Ilija Lazoroski
db8e1e50da
Agent: Add add_credentials_from_event_to_propagation_credentials_repository
...
Callable class that adds credentials to the propagation credentials
repository
2022-08-15 09:30:04 +02:00
Mike Salvatore
dc0f865f9b
Merge pull request #2192 from guardicore/2176-initialize-event-queue
...
Initialize IEventQueue
2022-08-12 10:14:20 -04:00
Ilija Lazoroski
21c9ea9d44
Agent: Initialize IEventQueue
2022-08-12 15:31:55 +02:00
Ilija Lazoroski
743d40abab
Common: Rename StolenCredentialsEvent to CredentialsStolenEvent
2022-08-12 09:39:04 +02:00
Ilija Lazoroski
889863bb93
Common: Define StolenCredentialsEvent
2022-08-11 19:36:52 +02:00
Mike Salvatore
87cbdd9fb8
Common: Rename subscribe_all() -> subscribe_all_events()
2022-08-10 09:17:13 -04:00
Shreya Malviya
3938e2f377
Project: Add subscribe_all_event_types to Vulture allowlist
2022-08-09 19:00:05 +05:30
Shreya Malviya
7a77fd82df
Project: Add event queue's entries to Vulture allowlist
2022-08-09 17:12:48 +05:30
Ilija Lazoroski
8586d89062
Island: Implement Version object
2022-08-03 16:43:04 +02:00
Mike Salvatore
c7be5f6c68
Project: Add AbstractEvent to vulture_allowlist.py
2022-08-02 20:38:08 -04:00
Shreya Malviya
9c7b69dd7b
Project: Add 'validate_windows_filename_not_reserved' to Vulture's allowlist
2022-07-27 12:32:07 +05:30
vakarisz
91e8ce62db
Common: Freeze lists to tuples in agent configuration
2022-07-26 17:25:06 +03:00
vakarisz
43387dc1a5
Common: Use IJSONSerializable interface for credentials
2022-07-12 13:48:20 +03:00
Mike Salvatore
59a9aa8a53
Project: Ignore decorated Schema methods in credentials.py
2022-07-07 07:37:15 -04:00
Mike Salvatore
0be43157cf
Common: Add PasswordSchema
2022-07-06 10:46:05 -04:00
Mike Salvatore
035734992c
Island: Change parameter names in ICredentialsRepository.save_*()
2022-07-05 10:50:28 -04:00
Ilija Lazoroski
6695e5b4ac
Island: Modify IStolenCredentialsRepository
...
* Rename to ICredentialsRepository
* Add {get/remove/save}_{stolen/configured}_credentials
2022-07-05 16:25:39 +02:00
Mike Salvatore
a84220f343
Project: Remove nonexistant _make_agent_configuration from vulture
2022-07-01 13:10:01 -04:00
Mike Salvatore
0137c89158
Island: Add preliminary Simulation class
...
Includes just the island's mode for now.
2022-07-01 13:10:01 -04:00
Mike Salvatore
d4c7b97229
Island: Add UNSET to IslandModeEnum
2022-06-30 13:12:26 -04:00
Mike Salvatore
13a7e4ea31
Project: Remove OperatingSystems enums from vulture allowlist
2022-06-27 09:37:20 -04:00
Mike Salvatore
f25a81635c
Merge pull request #2030 from guardicore/1960-configuration-schema
...
1960 configuration schema
2022-06-17 10:31:56 -04:00
Mike Salvatore
e0ae109368
Common: Add AgentConfiguration
2022-06-17 09:27:51 -04:00
Mike Salvatore
a41b2e3ea4
Common: Add PropagationConfiguration
2022-06-17 09:04:00 -04:00
Mike Salvatore
9bbf5c8ae7
Common: Add NetworkScanConfiguration
2022-06-17 08:50:48 -04:00
Mike Salvatore
2c4069ae1b
Project: Remove Meta, unknown from vulture_allowlist.py
...
These are no longer needed after db9d57a526
.
