||||
|
width: 1.1875em; }
|
||||||
|
.svg-inline--fa.fa-w-20 {
|
||||||
|
width: 1.25em; }
|
||||||
|
.svg-inline--fa.fa-pull-left {
|
||||||
|
margin-right: .3em;
|
||||||
|
width: auto; }
|
||||||
|
.svg-inline--fa.fa-pull-right {
|
||||||
|
margin-left: .3em;
|
||||||
|
width: auto; }
|
||||||
|
.svg-inline--fa.fa-border {
|
||||||
|
height: 1.5em; }
|
||||||
|
.svg-inline--fa.fa-li {
|
||||||
|
width: 2em; }
|
||||||
|
.svg-inline--fa.fa-fw {
|
||||||
|
width: 1.25em; }
|
||||||
|
|
||||||
|
.fa-layers svg.svg-inline--fa {
|
||||||
|
bottom: 0;
|
||||||
|
left: 0;
|
||||||
|
margin: auto;
|
||||||
|
position: absolute;
|
||||||
|
right: 0;
|
||||||
|
top: 0; }
|
||||||
|
|
||||||
|
.fa-layers {
|
||||||
|
display: inline-block;
|
||||||
|
height: 1em;
|
||||||
|
position: relative;
|
||||||
|
text-align: center;
|
||||||
|
vertical-align: -.125em;
|
||||||
|
width: 1em; }
|
||||||
|
.fa-layers svg.svg-inline--fa {
|
||||||
|
-webkit-transform-origin: center center;
|
||||||
|
transform-origin: center center; }
|
||||||
|
|
||||||
|
.fa-layers-text, .fa-layers-counter {
|
||||||
|
display: inline-block;
|
||||||
|
position: absolute;
|
||||||
|
text-align: center; }
|
||||||
|
|
||||||
|
.fa-layers-text {
|
||||||
|
left: 50%;
|
||||||
|
top: 50%;
|
||||||
|
-webkit-transform: translate(-50%, -50%);
|
||||||
|
transform: translate(-50%, -50%);
|
||||||
|
-webkit-transform-origin: center center;
|
||||||
|
transform-origin: center center; }
|
||||||
|
|
||||||
|
.fa-layers-counter {
|
||||||
|
background-color: #ff253a;
|
||||||
|
border-radius: 1em;
|
||||||
|
-webkit-box-sizing: border-box;
|
||||||
|
box-sizing: border-box;
|
||||||
|
color: #fff;
|
||||||
|
height: 1.5em;
|
||||||
|
line-height: 1;
|
||||||
|
max-width: 5em;
|
||||||
|
min-width: 1.5em;
|
||||||
|
overflow: hidden;
|
||||||
|
padding: .25em;
|
||||||
|
right: 0;
|
||||||
|
text-overflow: ellipsis;
|
||||||
|
top: 0;
|
||||||
|
-webkit-transform: scale(0.25);
|
||||||
|
transform: scale(0.25);
|
||||||
|
-webkit-transform-origin: top right;
|
||||||
|
transform-origin: top right; }
|
||||||
|
|
||||||
|
.fa-layers-bottom-right {
|
||||||
|
bottom: 0;
|
||||||
|
right: 0;
|
||||||
|
top: auto;
|
||||||
|
-webkit-transform: scale(0.25);
|
||||||
|
transform: scale(0.25);
|
||||||
|
-webkit-transform-origin: bottom right;
|
||||||
|
transform-origin: bottom right; }
|
||||||
|
|
||||||
|
.fa-layers-bottom-left {
|
||||||
|
bottom: 0;
|
||||||
|
left: 0;
|
||||||
|
right: auto;
|
||||||
|
top: auto;
|
||||||
|
-webkit-transform: scale(0.25);
|
||||||
|
transform: scale(0.25);
|
||||||
|
-webkit-transform-origin: bottom left;
|
||||||
|
transform-origin: bottom left; }
|
||||||
|
|
||||||
|
.fa-layers-top-right {
|
||||||
|
right: 0;
|
||||||
|
top: 0;
|
||||||
|
-webkit-transform: scale(0.25);
|
||||||
|
