forked from p15670423/monkey
Merge branch 'copyediting' into develop
This commit is contained in:
commit
c5371060c1
|
@ -5,7 +5,7 @@ draft: false
|
||||||
pre: "<i class='fas fa-question'></i> "
|
pre: "<i class='fas fa-question'></i> "
|
||||||
---
|
---
|
||||||
|
|
||||||
Here are some of the most common questions we receive about the Infection Monkey. If the answer you’re looking for isn’t here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/join/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
|
Here are some of the most common questions we receive about the Infection Monkey. If the answer you're looking for isn't here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/join/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
|
||||||
|
|
||||||
- [Where can I get the latest Monkey version? 📰](#where-can-i-get-the-latest-monkey-version)
|
- [Where can I get the latest Monkey version? 📰](#where-can-i-get-the-latest-monkey-version)
|
||||||
- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
|
- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
|
||||||
|
@ -17,11 +17,11 @@ Here are some of the most common questions we receive about the Infection Monkey
|
||||||
- [Monkey agent](#monkey-agent)
|
- [Monkey agent](#monkey-agent)
|
||||||
- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
|
- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
|
||||||
- [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
|
- [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
|
||||||
- [What’s the Monkey’s impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
|
- [What's the Monkey's impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
|
||||||
- [Is it safe to use real passwords and usernames in the Monkey’s configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
|
- [Is it safe to use real passwords and usernames in the Monkey's configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
|
||||||
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
|
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
|
||||||
- [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
|
- [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
|
||||||
- [After I’ve set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
|
- [After I've set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
|
||||||
- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
|
- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
|
||||||
- [The report returns a blank screen](#the-report-returns-a-blank-screen)
|
- [The report returns a blank screen](#the-report-returns-a-blank-screen)
|
||||||
- [How can I get involved with the project? 👩💻👨💻](#how-can-i-get-involved-with-the-project)
|
- [How can I get involved with the project? 👩💻👨💻](#how-can-i-get-involved-with-the-project)
|
||||||
|
@ -77,7 +77,7 @@ The Monkey performs queries out to the Internet on two separate occasions:
|
||||||
|
|
||||||
### Monkey Island
|
### Monkey Island
|
||||||
|
|
||||||
The Monkey Island’s log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
|
The Monkey Island's log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
|
||||||
|
|
||||||
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
|
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
|
||||||
|
|
||||||
|
@ -98,7 +98,7 @@ The Monkey log file can be found in the following paths on machines where it was
|
||||||
- Path on Linux: `/tmp/user-1563`
|
- Path on Linux: `/tmp/user-1563`
|
||||||
- Path on Windows: `%temp%\\~df1563.tmp`
|
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||||
|
|
||||||
The logs contain information about the internals of the Monkey’s execution. The log will contain entries like these ones for example:
|
The logs contain information about the internals of the Monkey's execution. The log will contain entries like these ones for example:
|
||||||
|
|
||||||
```log
|
```log
|
||||||
2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
|
2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
|
||||||
|
@ -124,13 +124,13 @@ The Monkey leaves hardly any trace on the target system. It will leave:
|
||||||
- Path on Linux: `/tmp/user-1563`
|
- Path on Linux: `/tmp/user-1563`
|
||||||
- Path on Windows: `%temp%\\~df1563.tmp`
|
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||||
|
|
||||||
### What’s the Monkey’s impact on system resources usage?
|
### What's the Monkey's impact on system resources usage?
|
||||||
|
|
||||||
The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
|
The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
|
||||||
|
|
||||||
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
|
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
|
||||||
|
|
||||||
### Is it safe to use real passwords and usernames in the Monkey’s configuration?
|
### Is it safe to use real passwords and usernames in the Monkey's configuration?
|
||||||
|
|
||||||
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
|
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
|
||||||
|
|
||||||
|
@ -138,7 +138,7 @@ We advise to limit access to the Monkey Island server by following our [password
|
||||||
|
|
||||||
### How do you store sensitive information on Monkey Island?
|
### How do you store sensitive information on Monkey Island?
|
||||||
|
|
||||||
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island’s database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
|
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island's database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
|
||||||
|
|
||||||
When you reset the Monkey Island configuration, the Monkey Island wipes the information.
|
When you reset the Monkey Island configuration, the Monkey Island wipes the information.
