VakarisZ
46f263be5f
Separate the telemetry document from telemetry_dal, also extracted external interface into __init__.py files
2021-09-27 16:56:45 +03:00
VakarisZ
51f6fbe356
Adjust island conftest.py to also rename the encryptor to datastore_encryptor
2021-09-27 16:29:41 +03:00
VakarisZ
ace60052da
Alter usages of telemetry collection in report to store/fetch system info telemetry using the Telemetry model
...
This is required to automatically encrypt/decrypt the telemetries and it's a good practice to have a DAL for telemetries
2021-09-24 13:31:26 +03:00
VakarisZ
e6ad125be9
Change the telemetry model to have a method for fetching the telemetries based on queries.
...
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
VakarisZ
3781095f25
Change the mock database name to "db", because all of the codebase is using this database.
...
This change enables us to write unit tests without the need to patch the the database name in all of the mongo queries that look like "mongo.db.collection"
2021-09-24 13:31:26 +03:00
VakarisZ
1ab0fe7b13
Add Telemetry model
2021-09-24 13:31:26 +03:00
VakarisZ
989d0ffd84
Add unit tests for telemetry model
2021-09-24 13:31:26 +03:00
VakarisZ
b2db5e77c4
Change test_string_list_encryptor.py to re-use fixture "uses_encryptor" rather than implementing the same fixture locally
2021-09-24 13:31:23 +03:00
VakarisZ
854ce4e1e1
Refactor DocumentEncryptor class into a series of methods.
...
DocumentEncryptor class serves no purpose because it holds no state, sensitive_fields can be passed as a parameter to methods
2021-09-24 13:30:28 +03:00
VakarisZ
f3865d022b
Change mongomock_fixtures.py to drop the whole database instead of specified collections.
...
This makes it easier to add new database related tests, because we no longer need to modify the mongomock_fixtures.py to also drop a particular collection we are testing.
2021-09-24 13:30:27 +03:00
VakarisZ
f1c7cf4047
Generalize report_encryptor.py into document_encryptor.py and extract the sensitive fields to report_encryptor.py
2021-09-24 13:30:27 +03:00
Mike Salvatore
089158a976
Agent: Remove editable pyspnego degendency
...
pyspnego v0.2.0 has been released, so we no longer need to specify a git
commit hash in order to get the correct version.
2021-09-23 14:14:32 -04:00
Mike Salvatore
1996387cc5
Remove unnecessary # noqa: E402 from __init__.py files
2021-09-23 13:39:48 -04:00
Mike Salvatore
f0a2a43d51
Remove unnecessary # noqa: F401 from __init__.py files
2021-09-23 13:38:47 -04:00
Mike Salvatore
8b7cb9c0b1
Merge pull request #1481 from guardicore/1471/merge-encryptions
...
Refactor encryptors
2021-09-23 13:38:00 -04:00
Ilija Lazoroski
e2ede28967
Island: Rename get_encryptor and initialize_encryptor
...
Renamed to get_datastore_encryptor and
initialize_datastore_encryptor
2021-09-23 19:04:22 +02:00
Ilija Lazoroski
e0779347b2
Island: Add all imports from encryption to __init__
...
Now the imports are shorter by one directory.
Check the __init__ in encryption.
2021-09-23 19:00:13 +02:00
Ilija Lazoroski
071a4eb1a7
Island: Add IEncryptor to __init__
...
Dnt abbrev in PassworBasedEncryptor and KeyBasedEncryptor
Add comment for review and evaluate the padding function
2021-09-23 17:52:15 +02:00
Ilija Lazoroski
1b91616778
Island: Add explanation for KBE and PBE
...
KeyBasedEncryptor and PasswordBasedEncryptor
2021-09-23 12:44:05 +02:00
Ilija Lazoroski
a661dc4fe6
Island: Refactor encryptors
...
All encryptors are moved to server_utils/encryption.
They were renamed according to the class name.
Everywhere that we had use the encryptors I have updated the names.
Unit tests are also moved to UTs server_utils/encryption.
2021-09-22 22:48:13 +02:00
Ilija Lazoroski
803d1c910f
Island: Separate password and key encryption
2021-09-22 18:10:16 +02:00
Mike Salvatore
380d0ee74f
Merge pull request #1479 from guardicore/1476/upgrade-python-deps
...
Update Python dependencies
2021-09-22 08:30:13 -04:00
Mike Salvatore
67b23c42bf
Tests: Simplify test names in test_string_list_encryptor.py
2021-09-22 07:44:54 -04:00
Ilija Lazoroski
71d0cccdba
Island: Update boto3, botocore and awscli
...
botocore is dependency of boto3 which is
then dependency of awscli.
2021-09-22 11:26:47 +02:00
Ilija Lazoroski
57bce38661
Agent: Upgrade urllib3 to 1.26.5
...
