docs: Remove trailing whitespaces

This commit is contained in:
Shreya Malviya 2021-07-28 16:51:27 +05:30
parent ab6d03f97a
commit 5ba4400bc3
5 changed files with 33 additions and 33 deletions

View File

@ -6,14 +6,14 @@ description: "Assess your network security detection and prevention capabilities
weight: 2
---
## Overview
## Overview
The Infection Monkey can simulate various [ATT&CK](https://attack.mitre.org/matrices/enterprise/) techniques on the network. Use it to assess your security solutions' detection and prevention capabilities. The Infection Monkey will help you find which ATT&CK techniques go unnoticed and provide specific details along with suggested mitigations.
## Configuration
- **ATT&CK matrix** You can use the ATT&CK configuration section to select which techniques you want the Infection Monkey to simulate.
- **ATT&CK matrix** You can use the ATT&CK configuration section to select which techniques you want the Infection Monkey to simulate.
For the full simulation, use the default settings.
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
- **Network -> Scope** Disable “Local network scan” and instead provide specific network ranges in the “Scan target list”.

View File

@ -6,30 +6,30 @@ description: "Assess the impact of a successful phishing attack, insider threat,
weight: 5
---
## Overview
## Overview
Numerous attack techniques (from phishing to dumpster diving) might result in a credential leak,
Numerous attack techniques (from phishing to dumpster diving) might result in a credential leak,
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
The Infection Monkey can help you assess the impact of stolen credentials by automatically searching
The Infection Monkey can help you assess the impact of stolen credentials by automatically searching
where bad actors can reuse these credentials in your network.
## Configuration
- **Exploits -> Credentials** After setting up the Monkey Island, add your users' **real** credentials
- **Exploits -> Credentials** After setting up the Monkey Island, add your users' **real** credentials
(usernames and passwords) here. Don't worry; this sensitive data is not accessible, distributed or used in any way other than being sent to the Infection Monkey agents. You can easily eliminate it by resetting the configuration of your Monkey Island.
- **Internal -> Exploits -> SSH keypair list** When enabled, the Infection Monkey automatically gathers SSH keys on the current system.
- **Internal -> Exploits -> SSH keypair list** When enabled, the Infection Monkey automatically gathers SSH keys on the current system.
For this to work, the Monkey Island or initial agent needs to access SSH key files.
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Infection Monkey
(content of keys will not be displayed, it will appear as `<Object>`).
## Suggested run mode
Execute the Infection Monkey on a chosen machine in your network using the “Manual” run option.
Execute the Infection Monkey on a chosen machine in your network using the “Manual” run option.
Run the Infection Monkey as a privileged user to make sure it gathers as many credentials from the system as possible.
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
## Assessing results
To assess the impact of leaked credentials see the Security report. Examine **Security report -> Stolen credentials** to confirm.
To assess the impact of leaked credentials see the Security report. Examine **Security report -> Stolen credentials** to confirm.

View File

@ -6,7 +6,7 @@ description: "Simulate an internal network breach and assess the potential impac
weight: 3
---
## Overview
## Overview
From the [Hex-Men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit
internet-facing DB servers to a [cryptomining operation that attacks WordPress sites](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign attackers are now trying to go deeper into your network.
@ -15,15 +15,15 @@ Infection Monkey will help you assess the impact of a future breach by attemptin
## Configuration
- **Exploits -> Exploits** Here you can review the exploits the Infection Monkey will be using. By default all
- **Exploits -> Exploits** Here you can review the exploits the Infection Monkey will be using. By default all
safe exploiters are selected.
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
- **Network -> Scope** Make sure to properly configure the scope of the scan. You can select **Local network scan**
and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached, or you can fine tune it by providing
specific network ranges in **Scan target list**. Scanning a local network is more realistic, but providing specific
and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached, or you can fine tune it by providing
specific network ranges in **Scan target list**. Scanning a local network is more realistic, but providing specific
targets will make the scanning process substantially faster.
- **(Optional) Internal -> Network -> TCP scanner** Here you can add custom ports your organization is using.
- **(Optional) Monkey -> Post-Breach Actions** If you only want to test propagation in the network, you can turn off
- **(Optional) Monkey -> Post-Breach Actions** If you only want to test propagation in the network, you can turn off
all post-breach actions. These actions simulate an attacker's behavior after getting access to a new system but in no
way helps the Infection Monkey exploit new machines.
@ -31,17 +31,17 @@ all post-breach actions. These actions simulate an attacker's behavior after get
## Suggested run mode
Decide which machines you want to simulate a breach on and use the “Manual” run option to start the Infection Monkey on them.
Use administrative privileges to run the Infection Monkey to simulate an attacker that was able to elevate their privileges.
You could also simulate an attack initiated from an unidentified machine connected to the network (e.g., a technician
laptop or third-party vendor machine) by running the Infection Monkey on a dedicated machine with an IP in the network you
Decide which machines you want to simulate a breach on and use the “Manual” run option to start the Infection Monkey on them.
Use administrative privileges to run the Infection Monkey to simulate an attacker that was able to elevate their privileges.
You could also simulate an attack initiated from an unidentified machine connected to the network (e.g., a technician
laptop or third-party vendor machine) by running the Infection Monkey on a dedicated machine with an IP in the network you
wish to test.
## Assessing results
Check the infection map and Security report to see how far The Infection Monkey managed to propagate in your network and which
vulnerabilities it successfully exploited. If you left post-breach actions selected, you should also check the MITRE ATT&CK and
Check the infection map and Security report to see how far The Infection Monkey managed to propagate in your network and which
vulnerabilities it successfully exploited. If you left post-breach actions selected, you should also check the MITRE ATT&CK and
Zero Trust reports for more details.
![Map](/images/usage/use-cases/map-full-cropped.png "Map")