|
||||||
|
|
||||||
|
@ -146,9 +146,9 @@ When you reset the Monkey Island configuration, the Monkey Island wipes the info
|
||||||
|
|
||||||
The Monkey does not use any exploits or attacks that may impact the victim system.
|
The Monkey does not use any exploits or attacks that may impact the victim system.
|
||||||
|
|
||||||
This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we aren’t using it.
|
This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we aren't using it.
|
||||||
|
|
||||||
## After I’ve set up Monkey Island, how can I execute the Monkey?
|
## After I've set up Monkey Island, how can I execute the Monkey?
|
||||||
|
|
||||||
See our detailed [getting started](../content/usage/getting-started) guide.
|
See our detailed [getting started](../content/usage/getting-started) guide.
|
||||||
|
|
||||||
|
@ -175,6 +175,6 @@ The Monkey is an open-source project, and we weclome contributions and contribut
|
||||||
|
|
||||||
### How did you come up with the Infection Monkey?
|
### How did you come up with the Infection Monkey?
|
||||||
|
|
||||||
Oddly enough, the idea of proactively breaking the network to test its survival wasn’t born in the security industry. In 2011, the streaming giant Netflix released Chaos Monkey, a tool that was designed to randomly disable the company’s production servers to verify they could survive network failures without any customer impact. Netflix's Chaos Monkey became a popular network resilience tool, breaking the network in a variety of failure modes, including connectivity issues, invalid SSL certificates and randomly deleting VMs.
|
Oddly enough, the idea of proactively breaking the network to test its survival wasn't born in the security industry. In 2011, the streaming giant Netflix released Chaos Monkey, a tool that was designed to randomly disable the company's production servers to verify they could survive network failures without any customer impact. Netflix's Chaos Monkey became a popular network resilience tool, breaking the network in a variety of failure modes, including connectivity issues, invalid SSL certificates and randomly deleting VMs.
|
||||||
|
|
||||||
Inspired by this concept, Guardicore Labs developed its own attack simulator - Infection Monkey - to run non-intrusively within existing production environments. The idea was to test the resiliency of modern data centers against attack and give security teams the insights they need to make informed decisions and enforce tighter security policies. Since its launch in 2017 (?) the Infection Monkey has been used by hundreds of information technology teams from across the world to find weaknesses in their on-premises and cloud-based data centers.
|
Inspired by this concept, Guardicore Labs developed its own attack simulator - Infection Monkey - to run non-intrusively within existing production environments. The idea was to test the resiliency of modern data centers against attack and give security teams the insights they need to make informed decisions and enforce tighter security policies. Since its launch in 2017 (?) the Infection Monkey has been used by hundreds of information technology teams from across the world to find weaknesses in their on-premises and cloud-based data centers.
|
||||||
|
|
|
@ -24,11 +24,11 @@ The MITRE ATT&CK report is centred around the ATT&CK matrix:
|
||||||
The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
|
The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
|
||||||
|
|
||||||
- {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
|
- {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
|
||||||
- {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didn’t manage to. That means your network isn’t vulnerable to the way Monkey employs this technique.
|
- {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didn't manage to. That means your network isn't vulnerable to the way Monkey employs this technique.
|
||||||
- {{< label unused "Dark Gray" >}}: The Monkey **didn't try** the technique. Perhaps it wasn't relevant to this network.
|
- {{< label unused "Dark Gray" >}}: The Monkey **didn't try** the technique. Perhaps it wasn't relevant to this network.
|
||||||
- {{< label disabled "Light Gray" >}}: The Monkey **didn't try** the technique since it wasn't configured.
|
- {{< label disabled "Light Gray" >}}: The Monkey **didn't try** the technique since it wasn't configured.
|
||||||
|
|
||||||
Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, let’s look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique that’s a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
|
Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, let's look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique that's a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
|
||||||
|
|
||||||
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
|
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
|
||||||
|
|
||||||
|
|
|
@ -13,10 +13,10 @@ The Guardicore Infection Monkey runs different tests to evaluate your network ad
|
||||||
|
|
||||||
## Summary
|
## Summary
|
||||||
|
|
||||||
This diagram provides a quick glance at how your organization scores on each component of the Forrester’s Zero Trust model with **Failed**, **Verify**, **Passed** and **Unexecuted** verdicts.
|
This diagram provides a quick glance at how your organization scores on each component of the Forrester's Zero Trust model with **Failed**, **Verify**, **Passed** and **Unexecuted** verdicts.
|
||||||
|
|
||||||
- {{< label danger Failed >}} At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement.