It should work because all the deps are
there.
2021-09-22 11:23:07 +02:00
VakarisZ
ba4aabb67f
Merge pull request #1477 from guardicore/report_encryption
...
Report encryption
2021-09-22 11:48:22 +03:00
VakarisZ
88f3a2b9ca
Add unit tests for string list encryptor
2021-09-22 10:23:41 +03:00
VakarisZ
a1c0af4257
Improve readability and test empty list in test_report_model.py
2021-09-22 10:21:48 +03:00
Mike Salvatore
627a31c902
Island: Remove string_encryptor.py
2021-09-21 13:58:16 -04:00
Mike Salvatore
2ddd369afd
Island: Move encode/decode dot mongo functions to Report model
2021-09-21 13:58:14 -04:00
Mike Salvatore
f662369a07
Tests: Decouple test_report_model.py from StringListEncryptor
2021-09-21 12:51:55 -04:00
Mike Salvatore
13ba0b9091
Island: Rename FieldType to FieldEncryptor
...
* Switch FieldTypeABC from abstract class to interface, since there's no
intention of ever implementing FieldTypeABC's methods.
* Rename FieldTypeABC to IFieldEncryptor and rename StringList to
StringListEncryptor.
2021-09-21 12:30:35 -04:00
Mike Salvatore
96ac13c579
Merge pull request #1478 from guardicore/powershell-pth-on-windows
...
Powershell pth on windows
2021-09-21 08:14:45 -04:00
VakarisZ
5077d84269
Change report service to use report model.
...
Because report saving/fetching happens through model, model can encrypt/decrypt sensitive data
2021-09-21 10:45:39 +03:00
VakarisZ
ea7a75df26
Add infrastructure for encrypting fields in database.
2021-09-21 10:43:34 +03:00
VakarisZ
c7e91c5784
Add report model and a unit test for it's encryption
2021-09-21 10:39:39 +03:00
VakarisZ
cf7b94613b
Rename test_config_encryption.py to test_encryption.py
...
This change is done because the code being tested is in encryption.py, not in config_encryption.py
2021-09-21 10:25:48 +03:00
VakarisZ
f61602552f
Island: update dpath to the latest v2.0.5 and other packages version updates.
...
dpath lib had to be updated to get a bugfix
2021-09-21 10:19:21 +03:00
Mike Salvatore
8fc79c2fe3
Agent: Use pyspnego with bugfix to enable PowerShell PTH on Windows
...
Specify commit 3f748f21 of pyspnego, as this commit contains a bugfix
that allows Infection Monkey to launch pass-the-hash attacks from a
Windows attacker.
2021-09-20 20:43:00 -04:00
ilija-lazoroski
4afeba6334
Merge pull request #1475 from guardicore/1468/fix-nodejs-dependencies
...
Update nodejs dependencies
2021-09-20 09:58:59 +02:00
Mike Salvatore
844d244d67
Agent: Use NTLM specifically for PowerShell if using pass-the-hash
2021-09-17 11:43:06 -04:00
Mike Salvatore
79aacf3dcb
Agent: Extract _get_*() functions from get_auth_options()
2021-09-17 11:42:52 -04:00
Mike Salvatore
444fb90f93
Agent: Return single AuthOptions from get_auth_options()
...
The test suite was overly complicated for get_auth_options(), which
indicated that, perhaps, the function itself was overly complicated.
Previously, it accepted a list of Credentials and returned a list of
AuthOptions. Now, it accepts a single Credentials object and returns a
single AuthOptions object. This simpler interface allowed the test suite
to be easier to read, while adding negligible complexity to
PowerShellExploiter._exploit_host()
2021-09-17 11:30:32 -04:00
Ilija Lazoroski
83615e8c66
UI: Upgrade babel/cli due to vuln in glob-parent
2021-09-17 16:22:28 +02:00
Ilija Lazoroski
aac1b00553
UI: Replace node-sass with sass (Dart Sass)
...
Note: There are some annoying deprecation warnings
which come from bootstrap. Those can be dealt with
if we upgrade bootstrap.
2021-09-17 14:55:21 +02:00
Ilija Lazoroski
f942e87b75
UI: Update npm webpack
...
Note: webpack doesn't have verbose option anymore
2021-09-17 14:02:33 +02:00
Mike Salvatore
9d07f82bd6
Fix typo in CHANGELOG
2021-09-17 07:46:27 -04:00
VakarisZ
5a8507e5c6
Add the removal of "Execution through the module load" T1129 attack technique to the CHANGELOG.md
2021-09-17 14:21:06 +03:00
VakarisZ
b69916428b
Remove T1129 attack technique from the codebase
2021-09-17 14:19:42 +03:00
Ilija Lazoroski
525a112eaa
UI: Update npm version to 7.24.0
2021-09-17 12:27:57 +02:00