transform: scale(0.25);
|
||||||
|
-webkit-transform-origin: top right;
|
||||||
|
transform-origin: top right; }
|
||||||
|
|
||||||
|
.fa-layers-top-left {
|
||||||
|
left: 0;
|
||||||
|
right: auto;
|
||||||
|
top: 0;
|
||||||
|
-webkit-transform: scale(0.25);
|
||||||
|
transform: scale(0.25);
|
||||||
|
-webkit-transform-origin: top left;
|
||||||
|
transform-origin: top left; }
|
||||||
|
|
||||||
|
.fa-lg {
|
||||||
|
font-size: 1.33333em;
|
||||||
|
line-height: 0.75em;
|
||||||
|
vertical-align: -.0667em; }
|
||||||
|
|
||||||
|
.fa-xs {
|
||||||
|
font-size: .75em; }
|
||||||
|
|
||||||
|
.fa-sm {
|
||||||
|
font-size: .875em; }
|
||||||
|
|
||||||
|
.fa-1x {
|
||||||
|
font-size: 1em; }
|
||||||
|
|
||||||
|
.fa-2x {
|
||||||
|
font-size: 2em; }
|
||||||
|
|
||||||
|
.fa-3x {
|
||||||
|
font-size: 3em; }
|
||||||
|
|
||||||
|
.fa-4x {
|
||||||
|
font-size: 4em; }
|
||||||
|
|
||||||
|
.fa-5x {
|
||||||
|
font-size: 5em; }
|
||||||
|
|
||||||
|
.fa-6x {
|
||||||
|
font-size: 6em; }
|
||||||
|
|
||||||
|
.fa-7x {
|
||||||
|
font-size: 7em; }
|
||||||
|
|
||||||
|
.fa-8x {
|
||||||
|
font-size: 8em; }
|
||||||
|
|
||||||
|
.fa-9x {
|
||||||
|
font-size: 9em; }
|
||||||
|
|
||||||
|
.fa-10x {
|
||||||
|
font-size: 10em; }
|
||||||
|
|
||||||
|
.fa-fw {
|
||||||
|
text-align: center;
|
||||||
|
width: 1.25em; }
|
||||||
|
|
||||||
|
.fa-ul {
|
||||||
|
list-style-type: none;
|
||||||
|
margin-left: 2.5em;
|
||||||
|
padding-left: 0; }
|
||||||
|
.fa-ul > li {
|
||||||
|
position: relative; }
|
||||||
|
|
||||||
|
.fa-li {
|
||||||
|
left: -2em;
|
||||||
|
position: absolute;
|
||||||
|
text-align: center;
|
||||||
|
width: 2em;
|
||||||
|
line-height: inherit; }
|
||||||
|
|
||||||
|
.fa-border {
|
||||||
|
border: solid 0.08em #eee;
|
||||||
|
border-radius: .1em;
|
||||||
|
padding: .2em .25em .15em; }
|
||||||
|
|
||||||
|
.fa-pull-left {
|
||||||
|
float: left; }
|
||||||
|
|
||||||
|
.fa-pull-right {
|
||||||
|
float: right; }
|
||||||
|
|
||||||
|
.fa.fa-pull-left,
|
||||||
|
.fas.fa-pull-left,
|
||||||
|
.far.fa-pull-left,
|
||||||
|
.fal.fa-pull-left,
|
||||||
|
.fab.fa-pull-left {
|
||||||
|
margin-right: .3em; }
|
||||||
|
|
||||||
|
.fa.fa-pull-right,
|
||||||
|
.fas.fa-pull-right,
|
||||||
|
.far.fa-pull-right,
|
||||||
|
.fal.fa-pull-right,
|
||||||
|
.fab.fa-pull-right {
|
||||||
|
margin-left: .3em; }
|
||||||
|
|
||||||
|
.fa-spin {
|
||||||
|
-webkit-animation: fa-spin 2s infinite linear;
|
||||||
|
animation: fa-spin 2s infinite linear; }
|
||||||
|
|
||||||
|
.fa-pulse {
|
||||||
|
-webkit-animation: fa-spin 1s infinite steps(8);
|
||||||
|
animation: fa-spin 1s infinite steps(8); }
|
||||||
|
|
||||||
|
@-webkit-keyframes fa-spin {
|
||||||
|
0% {
|
||||||
|
-webkit-transform: rotate(0deg);
|
||||||
|
transform: rotate(0deg); }
|
||||||
|
100% {
|
||||||
|