|
- {{< label danger Failed >}} At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement.
|
||||||
- {{< label warning Verify >}} At least one of the tests’ results related to this component requires further manual verification.
|
- {{< label warning Verify >}} At least one of the tests' results related to this component requires further manual verification.
|
||||||
- {{< label success Passed >}} All Tests related to this pillar passed. No violation of a Zero Trust guiding principle was detected.
|
- {{< label success Passed >}} All Tests related to this pillar passed. No violation of a Zero Trust guiding principle was detected.
|
||||||
- {{< label unused Unexecuted >}} This status means no tests were executed for this pillar.
|
- {{< label unused Unexecuted >}} This status means no tests were executed for this pillar.
|
||||||
|
|
||||||
|
|
|
@ -9,18 +9,18 @@ tags = ["setup"]
|
||||||
|
|
||||||
# Setting up Infection Monkey
|
# Setting up Infection Monkey
|
||||||
|
|
||||||
Setting up Infection Monkey is really easy! First, you need to {{% button href="https://infectionmonkey.com/" icon="fas fa-download" %}}download the Infection Monkey from our site{{% /button %}}.
|
Setting up the Infection Monkey is easy! First, you need to {{% button href="https://infectionmonkey.com/" icon="fas fa-download" %}}Download the Infection Monkey{{% /button %}}.
|
||||||
|
|
||||||
Once you've downloaded an installer, you can follow the relevant guide for your environment:
|
Once you've downloaded an installer, follow the relevant guide for your environment:
|
||||||
|
|
||||||
{{% children %}}
|
{{% children %}}
|
||||||
|
|
||||||
Once you're done setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
|
After setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
|
||||||
|
|
||||||
{{% notice tip %}}
|
{{% notice tip %}}
|
||||||
You can find information about [operating system compatibility and support here](../reference/operating_systems_support).
|
You can find information about [operating system compatibility and support here](../reference/operating_systems_support).
|
||||||
{{% /notice %}}
|
{{% /notice %}}
|
||||||
|
|
||||||
{{% notice tip %}}
|
{{% notice tip %}}
|
||||||
You can find the binary checksums of our installers to verify their integrity [in this page](../usage/file-checksums).
|
You can find the binary checksums of our installers to verify their integrity [on this page](../usage/file-checksums).
|
||||||
{{% /notice %}}
|
{{% /notice %}}
|
|
@ -7,15 +7,17 @@ pre: "<i class='fas fa-user-lock'></i> "
|
||||||
tags: ["usage", "password"]
|
tags: ["usage", "password"]
|
||||||
---
|
---
|
||||||
|
|
||||||
## Security in Infection Monkey
|
## Security in the Infection Monkey
|
||||||
|
|
||||||
The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.
|
The first time you launch Monkey Island (the Infection Monkey CC server), you'll be prompted to create an account and secure your island. After account creation, the server will only be accessible via the credentials you entered.
|
||||||
|
|
||||||
If you want island to be accessible without credentials press *I want anyone to access the island*. Please note that this option is insecure: you should only pick this for use in development environments.
|
If you want an island to be accessible without credentials, press *I want anyone to access the island*. Please note that this option is insecure, and you should only use it in development environments.
|
||||||
|
|
||||||
## Resetting account credentials
|
## Resetting your account credentials
|
||||||
|
|
||||||
To reset credentials edit `monkey_island\cc\server_config.json` by deleting `user` and `password_hash` variables. Then restart the Monkey Island server and you should be prompted with registration form again.
|
To reset your credentials, edit `monkey_island\cc\server_config.json` by deleting the `user` and `password_hash` variables.
|
||||||
|
|
||||||
|
When you restart the Monkey Island server, you will again be prompted with the registration form.
|
||||||
|
|
||||||
Example `server_config.json` for account reset:
|
Example `server_config.json` for account reset:
|
||||||
|
|
||||||
|
|
|
@ -9,31 +9,41 @@ tags: ["setup", "aws"]
|
||||||
|
|
||||||
## Deployment
|
## Deployment
|
||||||
|
|
||||||
On the [Infection Monkey’s AWS Marketplace page](https://aws.amazon.com/marketplace/pp/GuardiCore-Infection-Monkey/B07B3J7K6D), click **Continue to Subscribe**.
|
On the [Infection Monkey's AWS Marketplace page](https://aws.amazon.com/marketplace/pp/GuardiCore-Infection-Monkey/B07B3J7K6D), click **Continue to Subscribe**.