View File

@ -6,7 +6,7 @@ description: "Verify your network is properly segmented."
weight: 4
---
## Overview
## Overview
Segmentation is a method of creating secure zones in data centers and cloud deployments. It allows organizations to isolate workloads from one another and secure them individually, typically using policies. A useful way to test your company's segmentation effectiveness is to ensure that your network segments are properly separated (e.g., your development environment is isolated from your production environment and your applications are isolated from one another).
@ -18,15 +18,15 @@ You can use the Infection Monkey's cross-segment traffic feature to verify that
## Configuration
- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
subnets that should be segregated from each other. If any of the provided networks can reach each other, you'll see it
subnets that should be segregated from each other. If any of the provided networks can reach each other, you'll see it
in the security report.
- **(Optional) Network -> Scope** You can disable **Local network scan** and leave all other options at the default setting if you only want to test for network segmentation without any lateral movement.
- **(Optional) Monkey -> Post-Breach Actions** If you only want to test segmentation in the network, you can turn off all post-breach actions. These actions simulate an attacker's behavior after getting access to a new system, so they might trigger your defense solutions and interrupt the segmentation test.
## Suggested run mode
Execute The Infection Monkey on machines in different subnetworks using the “Manual” run option.
Execute The Infection Monkey on machines in different subnetworks using the “Manual” run option.
Note that if the Infection Monkey can't communicate to the Monkey Island, it will
not be able to send scan results, so make sure all machines can reach the the Monkey Island.

View File

@ -6,23 +6,23 @@ description: "Tips and tricks about configuring Monkeys for your needs."
weight: 100
---
## Overview
## Overview
This page provides additional information about configuring the Infection Monkey, tips and tricks and creative usage scenarios.
## Custom behaviour
If you want the Infection Monkey to run a specific script or tool after it breaches a machine, you can configure it in
**Configuration -> Monkey -> Post-breach**. Input commands you want to execute in the corresponding fields.
If you want the Infection Monkey to run a specific script or tool after it breaches a machine, you can configure it in
**Configuration -> Monkey -> Post-breach**. Input commands you want to execute in the corresponding fields.
You can also upload files and call them through the commands you entered.
## Accelerate the test
To improve scanning speed you could **specify a subnet instead of scanning all of the local network**.
To improve scanning speed you could **specify a subnet instead of scanning all of the local network**.
The following configuration values also have an impact on scanning speed:
- **Credentials** - The more usernames and passwords you input, the longer it will take the Infection Monkey to scan machines that have
remote access services. The Infection Monkey agents try to stay elusive and leave a low impact, and thus brute-forcing takes longer than with loud conventional tools.
- **Network scope** - Scanning large networks with a lot of propagations can become unwieldy. Instead, try to scan your
- **Network scope** - Scanning large networks with a lot of propagations can become unwieldy. Instead, try to scan your
networks bit by bit with multiple runs.
- **Post-breach actions** - If you only care about propagation, you can disable most of these.
- **Internal -> TCP scanner** - Here you can trim down the list of ports the Infection Monkey tries to scan, improving performance.
@ -37,7 +37,7 @@ Use **Monkey -> Persistent** scanning configuration section to either run period
## Credentials
Every network has its old "skeleton keys" that it should have long discarded. Configuring the Infection Monkey with old and stale passwords will enable you to ensure they were really discarded.
Every network has its old "skeleton keys" that it should have long discarded. Configuring the Infection Monkey with old and stale passwords will enable you to ensure they were really discarded.
To add the old passwords, go to the Monkey Island's **Exploit password list** under **Basic - Credentials** and use the "+" button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
@ -45,9 +45,9 @@ To add the old passwords, go to the Monkey Island's **Exploit password list** un
## Check logged and monitored terminals
To see the Infection Monkey executing in real-time on your servers, add the **post-breach action** command:
`wall “Infection Monkey was here”`. This post-breach command will broadcast a message across all open terminals on the servers the Infection Monkey breached to achieve the following:
- Let you know the Monkey ran successfully on the server.
To see the Infection Monkey executing in real-time on your servers, add the **post-breach action** command:
`wall “Infection Monkey was here”`. This post-breach command will broadcast a message across all open terminals on the servers the Infection Monkey breached to achieve the following:
- Let you know the Monkey ran successfully on the server.
- Let you follow the breach “live” alongside the infection map.
- Check which terminals are logged and monitored inside your network.