p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,621 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

6621 Commits

Author SHA1 Message Date
Shreya Malviya 748bca43e9 island: Fix eslint warnings (trailing comma and double quotes) 2021-10-11 17:46:33 +05:30
Shreya Malviya 5a4f66d080 CHANGELOG: Add entry for T1086 reporting changes 2021-10-11 17:40:52 +05:30
Shreya Malviya 363e42ad7b cc: Change wording for header of PBAs' table in T1086's report 2021-10-11 17:30:36 +05:30
Shreya Malviya 3b11637f16 island: Change mongo query to include 'Modify Shell Startup Files' PBA in T1086's report 2021-10-11 17:29:46 +05:30
Shreya Malviya 7fa917581c cc: Add another table for T1086 (PowerShell) used as PBAs 2021-10-11 17:21:40 +05:30
Shreya Malviya d82f61d524 island: Add telem category to data for T1086 reporting 2021-10-11 15:22:33 +05:30
Shreya Malviya 2b789fca90 island: Add mongo query for PBAs for T1086 reporting 2021-10-11 15:14:40 +05:30
Mike Salvatore 356b3475cd
Merge pull request #1516 from guardicore/encryption-code-quality-improvements 
Encryption code quality improvements
 2021-10-08 08:05:05 -04:00
Ilija Lazoroski 8cf8f931e1 UI: Update packages that caused vulnerabilites 
ansi-regex moderate vulnerabilities are still
under review.
 2021-10-08 08:00:38 -04:00
Ilija Lazoroski bc345f84c0 UI: Update ansi-regex 2021-10-08 08:00:38 -04:00
Mike Salvatore 97c3ed3b97 Island: Rename internal DataStoreEncryptor methods 2021-10-07 14:45:00 -04:00
Mike Salvatore 1a0a07d550 Island: Reduce duplication in data_store_encryptor 2021-10-07 14:40:52 -04:00
Mike Salvatore bdf485e014 Island: Rename data_store_encryptor initialization functions 2021-10-07 14:40:50 -04:00
Mike Salvatore 2d414a6f7d Island: Ensure old key files are deleted on reinitialization 2021-10-07 14:03:28 -04:00
Mike Salvatore ecf4efe11a
Merge pull request #1515 from guardicore/proxy-test 
Fix proxy schema for tunneling
 2021-10-07 10:25:43 -04:00
Ilija Lazoroski cd23eb2909 Agent: Reword note in control 
Rewrite control set proxy UT, fix typo in httpfinger
 2021-10-07 16:18:17 +02:00
VakarisZ 2d28c4e800 Zoo: fix the fullDocs.md by removing the outdated section about monkey configurations, add a sections about what to do with the island if you're a simple user 2021-10-07 16:56:10 +03:00
VakarisZ f7e0b4fef1 Zoo: add missing tunneling-12 image definition to terraform scripts 2021-10-07 13:55:48 +03:00
Ilija Lazoroski a8182cbb3d UT: Add test for settting agent proxy 2021-10-07 10:50:41 +02:00
Mike Salvatore 9ee00c3044 Tests: Reduce code duplication in test_data_store_encryptor.py 2021-10-06 12:45:54 -04:00
Mike Salvatore c3ea714977
Merge pull request #1514 from guardicore/pba-attack-telemetry 
Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same
 2021-10-06 12:12:28 -04:00
Ilija Lazoroski a11d1d5f1e Agent: Changed note message for proxy schema 2021-10-06 18:10:46 +02:00
Ilija Lazoroski 3f33bc4a41 Agent: Consistent format string for set proxy 2021-10-06 18:05:30 +02:00
Ilija Lazoroski 87b882cb45 Agent: Set proxy schema for different OS 2021-10-06 16:53:55 +02:00
Shreya Malviya 5be841d08a island: For ATT&CK techniques mapped to PBAs, consider hostname and IP 
of the first entry in the PBA's results
 2021-10-06 19:27:32 +05:30
