Merge branch 'release/1.11.0' into develop

This commit is contained in:
Mike Salvatore 2021-08-13 08:23:04 -04:00
commit 819de3905a
26 changed files with 138 additions and 145 deletions

View File

@ -1,11 +1,12 @@
# Changelog
All notable changes to this project will be documented in this file.
All notable changes to this project will be documented in this
file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/).
## [Unreleased]
## [1.11.0] - 2021-08-XX
### Added
- PostgreSQL fingerprinter. #892
- A runtime-configurable option to specify a data directory where runtime
configuration and other artifacts can be stored. #994
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
@ -13,53 +14,58 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- A ransomware simulation payload. #1238
- The capability for a user to specify their own SSL certificate. #1208
- API endpoint for ransomware report. #1297
- Add ransomware report. #1240
- A ransomware report. #1240
- A script to build a docker image locally. #1140
### Changed
- server_config.json can be selected at runtime. #963
- Logger configuration can be selected at runtime. #971
- `mongo_key.bin` file location can be selected at runtime. #994
- Monkey agents are stored in the configurable data_dir when monkey is "run
from the island". #997
- Reformated all code using black. #1070
- Sorted all imports usind isort. #1081
- Addressed all flake8 issues. #1071
- Select server_config.json at runtime. #963
- Select Logger configuration at runtime. #971
- Select `mongo_key.bin` file location at runtime. #994
- Store Monkey agents in the configurable data_dir when monkey is "run from the
island". #997
- Reformat all code using black. #1070
- Sort all imports using isort. #1081
- Address all flake8 issues. #1071
- Use pipenv for python dependency management. #1091
- Moved unit tests to a dedicated `tests/` directory to improve pytest
collection time. #1102
- Default BB test suite behavior: if `--run-performance-tests` flag is not
specified, performance tests are skipped.
- Zerologon exploiter writes runtime artifacts to a secure temporary directory
- Move unit tests to a dedicated `tests/` directory to improve pytest collection
time. #1102
- Skip BB performance tests by default. Run them if `--run-performance-tests`
flag is specified.
- Write Zerologon exploiter's runtime artifacts to a secure temporary directory
instead of $HOME. #1143
- Authentication mechanism to use bcrypt on server side. #1139
- `server_config.json` puts environment config options in a separate section
named "environment". #1161
- BlackBox tests can now register if they are ran on a fresh installation. #1180
- Put environment config options in `server_config.json` into a separate
section named "environment". #1161
- Automatically register if BlackBox tests are run on a fresh installation.
#1180
- Limit the ports used for scanning in blackbox tests. #1368
- Limit the propagation depth of most blackbox tests. #1400
- Blackbox tests wait less time for monkeys to die. #1400
- Improved the structure of unit tests by scoping fixtures only to relevant modules
instead of having a one huge fixture file, improved and renamed the directory
structure of unit tests and unit test infrastructure. #1178
- MongoDb now gets launched by the Island via python. #1148
- Create/check data directory on Island init. #1170
- The formatting of some log messages to make them more readable. #1283
- Some unit tests to run faster. #1125
- Wait less time for monkeys to die when running BlackBox tests. #1400
- Improve the structure of unit tests by scoping fixtures only to relevant
modules instead of having a one huge fixture file. #1178
- Improve and rename the directory structure of unit tests and unit test
infrastructure. #1178
- Launch MongoDB when the Island starts via python. #1148
- Create/check data directory on Island initialization. #1170
- Format some log messages to make them more readable. #1283
- Improve runtime of some unit tests. #1125
- Run curl OR wget (not both) when attempting to communicate as a new user on
Linux. #1407
### Removed
- Relevant dead code as reported by Vulture. #1149
- Island logger config and --logger-config CLI option. #1151
### Fixed
- Attempted to delete a directory when monkey config reset was called. #1054
- Attempt to delete a directory when monkey config reset was called. #1054
- An errant space in the windows commands to run monkey manually. #1153
- gevent tracebacks in console output. #859
- Gevent tracebacks in console output. #859
- Crash and failure to run PBAs if max depth reached. #1374
### Security
- Address minor issues discovered by Dlint. #1075
- Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174
- Hash passwords on server-side instead of client side. #1139
- Generate random passwords when creating a new user (create user PBA, ms08_67
exploit). #1174
- Implemented configuration encryption/decryption. #1189, #1204
- Create local custom PBA directory with secure permissions. #1270
- Create encryption key file for MongoDB with secure permissions. #1232