|
||||||
|
|
||||||
1. Choose the desired region.
|
1. Choose the desired region.
|
||||||
1. Choose an EC2 instance type with at least 1GB of RAM for optimal performance or stick with the recommended.
|
1. Choose an EC2 instance type with at least 1GB of RAM for optimal performance or stick with the default recommendation.
|
||||||
1. Select the VPC and subnet you want the instance to be in.
|
1. Select the VPC and subnet you want to use for the new instance.
|
||||||
1. In the Security Group section, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
|
1. In the Security Group section, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
|
||||||
1. Choose an existing EC2 key pair for authenticating with your new instance.
|
1. Choose an existing EC2 key pair for authenticating with the new instance.
|
||||||
1. Click **Launch with 1-click.**
|
1. Click **Launch with 1-click.**
|
||||||
|
|
||||||
At this point, AWS will instance and deploy your new machine.
|
At this point, AWS will instance and deploy the new machine.
|
||||||
|
|
||||||
When ready, you can browse to the Infection Monkey running on your fresh deployment at:
|
When ready, you can browse to the Infection Monkey running on the fresh deployment at:
|
||||||
|
|
||||||
`https://{public-ip}:5000`
|
`https://{public-ip}:5000`
|
||||||
|
|
||||||
You will be presented a login page. Use the username **monkey**, and the new EC2 instace’s instance ID for password. You can find the instance id by going to the EC2 console and selecting your instance. It should appear in the details pane below.
|
You will be presented with a login page. Enter the username **monkey**, and the
|
||||||
|
new EC2 instance's **instance ID** for your password. To find your instance ID,
|
||||||
|
go to the EC2 console and select your instance. It should appear in the details
|
||||||
|
pane below.
|
||||||
|
|
||||||
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
|
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
|
||||||
|
|
||||||
## Integration with AWS services
|
## Integration with AWS services
|
||||||
|
|
||||||
The Monkey has built-in integrations with AWS services for better execution and reporting. See [Usage -> Integrations](../../usage/integrations) for more details.
|
The Infection Monkey has built-in integrations with AWS services for better
|
||||||
|
execution and reporting. See [Usage -> Integrations](../../usage/integrations)
|
||||||
|
for more details.
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
|
|
||||||
|
Currently, there's no "upgrade-in-place" option when a new version is released.
|
||||||
|
To get an updated version, you can deploy a new machine from the marketplace.
|
||||||
|
|
||||||
|
If you'd like to keep your existing configuration, you can export it to a file
|
||||||
|
using the *Export config* button and then import it to the new Monkey Island.
|
||||||
|
|
||||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
||||||
|
|
|
@ -9,26 +9,31 @@ tags: ["setup", "azure"]
|
||||||
|
|
||||||
## Deployment
|
## Deployment
|
||||||
|
|
||||||
Select [Infection Monkey from the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/guardicore.infection_monkey) and click **GET IT NOW**.
|
Select the [Infection Monkey from the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/guardicore.infection_monkey) and click **GET IT NOW**.
|
||||||
|
|
||||||
1. Under **Basics**:
|
1. Under **Basics**:
|
||||||
1. Choose a name for your Infection Monkey instance, such as InfectionMonkey.
|
1. Choose a name for the new Infection Monkey instance, such as InfectionMonkey.
|
||||||
1. Choose a username and password or provide a SSH public key for authentication.
|
1. Choose a username and password, or provide an SSH public key for authentication.
|
||||||
1. Choose a resource group and the location your instance will be deployed in.
|
1. Choose a resource group and the location for the Infection Monkey instance.
|
||||||
1. Under **Size**
|
1. Under **Size**
|
||||||
1. Choose a machine size with at least 1GB of RAM for optimal performance.
|
1. Choose a machine size with at least 1GB of RAM for optimal performance.
|
||||||
1. Under **Settings**
|
1. Under **Settings**
|
||||||
1. Choose the network the new instance will be a member of.
|
1. Choose the network for the new instance.
|
||||||
1. In the **Network Security Group** field, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
|
1. In the **Network Security Group** field, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
|
||||||
1. Under **Summary**
|
1. Under **Summary**
|
||||||
1. Review the details of the offer and click **Create**.
|
1. Review the details of the offer and click **Create**.
|
||||||
|
|
||||||
At this point, Azure will instance and deploy your new machine. When ready, you can browse to the Infection Monkey running on your fresh deployment at:
|
At this point, Azure will provision and deploy your new machine. When ready,
|
||||||
|
you can browse to the Infection Monkey running on your fresh deployment at:
|
||||||
|
|
||||||
`https://{public-ip-address}:5000`
|
`https://{public-ip-address}:5000`
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
|
Currently, there's no "upgrade-in-place" option when a new version is released.