-webkit-transform: rotate(360deg);
|
||||||
|
transform: rotate(360deg); } }
|
||||||
|
|
||||||
|
@keyframes fa-spin {
|
||||||
|
0% {
|
||||||
|
-webkit-transform: rotate(0deg);
|
||||||
|
transform: rotate(0deg); }
|
||||||
|
100% {
|
||||||
|
-webkit-transform: rotate(360deg);
|
||||||
|
transform: rotate(360deg); } }
|
||||||
|
|
||||||
|
.fa-rotate-90 {
|
||||||
|
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";
|
||||||
|
-webkit-transform: rotate(90deg);
|
||||||
|
transform: rotate(90deg); }
|
||||||
|
|
||||||
|
.fa-rotate-180 {
|
||||||
|
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";
|
||||||
|
-webkit-transform: rotate(180deg);
|
||||||
|
transform: rotate(180deg); }
|
||||||
|
|
||||||
|
.fa-rotate-270 {
|
||||||
|
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";
|
||||||
|
-webkit-transform: rotate(270deg);
|
||||||
|
transform: rotate(270deg); }
|
||||||
|
|
||||||
|
.fa-flip-horizontal {
|
||||||
|
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";
|
||||||
|
-webkit-transform: scale(-1, 1);
|
||||||
|
transform: scale(-1, 1); }
|
||||||
|
|
||||||
|
.fa-flip-vertical {
|
||||||
|
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";
|
||||||
|
-webkit-transform: scale(1, -1);
|
||||||
|
transform: scale(1, -1); }
|
||||||
|
|
||||||
|
.fa-flip-both, .fa-flip-horizontal.fa-flip-vertical {
|
||||||
|
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";
|
||||||
|
-webkit-transform: scale(-1, -1);
|
||||||
|
transform: scale(-1, -1); }
|
||||||
|
|
||||||
|
:root .fa-rotate-90,
|
||||||
|
:root .fa-rotate-180,
|
||||||
|
:root .fa-rotate-270,
|
||||||
|
:root .fa-flip-horizontal,
|
||||||
|
:root .fa-flip-vertical,
|
||||||
|
:root .fa-flip-both {
|
||||||
|
-webkit-filter: none;
|
||||||
|
filter: none; }
|
||||||
|
|
||||||
|
.fa-stack {
|
||||||
|
display: inline-block;
|
||||||
|
height: 2em;
|
||||||
|
position: relative;
|
||||||
|
width: 2.5em; }
|
||||||
|
|
||||||
|
.fa-stack-1x,
|
||||||
|
.fa-stack-2x {
|
||||||
|
bottom: 0;
|
||||||
|
left: 0;
|
||||||
|
margin: auto;
|
||||||
|
position: absolute;
|
||||||
|
right: 0;
|
||||||
|
top: 0; }
|
||||||
|
|
||||||
|
.svg-inline--fa.fa-stack-1x {
|
||||||
|
height: 1em;
|
||||||
|
width: 1.25em; }
|
||||||
|
|
||||||
|
.svg-inline--fa.fa-stack-2x {
|
||||||
|
height: 2em;
|
||||||
|
width: 2.5em; }
|
||||||
|
|
||||||
|
.fa-inverse {
|
||||||
|
color: #fff; }
|
||||||
|
|
||||||
|
.sr-only {
|
||||||
|
border: 0;
|
||||||
|
clip: rect(0, 0, 0, 0);
|
||||||
|
height: 1px;
|
||||||
|
margin: -1px;
|
||||||
|
overflow: hidden;
|
||||||
|
padding: 0;
|
||||||
|
position: absolute;
|
||||||
|
width: 1px; }
|
||||||
|
|
||||||
|
.sr-only-focusable:active, .sr-only-focusable:focus {
|
||||||
|
clip: auto;
|
||||||
|
height: auto;
|
||||||
|
margin: 0;
|
||||||
|
overflow: visible;
|
||||||
|