View File

@ -2,6 +2,7 @@
title: "MITRE ATT&CK report"
description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base"
date: 2020-06-24T21:17:18+03:00
weight: 3
draft: false
---

View File

@ -0,0 +1,49 @@
---
title: "Ransomware report"
date: 2021-08-05T13:23:10+03:00
weight: 4
draft: false
description: "Provides information about ransomware simulation on your network"
---
{{% notice info %}}
Check out [the Infection Monkey's ransomware simulation documentation]({{< ref
"/usage/scenarios/ransomware-simulation" >}}) and [the documentation for other
available reports]({{< ref "/reports" >}}).
{{% /notice %}}
The Infection Monkey can be configured to [simulate a ransomware
attack](/usage/scenarios/ransomware-simulation) on your network. After running,
it generates a **Ransomware Report** that provides you with insight into how
ransomware might behave within your environment.
The report is split into three sections:
- [Breach](#breach)
- [Lateral Movement](#lateral-movement)
- [Attack](#attack)
## Breach
The breach section shows when and where the ransomware infection began.
![Breach](/images/usage/reports/ransomware_report_1_breach.png "Breach")
## Lateral movement
The lateral movement section provides information about how the simulated
ransomware was able to propagate through your network.
![Lateral
Movement](/images/usage/reports/ransomware_report_2_lateral_movement.png
"Lateral Movement")
## Attack
The attack section shows the details of what the simulated ransomware
successfully encrypted, including a list of specific files.
![Attack](/images/usage/reports/ransomware_report_3_attack.png "Attack")

View File

@ -1,6 +1,7 @@
---
title: "Security report"
date: 2020-06-24T21:16:10+03:00
weight: 1
draft: false
description: "Provides actionable recommendations and insight into an attacker's view of your network"
---

View File

@ -1,6 +1,7 @@
---
title: "Zero Trust report"
date: 2020-06-24T21:16:18+03:00
weight: 2
draft: false
description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them"
---

View File

@ -29,7 +29,7 @@ The Infection Monkey Docker container works on Linux only. It is not compatible
1. Load the Monkey Island Docker image:
```bash
sudo docker load -i dk.monkeyisland.1.10.0.tar
sudo docker load -i dk.monkeyisland.VERSION.tar
```
### 2. Start MongoDB
@ -58,7 +58,7 @@ been signed by a private certificate authority.
sudo docker run \
--name monkey-island \
--network=host \
guardicore/monkey-island:1.10.0
guardicore/monkey-island:VERSION
```
### 3b. Start Monkey Island with user-provided certificate
@ -81,7 +81,7 @@ been signed by a private certificate authority.
--network=host \
--user "$(id -u ${USER}):$(id -g ${USER})" \
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
guardicore/monkey-island:1.10.0 --setup-only
guardicore/monkey-island:VERSION --setup-only
```
1. Move your `.crt` and `.key` files to `./monkey_island_data`.
@ -122,7 +122,7 @@ been signed by a private certificate authority.
--network=host \
--user "$(id -u ${USER}):$(id -g ${USER})" \
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
guardicore/monkey-island:1.10.0
guardicore/monkey-island:VERSION
```
### 4. Accessing Monkey Island
@ -152,7 +152,7 @@ to store data in the `monkey-mongo` container.
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte
```
Starting a new container from the `guardicore/monkey-island:1.10.0` image
Starting a new container from the `guardicore/monkey-island:VERSION` image
generates a new secret key for storing sensitive information in MongoDB. If you
have an old database instance running (from a previous instance of Infection
Monkey), the data stored in the `monkey-mongo` container has been encrypted

