p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
7,335 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

7335 Commits

Author SHA1 Message Date
Mike Salvatore 32d618ac92 Agent: Modify IPuppet interface to take VictimHost instead of object 2022-02-23 09:26:04 -05:00
Mike Salvatore b17c85cd01 Agent: Extract network_scanning package from network package 
This resolves some circular dependencies between Tunnel, IPuppet, and
VictimHost.
 2022-02-23 09:23:42 -05:00
Mike Salvatore 62f1861193 Agent: Remove disused NetworkScanner 2022-02-23 09:23:36 -05:00
Mike Salvatore 7d0e177e7a
Merge pull request #1727 from guardicore/1605-modify-ssh-exploit 
Modify SSH exploit
 2022-02-23 09:16:11 -05:00
Mike Salvatore 0f0edc3439 Agent: Log error messages at error level in SSHExploiter 2022-02-23 09:08:28 -05:00
Mike Salvatore 8e953359f8 Common: Use Enum.auto() for CredentialComponentType values 2022-02-23 08:44:41 -05:00
Mike Salvatore 7c9c4cf9fb Island: Compare Enums instead of strings in parse_credentials() 2022-02-23 08:44:02 -05:00
Mike Salvatore dc4273f970 Agent: Use Enum for credential_type instead of string (Enum.value) 2022-02-23 08:15:27 -05:00
Shreya Malviya e993998432 Agent: Make ExploiterResultData a dataclass instead of a named tuple 
and modify HostExploiter and the SSH exploiter accordingly
 2022-02-23 18:28:32 +05:30
Mike Salvatore 1e12a55240 UT: Use time.per_counter_ns() in test_request_cache() 
The time.time() function on windows does not provide adequate resolution
for test_request_cache(). For comparison, the time.get_clock_info()
function shows the resolution of the clock.

Linux:
    >>> import time
    >>> time.get_clock_info("time")
    namespace(
        adjustable=True,
        implementation='clock_gettime(CLOCK_REALTIME)',
        monotonic=False,
        resolution=1e-09
    )
    >>> time.get_clock_info("perf_counter")
    namespace(
        adjustable=False,
        implementation='clock_gettime(CLOCK_MONOTONIC)',
        monotonic=True,
        resolution=1e-09
    )

Windows:
    >>> time.get_clock_info("time")
    namespace(
        adjustable=True,
        implementation='GetSystemTimeAsFileTime()',
        monotonic=False,
        resolution=0.015625
    )
    >>> time.get_clock_info("perf_counter")
    namespace(
        adjustable=False,
        implementation='QueryPerformanceCounter()',
        monotonic=True,
        resolution=1e-07
    )