position: static;
|
||||||
|
width: auto; }
|
||||||
|
|
||||||
|
.svg-inline--fa .fa-primary {
|
||||||
|
fill: var(--fa-primary-color, currentColor);
|
||||||
|
opacity: 1;
|
||||||
|
opacity: var(--fa-primary-opacity, 1); }
|
||||||
|
|
||||||
|
.svg-inline--fa .fa-secondary {
|
||||||
|
fill: var(--fa-secondary-color, currentColor);
|
||||||
|
opacity: 0.4;
|
||||||
|
opacity: var(--fa-secondary-opacity, 0.4); }
|
||||||
|
|
||||||
|
.svg-inline--fa.fa-swap-opacity .fa-primary {
|
||||||
|
opacity: 0.4;
|
||||||
|
opacity: var(--fa-secondary-opacity, 0.4); }
|
||||||
|
|
||||||
|
.svg-inline--fa.fa-swap-opacity .fa-secondary {
|
||||||
|
opacity: 1;
|
||||||
|
opacity: var(--fa-primary-opacity, 1); }
|
||||||
|
|
||||||
|
.svg-inline--fa mask .fa-primary,
|
||||||
|
.svg-inline--fa mask .fa-secondary {
|
||||||
|
fill: black; }
|
||||||
|
|
||||||
|
.fad.fa-inverse {
|
||||||
|
color: #fff; }
|
After Width: | Height: | Size: 62 KiB |
After Width: | Height: | Size: 83 KiB |
After Width: | Height: | Size: 108 KiB |
After Width: | Height: | Size: 116 KiB |
After Width: | Height: | Size: 13 KiB |
After Width: | Height: | Size: 237 KiB |
After Width: | Height: | Size: 162 KiB |
After Width: | Height: | Size: 62 KiB |
After Width: | Height: | Size: 72 KiB |
After Width: | Height: | Size: 137 KiB |
After Width: | Height: | Size: 202 KiB |
After Width: | Height: | Size: 120 KiB |
After Width: | Height: | Size: 112 KiB |
After Width: | Height: | Size: 88 KiB |
After Width: | Height: | Size: 229 KiB |
After Width: | Height: | Size: 222 KiB |
After Width: | Height: | Size: 129 KiB |
After Width: | Height: | Size: 127 KiB |
After Width: | Height: | Size: 5.2 KiB |
After Width: | Height: | Size: 57 KiB |
|
@ -0,0 +1 @@
|
||||||
|
<svg width="2065" height="2500" viewBox="0 0 256 310" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid"><path d="M42.754 244.495l-29.918 6.826V57.565l29.918 6.839v180.091" fill="#F68536"/><path d="M80.082 255.931l-37.328 10.608V42.612l37.328 10.595v202.724M127.966 267.681l-47.884 17.524V23.946l47.884 17.516v226.219M256 245.079l-128.034 64.017V0L256 64.017v181.062" fill="#F68536"/><path d="M102.444 12.763L127.966 0v309.096l-25.522-12.759V12.763M60.325 33.82l19.757-9.878v261.212l-19.757-9.878V33.82M27.016 50.477l15.738-7.869v223.88l-15.738-7.874V50.477M12.836 57.565L0 63.983v181.134l12.836 6.414V57.565" fill="#9D5025"/></svg>
|
After Width: | Height: | Size: 647 B |
After Width: | Height: | Size: 51 KiB |
After Width: | Height: | Size: 44 KiB |
After Width: | Height: | Size: 31 KiB |
After Width: | Height: | Size: 70 KiB |
After Width: | Height: | Size: 20 KiB |
After Width: | Height: | Size: 105 KiB |
After Width: | Height: | Size: 172 KiB |
After Width: | Height: | Size: 149 KiB |
After Width: | Height: | Size: 163 KiB |
After Width: | Height: | Size: 135 KiB |