2022-06-17 08:31:04 -04:00
Mike Salvatore
3c879f444d
Common: Add ScanTargetConfigurationSchema
2022-06-17 08:30:42 -04:00
Mike Salvatore
7e9c481992
Common: Rename marshmallow post_load methods to be protected
2022-06-17 08:22:31 -04:00
Mike Salvatore
0b810f5d56
Common: Add TCPScanConfigurationSchema
2022-06-17 08:14:35 -04:00
Mike Salvatore
afd3160c2f
Common: Add ExploitationOptionsConfiguration
2022-06-16 20:20:35 -04:00
Mike Salvatore
70e8bca1ea
Common: Use OperatingSystems enum in ExploiterConfigurationSchema
2022-06-16 20:20:35 -04:00
Mike Salvatore
9d73252ff5
Common: Add ExploiterConfiguration
2022-06-16 20:20:35 -04:00
Mike Salvatore
bdad41057c
Common: Add CustomPBAConfiguration
2022-06-16 20:20:35 -04:00
Mike Salvatore
c79f62e682
Common: Add PluginConfiguration
2022-06-16 20:20:35 -04:00
Mike Salvatore
c53864cdd7
Common: Add release_convention()
2022-06-16 09:26:04 -04:00
Shreya Malviya
f989fdff06
Project: Remove `export_monkey_telems` from Vulture's allowlist
2022-06-10 12:10:52 -07:00
vakarisz
faf2259c59
Island: Rename repository file names to snake case
2022-05-31 12:59:38 +03:00
vakarisz
1077a84623
Project: Ignore unused classes created for dal layer
2022-05-24 10:27:07 +03:00
Mike Salvatore
2804ba9b07
Island: Return AWSCommandResults from start_infection_monkey_agent()
2022-05-10 13:09:56 -04:00
Ilija Lazoroski
7baccefae1
Project: Remove WebLogic references
2022-04-11 11:58:24 +02:00
Mike Salvatore
1f5bb7efaf
Merge pull request #1876 from guardicore/1869-remove-drupal
...
Remove Drupal exploiter
2022-04-10 09:45:24 -04:00
Ilija Lazoroski
3ecaff0686
Project: Remove Struts2 entry from vulture
2022-04-08 12:19:04 +02:00
Shreya Malviya
22e4e9c0ab
Project: Remove constant DRUPAL from Vulture's allowlist
2022-04-08 13:49:22 +05:30
Mike Salvatore
9738430333
Project: Remove temporary agent-refactor vulture exceptions
2022-03-30 07:31:29 -04:00
Mike Salvatore
2c32c354ae
Agent: Remove MockMaster
...
This mock has outlived its usefulness and can now be removed.
2022-03-30 07:20:37 -04:00
Shreya Malviya
99b621f2c8
Project: Add config's post_breach_actions to Vulture's allowlist
2022-03-30 12:29:27 +05:30
Shreya Malviya
1f2867a70a
Project: Add ProcessListCollection to Vulture's allowlist
2022-03-29 14:20:29 +03:00
Mike Salvatore
4316329384
Project: Add strict_slashes to vulture_allowlist
2022-03-25 07:57:54 -04:00
Mike Salvatore
a1d08abe19
Project: Rename EXPLOITED_* to PROPAGATED_*
...
These states were renamed in 5e3829aab
and 2c8aef6d8
2022-03-25 07:57:54 -04:00
Mike Salvatore
bfd9084ce1
Project: Add architecture parameter to vulture_allowlist
2022-03-16 13:39:39 -04:00
Mike Salvatore
cd3f5e7f16
Project: Add get_file_sha256_hash() to vulture_allowlist.py
2022-03-16 13:38:33 -04:00
vakarisz
1d15288b64
Agent, Island: remove/rename system info collection infrastructure
...
System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly
2022-03-01 14:54:20 +02:00
vakarisz
afc98667c4
Island: remove unused "creds" properties from monkey model
2022-02-25 15:38:36 +02:00
Shreya Malviya
a599edec15
Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist
2022-02-24 15:12:00 +05:30
Ilija Lazoroski
d8e203dd50
Project: Change readme and remove shellshock from vulture
2022-02-23 13:50:12 +01:00
Shreya Malviya
fcfa01223d
Project: Remove ProcessListCollector from Vulture allowlist
2022-02-16 17:06:17 +05:30
Ilija Lazoroski
7f6496b330
Island, UT: Remove system info AWS Collector
2022-02-14 12:00:08 +01:00
Shreya Malviya
9dc0a6ed6f
Project: Remove removed Scoutsuite constants from Vulture allowlist
2022-02-09 14:27:20 +05:30
Shreya Malviya
2c88d6053c
Project: Remove deleted constants from Vulture's allowlist
2022-02-01 16:40:06 +01:00
Ilija Lazoroski
b5c51bedc1
Island, UT: Remove Bootloader endpoint
2022-02-01 15:32:13 +01:00
Ilija Lazoroski
ff87252a24
Agent, Island: Remove MS08_67 exploiter
2022-01-31 11:11:33 +01:00
Mike Salvatore
e1cf4fa9c2
Merge branch 'release/1.13.0' into agent-refactor
2022-01-25 13:35:49 -05:00
vakarisz
a5a4957c29
Agent: small readability and style improvements
2022-01-18 15:01:47 +02:00
vakarisz
9d5ea0f41f
Island: add log4shell issue processing and reporting
2022-01-06 12:26:00 +02:00
vakarisz
c382987430
Project: vulture allow LDAPServerFactory.buildProtocol
2022-01-05 15:18:12 +02:00
Ilija Lazoroski
c129e2f4b0
Project: Remove mysqlfinger references in Vulture
2021-12-14 14:54:20 +01:00
VakarisZ
4fdd3370ca
Island, UI: implement the endpoint for stopping all monkeys, change the UI to call this endpoint and send a timestamp of button press
2021-12-08 14:48:57 +02:00
Mike Salvatore
137afa6473
Agent: Don't register new signal handler in monkey.py (for now)
...
