From ef053ea017271e0d7819029768b3afa1bf3f157a Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Mon, 26 Sep 2022 15:11:32 +0000 Subject: [PATCH 1/2] Docs: Update network scanning documentation --- docs/content/usage/configuration/basic-network.md | 4 +++- .../content/usage/scenarios/custom-scenario/network-breach.md | 2 +- .../usage/scenarios/custom-scenario/network-segmentation.md | 2 +- docs/content/usage/scenarios/custom-scenario/zero-trust.md | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/content/usage/configuration/basic-network.md b/docs/content/usage/configuration/basic-network.md index fa6c6004d..f5c6f93ce 100644 --- a/docs/content/usage/configuration/basic-network.md +++ b/docs/content/usage/configuration/basic-network.md @@ -8,5 +8,7 @@ description: "Configure settings related to the Monkey's network activity." Here you can control multiple important settings, such as: * Network propagation depth - How many hops from the base machine will the Infection Monkey spread? -* Local network scan - Should the Infection Monkey attempt to attack any machine in its subnet? +* Scan Agent's networks - Should the Infection Monkey attempt to attack any machine in its subnet? + + _Be careful when using this option. If a machine is connected to a public network, then the agent will scan the public network!_ * Scanner IP/subnet list - Which specific IP ranges should the Infection Monkey should try to attack? diff --git a/docs/content/usage/scenarios/custom-scenario/network-breach.md b/docs/content/usage/scenarios/custom-scenario/network-breach.md index 4d0a6a814..ddb23ed60 100644 --- a/docs/content/usage/scenarios/custom-scenario/network-breach.md +++ b/docs/content/usage/scenarios/custom-scenario/network-breach.md @@ -18,7 +18,7 @@ Infection Monkey will help you assess the impact of a future breach by attemptin - **Exploits -> Exploits** Here you can review the exploits the Infection Monkey will be using. By default all safe exploiters are selected. - **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times. -- **Network -> Scope** Make sure to properly configure the scope of the scan. You can select **Local network scan** +- **Network -> Scope** Make sure to properly configure the scope of the scan. You can select **Scan Agent's networks** and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached, or you can fine tune it by providing specific network ranges in **Scan target list**. Scanning a local network is more realistic, but providing specific targets will make the scanning process substantially faster. diff --git a/docs/content/usage/scenarios/custom-scenario/network-segmentation.md b/docs/content/usage/scenarios/custom-scenario/network-segmentation.md index 2f9522d50..836f640c4 100644 --- a/docs/content/usage/scenarios/custom-scenario/network-segmentation.md +++ b/docs/content/usage/scenarios/custom-scenario/network-segmentation.md @@ -20,7 +20,7 @@ You can use the Infection Monkey's cross-segment traffic feature to verify that - **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define subnets that should be segregated from each other. If any of the provided networks can reach each other, you'll see it in the security report. -- **(Optional) Network -> Scope** You can disable **Local network scan** and leave all other options at the default setting if you only want to test for network segmentation without any lateral movement. +- **(Optional) Network -> Scope** You can disable **Scan Agent's networks** and leave all other options at the default setting if you only want to test for network segmentation without any lateral movement. - **(Optional) Monkey -> Post-Breach Actions** If you only want to test segmentation in the network, you can turn off all post-breach actions. These actions simulate an attacker's behavior after getting access to a new system, so they might trigger your defense solutions and interrupt the segmentation test. ## Suggested run mode diff --git a/docs/content/usage/scenarios/custom-scenario/zero-trust.md b/docs/content/usage/scenarios/custom-scenario/zero-trust.md index 07884e3c8..a77f30c0c 100644 --- a/docs/content/usage/scenarios/custom-scenario/zero-trust.md +++ b/docs/content/usage/scenarios/custom-scenario/zero-trust.md @@ -14,7 +14,7 @@ Want to assess your progress in achieving a Zero Trust network? The Infection Mo ## Configuration - **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times. -- **Network -> Scope** Disable “Local network scan” and instead provide specific network ranges in the “Scan target list.” +- **Network -> Scope** Disable “Scan Agent's networks” and instead provide specific network ranges in the “Scan target list.” - **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define subnets that should be segregated from each other. From e63409d1ad3076b0cab65bc42318b3457a3d70b4 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Tue, 27 Sep 2022 14:37:25 +0000 Subject: [PATCH 2/2] Docs: Update