p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
5,446 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

5446 Commits

Author SHA1 Message Date
Shreya 560cfb5948 docs: Do slight rewording in ransomware's README section 2021-06-30 12:36:35 +05:30
Shreya Malviya 8a902cd2b6
docs: Modify README portion of ransomware docs 
Give more context. Explain how a ransomware attack usually does this.

Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
 2021-06-30 12:26:55 +05:30
Shreya 949a52741b docs: Add link to ransomware simulations's README.txt file 2021-06-29 13:58:01 +05:30
Shreya 5b05e6224d docs: Modify ransomware page to include info about README.txt file 2021-06-29 13:58:02 +05:30
Mike Salvatore 04b2ac6bd9 Don't normalize line endings in ransomware_targets test data 
On Windows, git will normalize the line endings of .txt (and other)
files to crlf instead of lf. This is useful for many files, but the
ransomware_target files need unmodified when they are checked out.

By adding an exception in .gitattributes, the files in
monkey/tests/data_for_tests/ransomware_targets are not modified on
windows.
 2021-06-28 20:52:42 -04:00
Mike Salvatore f7f60be632 Merge branch 'ransomware_readme_config_option' into develop 2021-06-28 14:57:18 -04:00
Mike Salvatore f8411d3c92 Island: Rename ransomware config "notifications" section 2021-06-28 13:50:45 -04:00
Mike Salvatore d7991eb06b
Merge pull request #1270 from guardicore/secure-custom-pba-dir 
Create secure custom PBA directory on Windows
 2021-06-28 13:48:17 -04:00
shreyamalviya 37a73440af tests: Add extra line in tests/monkey_island/utils.py to pass formatting checks 2021-06-28 22:43:25 +05:30
shreyamalviya 3bea4bb86f tests: Refactor duplicate code for checking secure Windows permissions 2021-06-28 20:23:03 +05:30
VakarisZ b7c8006f94 Add readme to ransomware section of configuration schema 2021-06-28 14:43:51 +03:00
Shreya 7afe0818e5 tests: Use `is_windows_os()` while skipping tests in test_post_breach_files.py 2021-06-28 14:07:06 +05:30
Shreya 7211d59a38 tests: Add unit test for custom PBA dir permissions on Windows 2021-06-28 14:05:41 +05:30
Shreya 75a2f1b12e island: Use `create_secure_directory()` for custom PBA directory creation 2021-06-28 11:56:40 +05:30
Mike Salvatore 33a6e72df5
Merge pull request #1265 from guardicore/ransomware-encryption-documentation 
Add documentation for ransomware
 2021-06-27 17:32:14 -04:00
Mike Salvatore 3d403a92e8 agent: Fix incorrect config in ransomware payload 2021-06-25 10:21:08 -04:00
Mike Salvatore 1294e38f6e
Merge pull request #1259 from guardicore/ransomware-telemetry 
Ransomware telemetry
 2021-06-25 10:16:42 -04:00
Shreya 954cc469cf docs: Reword paragaraph about why ransomware simulation is sufficient 2021-06-25 19:07:32 +05:30
Mike Salvatore 76cf8a1bb4 agent: Wrap ransomware payload build/run in run_ransomware() 2021-06-25 09:19:15 -04:00
Shreya 61d95f52e1 docs: Reword the paragraph describing why the ransomware simulation is good enough 2021-06-25 16:37:50 +05:30
Shreya 32026f64a4 docs: Change "relevant extensions" to "targeted extensions" in ransomware docs 2021-06-25 16:27:35 +05:30
Shreya f77d0c28c2 docs: Add note about why ransomware encryption is not recursive and ignores shortcuts and symlinks 2021-06-25 16:22:59 +05:30
Shreya Malviya 3ddde83b5c
docs: Reword ransomware introductory description 
Add "only" to clarify that encryption will only take place if a directory is specified.

Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
 2021-06-25 16:00:49 +05:30
Mike Salvatore 6773f695ba agent: Use ITelem in send_telemetry() typehint 2021-06-24 15:57:10 -04:00
Mike Salvatore 7b9c39edc6 Remove RansomwareTelem from vulture_allowlist 2021-06-24 15:55:17 -04:00
Mike Salvatore 76da583420 agent: Send telemetry from ransomware payload 2021-06-24 15:49:19 -04:00
Mike Salvatore 21525be192 agent: Use ITelem in ITelemetryMessenger.send() typehint 2021-06-24 13:55:09 -04:00
Mike Salvatore 46da0b7b1f agent: Add ITelem interface 
Create a telemetry interface that sits above the BaseTelem abstract
class to allow telemetries to be extended without inheritance.
 2021-06-24 12:07:14 -04:00
Mike Salvatore 77e3c8a257 agent: Add telemetry messenger interface 
The telemetry classes have too many responsibilities. At the moment, one
such responsibility is to send themselves to the island. As our plugin
interfaces develop, the need may arise to send telemetry using different
mechanisms. To isolate the RansomwarePayload from these changes, the
ITelemetryMessenger interface is introduced in this commit. It provides
a send_telemetry() method that handles the specific details of how
telemetry is sent to the Island.

At the present time, the TelemetryMessengerWrapper class is introduced
to handle sending telemetry. It simply wraps the existing send() method
on the telemetry class.
 2021-06-24 10:26:00 -04:00
Shreya cec8341b17 tests: Add unit tests for ransomware telem 2021-06-24 10:26:00 -04:00
Shreya 29bd48f703 telem: Add ransomware telemetry 2021-06-24 10:26:00 -04:00
Shreya d600aa7208 telem: Add telem category for ransomware 2021-06-24 10:26:00 -04:00
Mike Salvatore 6744ee71fc
Merge pull request #1264 from guardicore/ransomware-bitflip-encryption 
Ransomware bitflip encryption
 2021-06-24 08:24:52 -04:00
Mike Salvatore ef209a693c agent: Remove second file from test_file_encrypted_in_place() 2021-06-24 07:00:44 -04:00
Mike Salvatore f1e592380b agent: Rename test_file_with_included_extension_encrypted 2021-06-24 07:00:06 -04:00
Shreya 97bc0fd205 docs: Add more information about the safety and sufficiency of the ransomware simulation 2021-06-24 14:41:38 +05:30
Shreya 91c3a6cb0d docs: Reword some content on the ransomware page 2021-06-24 13:19:39 +05:30
Mike Salvatore 70480c7011 agent: Rename RansomwareBitflipEncryptor -> BitflipEncryptor 2021-06-23 11:05:34 -04:00
Mike Salvatore 1929ea7dae agent: Add file_selectors.select_production_safe_target_files() 2021-06-23 11:01:58 -04:00
Mike Salvatore 97cf198965 agent: Narrow the responsibilities of RansomwareBitflipEncryptor 2021-06-23 10:50:14 -04:00
Shreya da204416e6 docs: Add reference page for ransomware 2021-06-23 19:45:43 +05:30
Mike Salvatore 2ea5dc6ac7 tests: Add missing test_lib.dll 
The .gitignore file prevents dlls from being added to git. Since this
isn't a real dll, but is only used for testing, we can add it anyway.
 2021-06-23 09:57:27 -04:00
Mike Salvatore 9165737389 agent: Use larger chunk size in RansomwarePayload 
The larger chunk size improves efficiency by reducing the number of
reads.
 2021-06-23 09:42:12 -04:00
Mike Salvatore ae0dfec3cc agent: Return results from RansomwareBitflipEncryptor.encrypt_files() 2021-06-23 09:37:33 -04:00
Mike Salvatore f1a365def2 agent: Add unit test for RansomwareBitflipEncryptor 2021-06-23 09:19:46 -04:00
Mike Salvatore 707b40608a tests: Extract ransomware target files to ransomware_target_files.py 2021-06-23 09:08:36 -04:00
Mike Salvatore d99811f83f tests: Move ransomware_target() fixture to ransomware/conftest.py 2021-06-23 09:04:24 -04:00
Mike Salvatore 45ba743418 tests: Move hash_file() into tests/utils.py 2021-06-23 09:01:42 -04:00
Mike Salvatore ab40518881 agent: Extract bitflip encryption into its own class 2021-06-23 08:56:12 -04:00
Mike Salvatore 2c97d04673 Agent: Don't run ransomware payload if no directory was specified 2021-06-23 08:34:09 -04:00