|
||||||
|
To get the updated version, you can deploy a new machine from the marketplace.
|
||||||
|
|
||||||
|
If you'd like to keep your existing configuration, you can export it to a file
|
||||||
|
using the *Export config* button and then import it to the new Monkey Island.
|
||||||
|
|
||||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
||||||
|
|
|
@ -12,14 +12,14 @@ tags: ["setup", "debian", "linux"]
|
||||||
|
|
||||||
To extract the `tar.gz` file, run `tar -xvzf monkey-island-debian.tar.gz`.
|
To extract the `tar.gz` file, run `tar -xvzf monkey-island-debian.tar.gz`.
|
||||||
|
|
||||||
To deploy the package, once you’ve extracted it, run the following commands:
|
Once you've extracted the package, deploy it using run the following commands:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
sudo apt update
|
sudo apt update
|
||||||
sudo dpkg -i monkey_island.deb # this might print errors
|
sudo dpkg -i monkey_island.deb # this might print errors
|
||||||
```
|
```
|
||||||
|
|
||||||
If at this point, dpkg printed errors that look like this:
|
If, at this point, you receive dpkg printed errors that look like this:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
dpkg: error processing package gc-monkey-island (--install):
|
dpkg: error processing package gc-monkey-island (--install):
|
||||||
|
@ -28,7 +28,9 @@ Errors were encountered while processing:
|
||||||
gc-monkey-island
|
gc-monkey-island
|
||||||
```
|
```
|
||||||
|
|
||||||
That just means that not all dependencies were pre-installed on your system. That’s no problem! Just run the following command, which will install all dependencies and then install the Monkey Island:
|
It just means that not all dependencies were pre-installed on your system.
|
||||||
|
That's no problem! Just run the following command, which will install all
|
||||||
|
dependencies, and then install the Monkey Island:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
sudo apt install -f
|
sudo apt install -f
|
||||||
|
@ -38,7 +40,10 @@ sudo apt install -f
|
||||||
|
|
||||||
### Trying to install on Ubuntu <16.04
|
### Trying to install on Ubuntu <16.04
|
||||||
|
|
||||||
If you’re trying to install the Monkey Island on Ubuntu 16.04 or older, you need to install the dependencies yourself, since Python 3.7 is only installable from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow the following steps:
|
If you're trying to install the Monkey Island on Ubuntu 16.04 or older, you
|
||||||
|
need to install the dependencies yourself, since Python 3.7 is only installable
|
||||||
|
from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow
|
||||||
|
these steps:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
sudo apt update
|
sudo apt update
|
||||||
|
@ -57,8 +62,13 @@ To check the status of the Monkey Island after the installation, run the followi
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
To upgrade when a new version comes out, download the new Monkey `.deb` file and install it. You should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After which, the installation should complete successfully.
|
Currently, there's no "upgrade-in-place" option when a new version is released.
|
||||||
|
To get the updated version, download the new `.deb` file and install it. You
|
||||||
|
should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After
|
||||||
|
which, the installation should complete successfully.
|
||||||
|
|
||||||
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
If you'd like to keep your existing configuration, you can export it to a file
|
||||||
|
using the *Export config* button and then import it to the new Monkey Island.
|
||||||
|
|
||||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ tags: ["setup", "docker", "linux", "windows"]
|
||||||
|
|
||||||
To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
|
To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
|
||||||
|
|
||||||
Once you’ve extracted the container from the tar.gz file, run the following commands:
|
Once you've extracted the container from the tar.gz file, run the following commands:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
sudo docker load -i dk.monkeyisland.1.9.0.tar
|
sudo docker load -i dk.monkeyisland.1.9.0.tar
|
||||||
|
@ -23,8 +23,11 @@ sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
|
Currently, there's no "upgrade-in-place" option when a new version is released.
|
||||||
|
To get an updated version, download it, stop the current container and run the
|
||||||
|
installation commands again with the new file.
|
||||||
|
|
||||||
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
If you'd like to keep your existing configuration, you can export it to a file
|
||||||
|
using the *Export config* button and then import it to the new Monkey Island.