paths for custom-scenario --- .../custom-scenario/credential-leak.md | 4 ++-- .../custom-scenario/network-breach.md | 11 ++++------- .../custom-scenario/network-segmentation.md | 5 ++--- .../usage/scenarios/custom-scenario/other.md | 19 ++++--------------- .../scenarios/custom-scenario/zero-trust.md | 6 +++--- 5 files changed, 15 insertions(+), 30 deletions(-) diff --git a/docs/content/usage/scenarios/custom-scenario/credential-leak.md b/docs/content/usage/scenarios/custom-scenario/credential-leak.md index c5aeced50..1e4a8f931 100644 --- a/docs/content/usage/scenarios/custom-scenario/credential-leak.md +++ b/docs/content/usage/scenarios/custom-scenario/credential-leak.md @@ -16,9 +16,9 @@ where bad actors can reuse these credentials in your network. ## Configuration -- **Exploits -> Credentials** After setting up the Monkey Island, add your users' **real** credentials +- **Propagation -> Credentials** After setting up the Monkey Island, add your users' **real** credentials (usernames and passwords) here. Don't worry; this sensitive data is not accessible, distributed or used in any way other than being sent to the Infection Monkey agents. You can easily eliminate it by resetting the configuration of your Monkey Island. -- **Internal -> Exploits -> SSH keypair list** When enabled, the Infection Monkey automatically gathers SSH keys on the current system. +- **Propagation -> Credentials -> SSH key pairs list** When enabled, the Infection Monkey automatically gathers SSH keys on the current system. For this to work, the Monkey Island or initial agent needs to access SSH key files. To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Infection Monkey (content of keys will not be displayed, it will appear as ``). diff --git a/docs/content/usage/scenarios/custom-scenario/network-breach.md b/docs/content/usage/scenarios/custom-scenario/network-breach.md index ddb23ed60..9300fc450 100644 --- a/docs/content/usage/scenarios/custom-scenario/network-breach.md +++ b/docs/content/usage/scenarios/custom-scenario/network-breach.md @@ -15,17 +15,14 @@ Infection Monkey will help you assess the impact of a future breach by attemptin ## Configuration -- **Exploits -> Exploits** Here you can review the exploits the Infection Monkey will be using. By default all +- **Propagation -> Exploiters** Here you can review the exploits the Infection Monkey will be using. By default all safe exploiters are selected. -- **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times. -- **Network -> Scope** Make sure to properly configure the scope of the scan. You can select **Scan Agent's networks** +- **Propagation -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times. +- **Propagation -> Network analysis -> Network** Make sure to properly configure the scope of the scan. You can select **Scan Agent's networks** and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached, or you can fine tune it by providing specific network ranges in **Scan target list**. Scanning a local network is more realistic, but providing specific targets will make the scanning process substantially faster. -- **(Optional) Internal -> Network -> TCP scanner** Here you can add custom ports your organization is using. -- **(Optional) Monkey -> Post-Breach Actions** If you only want to test propagation in the network, you can turn off -all post-breach actions. These actions simulate an attacker's behavior after getting access to a new system but in no - way helps the Infection Monkey exploit new machines. +- **(Optional) Propagation -> Network Analysis -> TCP scanner** Here you can add custom ports your organization is using. ![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector") diff --git a/docs/content/usage/scenarios/custom-scenario/network-segmentation.md b/docs/content/usage/scenarios/custom-scenario/network-segmentation.md index 836f640c4..a4d83ff7c 100644 --- a/docs/content/usage/scenarios/custom-scenario/network-segmentation.md +++ b/docs/content/usage/scenarios/custom-scenario/network-segmentation.md @@ -17,11 +17,10 @@ You can use the Infection Monkey's cross-segment traffic feature to verify that ## Configuration -- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define +- **Propagation -> Network analysis -> Network segmentation testing** This configuration setting allows you to define subnets that should be segregated from each other. If any of the provided networks can reach each other, you'll see it in the security report. -- **(Optional) Network -> Scope** You can disable **Scan Agent's networks** and leave all other options at the default setting if you only want to test for network segmentation without any lateral movement. -- **(Optional) Monkey -> Post-Breach Actions** If you only want to test segmentation in the network, you can turn off all post-breach actions. These actions simulate an attacker's behavior after getting access to a new system, so they might trigger your defense