View File

@ -18,10 +18,10 @@ installed, but the ones that we've tested are:
- Kali 2021.2
- Parrot 4.11
- Rocky 8
- Suse Leap 15.3
- Ubuntu 18.04
- Ubuntu 20.04
- Ubuntu 21.04
- openSUSE Leap 15.3
- Ubuntu Bionic 18.04
- Ubuntu Focal 20.04
- Ubuntu Hirsute 21.04
## Deployment

View File

@ -1,75 +0,0 @@
---
title: "VMware"
date: 2020-05-26T20:57:14+03:00
draft: false
pre: '<i class="fas fa-laptop-code"></i> '
weight: 3
tags: ["setup", "vmware"]
---
## Deployment
1. Deploy the Infection Monkey OVA by choosing **Deploy OVF Template** and
following the wizard instructions. *Note: make sure ports 5000 and 5001 on
the machine are accessible for inbound TCP traffic.*
1. Turn on the Infection Monkey VM.
1. Log in to the machine with the following credentials:
1. Username: **monkeyuser**
1. Password: **Noon.Earth.Always**
1. For security purposes, it's recommended that you change the machine
passwords by running the following commands: `sudo passwd monkeyuser`, `sudo
passwd root`.
## OVA network modes
You can use the OVA in one of two modes:
1. In a network with the DHCP configured — In this case, the Monkey Island will
automatically query and receive an IP address from the network.
1. With a static IP address — In this case, you should log in to the VM console
with the username `monkeyuser` and the password `Noon.Earth.Always`. After logging
in, edit the Netplan configuration by entering the following command in the
prompt:
```sh
sudo nano /etc/netplan/00-installer-config.yaml
```
Make the following changes:
```diff
# This is the network config written by 'subiquity'
network:
ethernets:
ens160:
- dhcp4: true
+ dhcp4: false
+ addresses: [XXX.XXX.XXX.XXX/24]
+ gateway4: YYY.YYY.YYY.YYY
+ nameservers:
+ addresses: [1.1.1.1]
version: 2
```
Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace
`YYY.YYY.YYY.YYY` with the default gateway.
Save the changes then run the command:
```sh
sudo netplan apply
```
If this configuration does not suit your needs, see
https://netplan.io/examples/ for more information about how to configure
Netplan.
## Upgrading
Currently, there's no "upgrade-in-place" option when a new version is released.
To get an updated version, download the updated OVA file.
If you'd like to keep your existing configuration, you can export it to a file
using the *Export config* button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

View File

@ -20,7 +20,7 @@ After running the installer, the following prompt should appear on the screen:
1. Follow the steps to complete the installation.
1. Run the Monkey Island by clicking on the desktop shortcut.
### Start Monkey Island with user-provided certificcate
### Start Monkey Island with user-provided certificate
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
enterprise or other security-sensitive environments, it is recommended that the

View File

@ -35,6 +35,19 @@ $ sha256sum monkey-linux-64
## Latest version checksums
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.11.0 | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` |
| monkey-windows-32.exe | Windows Agent | 1.11.0 | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` |
| monkey-linux-64 | Linux Agent | 1.11.0 | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` |
| monkey-linux-32 | Linux Agent | 1.11.0 | `88d6d717f99047ae6f8ff9527b41ff004217c99b1b027f112d062dd9e66d11ab` |
| Infection_Monkey-1.11.0-x86_64.AppImage | Linux Package | 1.11.0 | `6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2` |
| infection_monkey_docker_20210811_211212.tgz | Docker | 1.11.0 | `40f203387cadd153f97c6a21dfdddacd4d4eeea334a9300d862bfb4ba528e2e6` |
| Monkey Island v1.11.0_3789.exe | Windows Installer | 1.11.0 | `20633c1993ea5f86b57b3a48d6875e8f72881f856f4713d747f07a559da05ccc` |
## Older checksums
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
@ -49,12 +62,6 @@ $ sha256sum monkey-linux-64
| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
## Older checksums
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |

View File

@ -74,10 +74,10 @@
</a>
</div>
<div class="col-lg-3 col-sm-6 mb-3">
<a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block">
<a href="usage/scenarios" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Use Cases</h4>
<p class="mb-0">Learn about use cases of the Infection Monkey.</p>
<h4 class="mb-3 mt-0">Scenarios</h4>
<p class="mb-0">Learn about scenarios of the Infection Monkey.</p>
</a>
</div>
<div class="col-lg-3 col-sm-6 mb-3">

Binary file not shown.