|
||||||
|
|
||||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
||||||
|
|
|
@ -9,28 +9,32 @@ tags: ["setup", "vmware"]
|
||||||
|
|
||||||
## Deployment
|
## Deployment
|
||||||
|
|
||||||
1. Deploy the Infection Monkey OVA by choosing Deploy OVF Template and follow the wizard instructions. *Note: make sure port 5000 and 5001 on the machine are accessible for inbound TCP traffic.*
|
1. Deploy the Infection Monkey OVA by choosing **Deploy OVF Template** and
|
||||||
2. Turn on the Infection Monkey VM.
|
following the wizard instructions. *Note: make sure ports 5000 and 5001 on
|
||||||
3. Log in to the machine with the following credentials:
|
the machine are accessible for inbound TCP traffic.*
|
||||||
|
1. Turn on the Infection Monkey VM.
|
||||||
|
1. Log in to the machine with the following credentials:
|
||||||
1. Username: **monkeyuser**
|
1. Username: **monkeyuser**
|
||||||
2. Password: **Noon.Earth.Always**
|
1. Password: **Noon.Earth.Always**
|
||||||
4. It's recommended to change the machine passwords by running the following commands: `sudo passwd monkeyuser`, `sudo passwd root`.
|
1. It's recommended you change the machine passwords by running the following
|
||||||
|
commands: `sudo passwd monkeyuser`, `sudo passwd root`.
|
||||||
|
|
||||||
## OVA network modes
|
## OVA network modes
|
||||||
|
|
||||||
The OVA can be used in one of two modes:
|
You can use the OVA in one of two modes:
|
||||||
|
|
||||||
1. In a network with DHCP configured. In this case, the Monkey Island will automatically query and receive an IP address from the network.
|
1. In a network with the DHCP configured — In this case, the Monkey Island will
|
||||||
1. With a static IP address.
|
automatically query and receive an IP address from the network.
|
||||||
|
1. With a static IP address — In this case, you should log in to the VM console
|
||||||
In this case, you should login to the VM console with
|
with the username `root` and the password `G3aJ9szrvkxTmfAG`. After logging
|
||||||
username `root` and password `G3aJ9szrvkxTmfAG`. After logging in, edit the interfaces file. You can do that by writing the following command in the prompt:
|
in, edit the interfaces file by entering the following command in the
|
||||||
|
prompt:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
sudo nano /etc/network/interfaces
|
sudo nano /etc/network/interfaces
|
||||||
```
|
```
|
||||||
|
|
||||||
And change the lines:
|
Change the lines:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
auto ens160
|
auto ens160
|
||||||
|
@ -47,7 +51,7 @@ username `root` and password `G3aJ9szrvkxTmfAG`. After logging in, edit the inte
|
||||||
gateway YYY.YYY.YYY.YYY
|
gateway YYY.YYY.YYY.YYY
|
||||||
```
|
```
|
||||||
|
|
||||||
Save the changes then run the command
|
Save the changes then run the command:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
sudo ifdown ens160 && ifup ens160
|
sudo ifdown ens160 && ifup ens160
|
||||||
|
@ -55,8 +59,10 @@ username `root` and password `G3aJ9szrvkxTmfAG`. After logging in, edit the inte
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
|
Currently, there's no "upgrade-in-place" option when a new version is released.
|
||||||
|
To get an updated version, download the updated OVA file.
|
||||||
|
|
||||||
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
If you'd like to keep your existing configuration, you can export it to a file
|
||||||
|
using the *Export config* button and then import it to the new Monkey Island.
|
||||||
|
|
||||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
||||||
|
|
|
@ -9,27 +9,34 @@ tags: ["setup", "windows"]
|
||||||
|
|
||||||
## Deployment
|
## Deployment
|
||||||
|
|
||||||
Run the installer, and you should be met with the following screen:
|
After running the installer, the following prompt should appear on the screen:
|
||||||
|
|
||||||
![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
|
![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
|
||||||
|
|
||||||
1. Follow the steps of the installation.
|
1. Follow the steps to complete the installation.
|
||||||
1. Run the Monkey Island by clicking on the desktop shortcut.
|
1. Run the Monkey Island by clicking on the desktop shortcut.
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
### Missing windows update
|
### Missing Windows update
|
||||||
|
|
||||||
The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) to be installed. If you’re having trouble running the installer, please make sure to install that update via Windows Update or manually from the link.