solutions and interrupt the segmentation test. +- **(Optional) Propagation -> Network analysis -> Network** You can disable **Scan Agent's networks** and leave all other options at the default setting if you only want to test for network segmentation without any lateral movement. ## Suggested run mode diff --git a/docs/content/usage/scenarios/custom-scenario/other.md b/docs/content/usage/scenarios/custom-scenario/other.md index dc35cf5c8..a6a57bdae 100644 --- a/docs/content/usage/scenarios/custom-scenario/other.md +++ b/docs/content/usage/scenarios/custom-scenario/other.md @@ -9,37 +9,26 @@ weight: 100 ## Overview This page provides additional information about configuring the Infection Monkey, tips and tricks and creative usage scenarios. -## Custom behavior - -If you want the Infection Monkey to run a specific script or tool after it breaches a machine, you can configure it in -**Configuration -> Monkey -> Post-breach**. Input commands you want to execute in the corresponding fields. -You can also upload files and call them through the commands you entered. - ## Accelerate the test To improve scanning speed you could **specify a subnet instead of scanning all of the local network**. The following configuration values also have an impact on scanning speed: -- **Credentials** - The more usernames and passwords you input, the longer it will take the Infection Monkey to scan machines that have +- **Propagation -> Credentials** - The more usernames and passwords you input, the longer it will take the Infection Monkey to scan machines that have remote access services. The Infection Monkey agents try to stay elusive and leave a low impact, and thus brute-forcing takes longer than with loud conventional tools. -- **Network scope** - Scanning large networks with a lot of propagations can become unwieldy. Instead, try to scan your +- **Propagation -> Network analysis -> Network** - Scanning large networks with a lot of propagations can become unwieldy. Instead, try to scan your networks bit by bit with multiple runs. -- **Post-breach actions** - If you only care about propagation, you can disable most of these. -- **Internal -> TCP scanner** - Here you can trim down the list of ports the Infection Monkey tries to scan, improving performance. +- **Propagation -> Network analysis -> TCP scanner** - Here you can trim down the list of ports the Infection Monkey tries to scan, improving performance. ## Combining different scenarios The Infection Monkey is not limited to the scenarios mentioned in this section. Once you get the hang of configuring it, you might come up with your own use case or test all of the suggested scenarios at the same time! Whatever you do, the Infection Monkey's Security, ATT&CK and Zero Trust reports will be waiting for you with your results! -## Persistent scanning - -Use **Monkey -> Persistent** scanning configuration section to either run periodic scans or increase the reliability of exploitations by running consecutive scans with the Infection Monkey. - ## Credentials Every network has its old "skeleton keys" that it should have long discarded. Configuring the Infection Monkey with old and stale passwords will enable you to ensure they were really discarded. -To add the old passwords, go to the Monkey Island's **Exploit password list** under **Basic - Credentials** and use the "+" button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration: +To add the old passwords, go to the Monkey Island's **Exploit password list** under **Propagation -> Credentials** and use the "+" button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration: ![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists") diff --git a/docs/content/usage/scenarios/custom-scenario/zero-trust.md b/docs/content/usage/scenarios/custom-scenario/zero-trust.md index a77f30c0c..33ca5f283 100644 --- a/docs/content/usage/scenarios/custom-scenario/zero-trust.md +++ b/docs/content/usage/scenarios/custom-scenario/zero-trust.md @@ -13,9 +13,9 @@ Want to assess your progress in achieving a Zero Trust network? The Infection Mo ## Configuration -- **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times. -- **Network -> Scope** Disable “Scan Agent's networks” and instead provide specific network ranges in the “Scan target list.” -- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define +- **Propagation -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times. +- **Propagation -> Network analysis -> Network** Disable “Scan Agent's networks” and instead provide specific network ranges in the “Scan target list.” +- **Propagation -> Network analysis -> Network segmentation testing** This configuration setting allows you to define subnets that should be segregated from each other. In general, other configuration value defaults should be good enough, but feel free to see the “Other” section for tips and tricks about more features and in-depth configuration parameters you can use.