After

Width:  |  Height:  |  Size: 135 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 138 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 257 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 310 KiB

After

Width:  |  Height:  |  Size: 278 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 296 KiB

After

Width:  |  Height:  |  Size: 283 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 136 KiB

After

Width:  |  Height:  |  Size: 140 KiB

View File

@ -1 +1 @@
dev
release

View File

@ -4,7 +4,7 @@ import argparse
from pathlib import Path
MAJOR = "1"
MINOR = "10"
MINOR = "11"
PATCH = "0"
build_file_path = Path(__file__).parent.joinpath("BUILD")
with open(build_file_path, "r") as build_file:

View File

@ -1,5 +1,6 @@
import logging
import random
import shutil
import string
import subprocess
@ -64,11 +65,13 @@ class CommunicateAsNewUser(PBA):
'Invoke-WebRequest {url} -UseBasicParsing"'
)
else:
# true || false -> 0. false || true -> 0. false || false -> 1. So:
# if curl works, we're good.
# If curl doesn't exist or fails and wget work, we're good.
# And if both don't exist: we'll call it a win.
format_string = "curl {url} || wget -O/dev/null -q {url}"
if shutil.which("curl") is not None:
format_string = "curl {url}"
else:
format_string = "wget -O/dev/null -q {url}"
return format_string.format(url=url)
def send_result_telemetry(self, exit_status, commandline, username):

View File

@ -2,7 +2,7 @@ import os
from infection_monkey.control import ControlClient
TEMP_COMSPEC = os.path.join(os.getcwd(), "random_executable.exe")
TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe")
def get_windows_commands_to_proxy_execution_using_signed_script():

View File

@ -16,5 +16,5 @@ class T1216PBAFileDownload(flask_restful.Resource):
executable_file_name = "T1216_random_executable.exe"
return send_from_directory(
directory=os.path.join(MONKEY_ISLAND_ABS_PATH, "cc", "resources", "pba"),
filename=executable_file_name,
path=executable_file_name,
)

View File

@ -18,7 +18,7 @@ def setup_data_dir(island_args: IslandCmdArgs) -> Tuple[IslandConfigOptions, str
def _setup_config_by_cmd_arg(server_config_path) -> Tuple[IslandConfigOptions, str]:
server_config_path = expand_path(server_config_path)
config = server_config_handler.load_server_config_from_file(server_config_path)
create_secure_directory(config.data_dir)
create_secure_directory(str(config.data_dir))
return config, server_config_path
@ -26,7 +26,7 @@ def _setup_default_config() -> Tuple[IslandConfigOptions, str]:
default_config = server_config_handler.load_server_config_from_file(DEFAULT_SERVER_CONFIG_PATH)
default_data_dir = default_config.data_dir
create_secure_directory(default_data_dir)
create_secure_directory(str(default_data_dir))
server_config_path = server_config_handler.create_default_server_config_file(default_data_dir)
config = server_config_handler.load_server_config_from_file(server_config_path)

View File

@ -1,6 +1,6 @@
{
"name": "infection-monkey",
"version": "1.10.0",
"version": "1.11.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {

View File

@ -1,6 +1,6 @@
{
"private": true,
"version": "1.10.0",
"version": "1.11.0",
"name": "infection-monkey",
"description": "Infection Monkey C&C UI",
"scripts": {

View File

@ -10,7 +10,7 @@ const LATERAL_MOVEMENT_DESCRIPTION = 'After the initial breach, the attacker wil
<br /> \
<br /> \
<a \
href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/" \
href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/?utm_medium=monkey-request&utm_source=web-report&utm_campaign=monkey-security-report" \
target="_blank" \
> \
See some real-world examples on Guardicore\'s blog. \