Shreya Malviya f7e37b0767 CHANGELOG: Add entry for bugix that wrongly reported the "`.bash_profile` and `.bashrc`" technique 2021-10-06 19:27:29 +05:30
Mike Salvatore 8310204e66 Tests: Test InvalidCiphertextError 2021-10-06 09:51:03 -04:00
Shreya Malviya f347088412 CHANGELOG: Add entry for ATT&CK report telemetry bugfix 2021-10-06 16:05:58 +05:30
Shreya Malviya c51f80ea3a tests: Modify post breach telem's unit test 2021-10-06 15:58:23 +05:30
Shreya Malviya e4f5f08a66 island: Remove unneeded mongo queries in ATT&CK techniques maped to PBAs 2021-10-06 14:50:10 +05:30
Shreya Malviya 81252e2b6a island: When generating ATT&CK report for techniques mapped to PBAs, check telem event's OS and technique's relevant systems 2021-10-06 14:46:17 +05:30
Shreya Malviya cccdf7f6c3 agent: Send OS info in post breach telem 2021-10-06 14:42:26 +05:30
Ilija Lazoroski cafd983622 Agent: Change proxy scheme format to http 2021-10-06 10:24:41 +02:00
Mike Salvatore e673667b34 Tests: Mark all tests in test_data_store_encryptor as slow 2021-10-05 16:48:48 -04:00
Mike Salvatore 95221ef53a Island: Add reinitialize_datastore_encryptor() 2021-10-05 16:48:46 -04:00
Mike Salvatore c0b257127a Island: Implement DataStoreEncryptor as a class 
This allows us to begin decoupling some implementation details from the
AuthenticationService.
 2021-10-05 15:59:39 -04:00
Mike Salvatore c124db7880 Agent: Use different proxy scheme on Windows 2021-10-05 13:55:32 -04:00
Mike Salvatore 0eafc6613a Island: Flatten directory structure for "encryption" package 2021-10-05 12:37:05 -04:00
Mike Salvatore bf082d36ef Tests: Mark encryption tests as slow 2021-10-05 12:14:10 -04:00
Mike Salvatore e7fcf933b7 Island: Remove try/except from MimikatzResultsEncryptor.encrypt() 
Catching this exception was a workaround for an issue that was resolved
in PR #1508.
 2021-10-05 12:12:38 -04:00
Mike Salvatore 849ced2334 Tests: Improve telemetry_dal tests 
* Reduce unnecessary mocking
* Remove defunct "mimikatz" field from mock telemetry
* Test encryption/decryption of all secret types for all users
 2021-10-05 12:10:46 -04:00
Mike Salvatore 8f9289517f Tests: Decouple uses_encryptor() fixture from AuthenticationService 2021-10-05 11:52:33 -04:00
Mike Salvatore a24979155f Island: Improve logging in PasswordBasedBytesEncryptor 2021-10-05 11:52:33 -04:00
Mike Salvatore 5aa0506ce1 Island: Use relative imports inside encryption package 2021-10-05 11:52:33 -04:00
Mike Salvatore f65251ddde Island: Rename password_based_string_encrypt{i,}or.py 2021-10-05 11:52:33 -04:00
Mike Salvatore 4944947b10 Island: Rename password_based_bytes_encrypt{ion,or}.py 2021-10-05 11:52:33 -04:00
Ilija Lazoroski e80662f7f8 Agent: Check for empty result in Modify shell files 2021-10-05 10:39:50 -04:00
VakarisZ 0a4973a66e
Merge pull request #1512 from guardicore/mimikatz_collector_fix 
Mimikatz collector fix
 2021-10-05 17:17:39 +03:00
VakarisZ bc422128f5 Monkey: add CHANGELOG.md entry about fixed Mimikatz credential collector when Azure credential collector is disabled 2021-10-05 17:16:51 +03:00
VakarisZ bbda934082 Monkey: include credential key into info dict of InfoCollector class 
This change cleans up the code because the info collectors can just add credentials to the info dictionary without explicitly checking if the key already exists
 2021-10-05 16:04:02 +03:00