As shown above, the "perf_counter" clock on Windows if over 5 orders of
magnitude more precise than the "time" clock. This lack of precision
caused the test to fail on Windows, as the entire test often ran in less
than 0.015625 seconds.
 2022-02-23 07:44:56 -05:00
Shreya Malviya 2a8186928d Agent: Remove unused function `send_exploit_telemetry` in `HostExploiter` 2022-02-23 17:42:00 +05:30
Shreya Malviya 58703f9b5b Agent: Remove code that set `exploit_result`'s fields to the default value in SSH exploiter 2022-02-23 17:38:48 +05:30
VakarisZ 3fee7dec90
Merge pull request #1731 from guardicore/1695-parsing-mimikatz 
1695 parsing mimikatz
 2022-02-23 13:58:47 +02:00
Shreya Malviya 4ecc5283e5 Agent: Rename function for returning ExploiterResultData 2022-02-23 17:11:53 +05:30
Shreya Malviya 6cdb86aa4b Agent: Add TODO comment for VictimHost type hint to HostExploiter.py 2022-02-23 17:10:53 +05:30
Ilija Lazoroski 03178b6011 Island: Fix attack technique T1210 2022-02-23 10:59:28 +01:00
Ilija Lazoroski a0b5ac2330 Agent: Fix monkey exploitation reporting 2022-02-23 10:59:28 +01:00
Ilija Lazoroski 4dfe0cf7db Agent: Remove monkey import from exploit_telem 2022-02-23 10:59:28 +01:00
Ilija Lazoroski 522d0d388d Agent: Modify SSH exploiter to return ExploiterResultData 2022-02-23 10:59:21 +01:00
Ilija Lazoroski 58b1a04bd7 Agent: Modify exploit_host() to accept object instead of string 2022-02-22 19:30:53 +01:00
Ilija Lazoroski f2b2a9c5c3 Agent: Modify SSH exploit 
* Remove credential hashes from logs
* Get rid of config and use brute_force utils
* Use telemetry messenger to send attack telemetries
* Zerologon and Powershell needs to be revised based on UT
 2022-02-22 19:24:21 +01:00
vakarisz 8c90a98d05 UT: rename mimikatz credential processing to credential processing 2022-02-22 17:42:36 +02:00
vakarisz 0cbfc79a92 Island: remove unfinished ssh key processor 2022-02-22 17:42:33 +02:00
vakarisz 719d8dd2ad Island, Agent, Common: rename CredentialsType to CredentialComponentType 2022-02-22 17:41:38 +02:00
vakarisz c87297eb2a Island: fix a bug in lm_hash_processor.py 2022-02-22 17:40:56 +02:00
vakarisz 80bf561820 Island: fix a bug in lm_hash_processor.py 2022-02-22 17:40:56 +02:00
vakarisz 600753b53c Island: add username processor 2022-02-22 17:40:56 +02:00
vakaris_zilius 4b3750076a Agent, Island, Common: change code to process CredentialType value 
Island: rename credentials_type.py
 2022-02-22 17:40:55 +02:00
vakarisz bb760c7e8a Island: fix detection if credential is a keypair 2022-02-22 17:21:48 +02:00
vakaris_zilius d874cd9d5a Agent: fix broken pwd import on windows for ssh_handler.py 2022-02-22 17:18:57 +02:00
vakaris_zilius b344676425 Agent: add basic log statements to the mimikatz collector 2022-02-22 17:18:32 +02:00
vakaris_zilius 036388e704 Agent: don't log the contents of credentials telemetries 2022-02-22 17:18:31 +02:00
Ilija Lazoroski b224348881 Island: Fix credential collector parsing for SSH 2022-02-22 17:18:31 +02:00
vakarisz c96674f834 Island, Agent: fixed imports to reference credential type enum in common 2022-02-22 17:18:31 +02:00
vakarisz 73434537fe Island: remove system_info processing file 
No system info telemetries need to be processed anymore
 2022-02-22 17:18:31 +02:00
vakarisz 5471e9854c Island: remove credentials parsing boundary 2022-02-22 17:18:31 +02:00
vakarisz a8717dc691 Agent: rename and move credentials_type enum to common 2022-02-22 17:18:31 +02:00
Ilija Lazoroski 597fe35806 Island: Remove WMI handler that processed wmi info 
* Leftover from broken info gathering package
 2022-02-22 17:18:31 +02:00
vakarisz 5c5e170296 Island: Add processors for credentials 2022-02-22 17:18:31 +02:00
Shreya Malviya 96bd7bca24
Merge pull request #1728 from guardicore/1605-modify-exploit-result-data 
Modify ExploiterResultData
 2022-02-22 20:38:22 +05:30
Shreya Malviya b91f3b1551 Agent: Fix comment in ExploitTelem 2022-02-22 17:54:31 +05:30
Shreya Malviya f0679ebb26 Agent: Move `pwd`'s import statement to avoid using try/except 2022-02-22 17:49:08 +05:30
Shreya Malviya e47239f81c Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData 2022-02-22 14:08:39 +05:30
Shreya Malviya dff5bde894 UT: Modify ExploitTelem calls in UTs 2022-02-22 12:50:01 +05:30
Shreya Malviya afb7210179 Agent: Modify ExploitTelem to accept param of type ExploiterResultData 2022-02-22 12:47:42 +05:30
ilija-lazoroski 4b83c79134
Merge pull request #1724 from guardicore/1605-pass-wormconfig-options 
1605 pass wormconfig options
 2022-02-21 13:52:28 +01:00
Ilija Lazoroski c83285c782 Agent: Modify exploiters to have general and exploiter options 2022-02-21 13:45:58 +01:00
Shreya Malviya 10d8dc1f33
Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option 
Remove `skip_exploit_if_file_exist` config option
 2022-02-21 17:59:51 +05:30
Shreya Malviya 3c80e1c38b UT: Remove `skip_exploit_if_file_exist` config field 2022-02-21 16:46:23 +05:30
Shreya Malviya 201a838e23 Island: Remove `skip_exploit_if_file_exist` from internal config 2022-02-21 16:45:45 +05:30