Started T1504 implementation

Add to `attack_schema.py`, `attack_report.py`
Add report `T1504.js`
This commit is contained in:
Shreya 2020-06-13 21:09:19 +05:30
parent e2d35ca267
commit dfa34e602f
3 changed files with 75 additions and 2 deletions

View File

@ -4,7 +4,7 @@ from monkey_island.cc.models import Monkey
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082 from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082
from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188 from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188
from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064 from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064
from monkey_island.cc.services.attack.technique_reports import T1136, T1156 from monkey_island.cc.services.attack.technique_reports import T1136, T1156, T1504
from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.services.attack.attack_config import AttackConfig
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report
@ -38,7 +38,8 @@ TECHNIQUES = {'T1210': T1210.T1210,
'T1021': T1021.T1021, 'T1021': T1021.T1021,
'T1064': T1064.T1064, 'T1064': T1064.T1064,
'T1136': T1136.T1136, 'T1136': T1136.T1136,
'T1156': T1156.T1156 'T1156': T1156.T1156,
'T1504': T1504.T1504
} }
REPORT_NAME = 'new_report' REPORT_NAME = 'new_report'

View File

@ -89,6 +89,33 @@ SCHEMA = {
"link": "https://attack.mitre.org/techniques/T1136", "link": "https://attack.mitre.org/techniques/T1136",
"description": "Adversaries with a sufficient level of access " "description": "Adversaries with a sufficient level of access "
"may create a local system, domain, or cloud tenant account." "may create a local system, domain, or cloud tenant account."
},
"T1504": {
"title": "PowerShell profile",
"type": "bool",
"value": True,
"necessary": False,
"link": "https://attack.mitre.org/techniques/T1504",
"description": "Adversaries may gain persistence and elevate privileges "
"in certain situations by abusing PowerShell profiles which "
"are scripts that run when PowerShell starts."
}
}
},
"privilege_escalation": {
"title": "Privilege escalation",
"type": "object",
"link": "https://attack.mitre.org/tactics/TA0004/",
"properties": {
"T1504": {
"title": "PowerShell profile",
"type": "bool",
"value": True,
"necessary": False,
"link": "https://attack.mitre.org/techniques/T1504",
"description": "Adversaries may gain persistence and elevate privileges "
"in certain situations by abusing PowerShell profiles which "
"are scripts that run when PowerShell starts."
} }
} }
}, },

View File

@ -0,0 +1,45 @@
import React from 'react';
import ReactTable from 'react-table';
import {renderMachineFromSystemData, ScanStatus} from './Helpers';
import MitigationsComponent from './MitigationsComponent';
class T1504 extends React.Component {
constructor(props) {
super(props);
}
static getColumns() {
return ([{
columns: [
{ Header: 'Machine',
id: 'machine',
accessor: x => renderMachineFromSystemData(x.machine),
style: {'whiteSpace': 'unset'}},
{ Header: 'Result',
id: 'result',
accessor: x => x.result,
style: {'whiteSpace': 'unset'}}
]
}])
}
render() {
return (
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === ScanStatus.USED ?
<ReactTable
columns={T1504.getColumns()}
data={this.props.data.info}
showPagination={false}
defaultPageSize={this.props.data.info.length}
/> : ''}
<MitigationsComponent mitigations={this.props.data.mitigations}/>
</div>
);
}
}
export default T1504;