|
The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows).
|
||||||
|
If you're having trouble running the installer, please make sure to install the
|
||||||
|
update via Windows Update or manually from the link above.
|
||||||
|
|
||||||
### Supported browsers
|
### Supported browsers
|
||||||
|
|
||||||
The Monkey Island supports Chrome (and Chrome-based) browsers. Some Windows Servers only have Internet Explorer installed. Make sure to use Chrome or a similar modern browser. [You can download Google Chrome from here](https://www.google.com/chrome/).
|
The Monkey Island supports Chrome (and Chrome-based) browsers. If your Windows
|
||||||
|
server only has Internet Explorer installed, please install Chrome or a similar
|
||||||
|
modern browser. [You can download Google Chrome
|
||||||
|
here](https://www.google.com/chrome/).
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
To upgrade, download the new installer and run it. The new Monkey version should be installed over the old one.
|
To upgrade the Infection Monkey on Windows, download the new installer and run
|
||||||
|
it. The new Monkey version will be installed over the old version.
|
||||||
|
|
||||||
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
If you'd like to keep your existing configuration, you can export it to a file
|
||||||
|
using the *Export config* button and then import it to the new Monkey Island.
|
||||||
|
|
||||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
||||||
|
|
|
@ -9,7 +9,7 @@ weight: 2
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
Infection Monkey can simulate various [ATT&CK](https://attack.mitre.org/matrices/enterprise/) techniques on the network.
|
Infection Monkey can simulate various [ATT&CK](https://attack.mitre.org/matrices/enterprise/) techniques on the network.
|
||||||
Use it to assess your security solutions’ detection and prevention capabilities. Infection Monkey will help you find
|
Use it to assess your security solutions' detection and prevention capabilities. Infection Monkey will help you find
|
||||||
which ATT&CK techniques go unnoticed and will provide recommendations about preventing them.
|
which ATT&CK techniques go unnoticed and will provide recommendations about preventing them.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -16,9 +16,9 @@ where these credentials can be reused.
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
- **Exploits -> Credentials** After setting up the Island add the users’ **real** credentials
|
- **Exploits -> Credentials** After setting up the Island add the users' **real** credentials
|
||||||
(usernames and passwords) to the Monkey’s configuration (Don’t worry, this sensitive data is not accessible and is not
|
(usernames and passwords) to the Monkey's configuration (Don't worry, this sensitive data is not accessible and is not
|
||||||
distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Island’s configuration).
|
distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Island's configuration).
|
||||||
- **Internal -> Exploits -> SSH keypair list** Monkey automatically gathers SSH keys on the current system.
|
- **Internal -> Exploits -> SSH keypair list** Monkey automatically gathers SSH keys on the current system.
|
||||||
For this to work, Monkey Island or initial Monkey needs to have access to SSH key files(grant permission or run Monkey as root).
|
For this to work, Monkey Island or initial Monkey needs to have access to SSH key files(grant permission or run Monkey as root).
|
||||||
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey
|
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey
|
||||||
|
|
|
@ -13,7 +13,7 @@ isolate workloads from one another and secure them individually, typically using
|
||||||
the effectiveness of your segmentation is to ensure that your network segments are properly separated, e,g, your
|
the effectiveness of your segmentation is to ensure that your network segments are properly separated, e,g, your
|
||||||
Development is separated from your Production, your applications are separated from one another etc. Use the
|
Development is separated from your Production, your applications are separated from one another etc. Use the
|
||||||
Infection Monkey to verify that your network segmentation is configured properly. This way you make sure that
|
Infection Monkey to verify that your network segmentation is configured properly. This way you make sure that
|
||||||
even if a certain attacker has breached your defenses, it can’t move laterally between segments.
|
even if a certain attacker has breached your defenses, it can't move laterally between segments.
|
||||||
|
|
||||||
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing
|
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing
|
||||||
the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with
|
the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with
|
||||||
|
|
|
@ -43,7 +43,7 @@ exploitations by running consecutive Infection Monkey scans.
|
||||||
## Credentials
|
## Credentials
|
||||||
|
|
||||||
Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale
|
Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale
|
||||||
passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the island’s
|
passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the island's
|
||||||
configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old
|
configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old
|
||||||
passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the
|
passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the
|
||||||
configuration:
|
configuration:
|
||||||
|
|
Loading…
Reference in New Issue