The signal handler is not quite ready for prime time. Issue #1595 and
issue #1597 will need to be resolved before the signal handler can be
fully ready. For now, don't register the signal handler.
2021-11-24 13:46:18 -05:00
Shreya Malviya
7b0f08ee54
Agent: Finish implementing MockMaster
...
Also modified ExploitTelem and PostBreachTelem internals, and
MockPuppet.
2021-11-24 13:54:46 +05:30
Ilija Lazoroski
839024f243
Island: Fix formatting in config
2021-11-23 15:20:19 +01:00
Mike Salvatore
4fc484cd8d
Agent: Add a preliminary MockPuppet implementation
2021-11-22 13:05:30 -05:00
VakarisZ
a8d6f936f1
Agent, Island: remove hostname collector
2021-11-17 11:30:12 +02:00
VakarisZ
0175199540
Island, Agent: remove environment collector
2021-11-16 17:49:38 +02:00
VakarisZ
f5c8db979f
Project: remove remaining sambacry exploiter references in performance.py config template, vulture_allowlist.py and monkey_config_standard.json unit test data file
2021-11-10 15:44:05 +02:00
Shreya Malviya
ee79ea0a9d
Project: Remove variable 'VSFTPD' from Vulture's allowlist
2021-10-29 18:15:38 +05:30
VakarisZ
8b9ddb0c4b
Removed unnecessary vulture ignores from whitelist
2021-09-28 11:04:42 +03:00
VakarisZ
e6ad125be9
Change the telemetry model to have a method for fetching the telemetries based on queries.
...
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
VakarisZ
c7e91c5784
Add report model and a unit test for it's encryption
2021-09-21 10:39:39 +03:00
Mike Salvatore
805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
...
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Mike Salvatore
8aedc2c391
Agent: Add pyinstaller hooks for pypsrp
2021-08-25 14:44:31 -04:00
Ilija Lazoroski
5cee9443ff
Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
...
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00
Shreya Malviya
b6c3623e74
agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')
2021-08-24 13:15:47 +05:30
VakarisZ
2b71fb80c7
Fixed missing powershell exploiter report components.
2021-08-24 11:40:39 +05:30
VakarisZ
9966c54fe2
Added powershell remoting exploiter.
2021-08-24 11:40:39 +05:30
VakarisZ
91ca828c72
Monkey: add launch time to the monkey collection
...
Launch time is needed if we want to tell the user when exactly the exploit occurred/monkey got run
2021-07-26 11:28:40 +03:00
Ilija Lazoroski
81a8ccf673
Island: Return empty post status for island mode
2021-07-13 10:25:48 -04:00
Mike Salvatore
96fc33025e
Island: Redirect gevent tracebacks to file and log exceptions
...
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.
Fixes #859
2021-07-06 08:39:30 -04:00
Mike Salvatore
01b9c41c6e
Remove mock_home_env() from vulture_allowlist.py
2021-07-02 18:59:24 -04:00
Mike Salvatore
6307606010
Remove get_files_to_encrypt from Vulture's allow list
2021-06-23 07:14:57 -04:00
Shreya
5b64ea5151
agent: ransomware: Iterate through files in directory and get list of files to encrypt
2021-06-22 19:30:44 +05:30
VakarisZ
fc1f12c24d
Implemented safety check on import.
2021-06-03 17:02:12 +03:00
VakarisZ
9fcfaac781
Improved exceptions thrown in configuration decryption and unit tests.
2021-06-03 17:01:56 +03:00
Shreya
52b57a7166
Have Vulture skip tests/ instead of tests/unit_tests/
2021-06-03 11:57:44 +05:30
Shreya
b69c1c531a
Rename vulture_whitelist.py -> vultue_allowlist.py
2021-06-02 13:08:37 +05:30