Commit Graph

11405 Commits

Author SHA1 Message Date
Ilija Lazoroski ddaada1f09 Agent: Revise event publishing in SSHExploiter 2022-10-06 13:15:42 +02:00
vakarisz 2248bdcd67 Island: Add _get_node_by_id method to mongo_node_repository.py 2022-10-06 14:10:47 +03:00
Shreya Malviya e2453e481c Agent: Rename variables in HostExploiter 2022-10-06 16:38:42 +05:30
Kekoa Kaaikala 254b4e1c6c Agent: Update publish methods to accept timestamp 2022-10-05 19:43:25 +00:00
Kekoa Kaaikala 12e9aaf42e Agent: Add abstract properties for exploiter tags 2022-10-05 17:32:48 +00:00
Kekoa Kaaikala 95b1d9c62d Agent: Remove target from publish methods 2022-10-05 15:57:15 +00:00
vakarisz 249950d602 Island: Improve tcp handler code and coverage 2022-10-05 17:07:19 +03:00
vakarisz 6c913895c5 Island: Add TCP connections to nodes based on TCP scan event 2022-10-05 15:33:16 +03:00
vakarisz bbcdc1bef4 Island: Make upsert_node method public
Updating/inserting the node into the repository is required outside of repository itself.
2022-10-05 15:33:11 +03:00
Mike Salvatore 73a8c14397 Merge branch '2269-add-attack-technique-tags' into develop
PR #2394
2022-10-05 08:25:51 -04:00
Ilija Lazoroski 63f869d296 Project: Add common.tags and HostExploiter publish functions to Vulture 2022-10-05 14:21:23 +02:00
Mike Salvatore 82217b4094
Merge branch 2267-add-network-services into develop
PR #2398
2022-10-05 08:20:13 -04:00
Mike Salvatore 10e3c97489 Island: Use Tuple[SocketAddress] for tcp_connections
There are serialization issues when using FrozenSet because pydantic
converts the SocketAddress to a dict, which is not hashable. There are
probably ways to work around this, but it's not worth the effort at thsi
time. If performance becomes an issue (doubtful) we can revisit using a
frozenset instead.
2022-10-05 14:51:31 +03:00
Mike Salvatore 8799a60f47 Island: Fix serialization/deserialization of Machine.network_services 2022-10-05 14:51:30 +03:00
Mike Salvatore d8cf5d33dd Common: Extract MutableInfectionMonkeyModelConfig 2022-10-05 14:51:30 +03:00
Mike Salvatore eb3daf84f1 Common: Use strings for NetworkService Enum values 2022-10-05 14:51:30 +03:00
Mike Salvatore f6ed8a997c Common: Rename NetworkServiceNameEnum -> NetworkService
"Name" and "Enum" are redundant in this case
2022-10-05 14:51:25 +03:00
vakarisz 8bf1d1f46f Island, Common: Add services to machine.py 2022-10-05 14:51:01 +03:00
vakarisz a390c97b70 Island: Add tcp_connections to node 2022-10-05 14:50:02 +03:00
vakarisz 80a095b657 Agent: Use NetworkPort instead of Port 2022-10-05 14:50:02 +03:00
Ilija Lazoroski 2ece91b9df Agent: Rename event_queue to agent_event_queue in SSHCredentialCollector 2022-10-05 11:37:58 +02:00
Ilija Lazoroski c7e2b91735 Agent: Rename event_queue to agent_event_queue in
MimikatzCredentialCollector
2022-10-05 11:34:50 +02:00
Ilija Lazoroski 19fcf8d053 Agent: Import attack technique tags from common in MimikatzCollector 2022-10-05 11:30:09 +02:00
Ilija Lazoroski c8aee645fa Agent: Import attack technique tags from common in SSHCollector 2022-10-05 11:24:52 +02:00
Ilija Lazoroski 491612f9e8 Common: Add T1005 and T1145 attack technique tags 2022-10-05 11:21:28 +02:00
Ilija Lazoroski 0ed167fb48 Agent: Import attack technique tags from common in Zerologon 2022-10-05 11:13:39 +02:00
Ilija Lazoroski e46bb8964d Common: Add T1003 and T1098 attack technique tags 2022-10-05 11:11:18 +02:00
Mike Salvatore fd8ea53e8b Merge branch '2269-remove-find_monkeys_in_db' into develop
PR #2391
2022-10-04 18:21:00 -04:00
Mike Salvatore bbbb1ac773 Island: Remove disused LogBlackboxEndpoint 2022-10-04 16:30:13 -04:00
Mike Salvatore 6ae7676322 BB: Pass generator instead of list comprehension to all()
This will allow a short-circuit.
2022-10-04 16:30:13 -04:00
Mike Salvatore b713cce893 Island: Remove /api/test/monkey endpoint 2022-10-04 16:30:13 -04:00
Kekoa Kaaikala 2bea619786 BB: Removed unused method and endpoint 2022-10-04 16:30:13 -04:00
Kekoa Kaaikala e0c9717da9 BB: Update test_compabitiblity to use new api 2022-10-04 16:30:13 -04:00
Kekoa Kaaikala 73fbc22e3d BB: Remove find_monkeys_in_db 2022-10-04 16:30:13 -04:00
Mike Salvatore a691a16625
Merge pull request #2393 from guardicore/2269-update-hostexploiter
2269 update hostexploiter
2022-10-04 15:34:08 -04:00
Mike Salvatore 3172433410 Agent: Swap order of _publish_{propagation,exploitation}_event()
Putting _publish_exploitation_event() first puts the methods in both
alphabetical and chronological order.
2022-10-04 15:20:14 -04:00
Mike Salvatore 8e6a098a2e Project: Add HostExploiter methods to vulture_allowlist.py 2022-10-04 15:18:12 -04:00
Kekoa Kaaikala a07eadce60 Common: Add T1570 attack technique 2022-10-04 18:00:41 +00:00
Kekoa Kaaikala d1a8ce2082 Common: Add T1210 tag 2022-10-04 17:58:33 +00:00
Kekoa Kaaikala 6a100105be Common: Order attack tags alphanumerically 2022-10-04 17:58:23 +00:00
Ilija Lazoroski 8b4af5c349 Common: Fix typo in attack tags 2022-10-04 17:57:57 +00:00
Ilija Lazoroski dd35bebb3e Common: Add T1203 attack technique tag 2022-10-04 17:57:16 +00:00
Ilija Lazoroski bb11ea7857 Common: Add attack tags 2022-10-04 17:56:49 +00:00
Kekoa Kaaikala ee77eddaab Agent: Fix tuple type hint 2022-10-04 17:50:39 +00:00
Kekoa Kaaikala 116ae90f3d UT: Remove host exploiter tests 2022-10-04 17:45:30 +00:00
Kekoa Kaaikala b94002a984 Agent: Make publish methods private 2022-10-04 17:44:37 +00:00
Ilija Lazoroski 8e161f0fd9 Agent: Accept tuple as tags to HostExploiter publish events methods 2022-10-04 17:36:27 +00:00
Ilija Lazoroski 95b3556cd0 Agent: Exploiter name when publishing events to be __class__.__name__ 2022-10-04 17:36:05 +00:00
Kekoa Kaaikala a79d40b42e UT: Fix powershell tests 2022-10-04 17:35:33 +00:00
Kekoa Kaaikala 3e86766aaf Agent: Use default value for exploiter name 2022-10-04 17:35:05 +00:00