p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

island: Add `relevant_systems` property to attack techniques that run on 

specific systems

And remove hardcoded "since it didn't run on any ... systems" from the unscanned
message for those techniques
This commit is contained in:
Shreya Malviya 2021-09-22 18:30:35 +05:30
parent 9564fb1aaa
commit 8e733a8440
9 changed files with 21 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
monkey/monkey_island/cc/services/attack/technique_reports/T1053.py
View File

@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
class T1053(PostBreachTechnique):
tech_id = "T1053"
unscanned_msg = (
"Monkey didn't try scheduling a job on Windows since it didn't run on any Windows machines."
)
scanned_msg = "Monkey tried scheduling a job on the Windows system but failed."
used_msg = "Monkey scheduled a job on the Windows system."
relevant_systems = ["Windows"]
unscanned_msg = "Monkey didn't try scheduling a job on any Windows system."
scanned_msg = "Monkey tried scheduling a job on a Windows system but failed."
used_msg = "Monkey scheduled a job on a Windows system."
pba_names = [POST_BREACH_JOB_SCHEDULING]

5
monkey/monkey_island/cc/services/attack/technique_reports/T1075.py
View File

@ -5,9 +5,8 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
class T1075(AttackTechnique):
tech_id = "T1075"
unscanned_msg = (
"Monkey didn't try to use pass the hash attack since it didn't run on any Windows machines."
)
relevant_systems = ["Windows"]
unscanned_msg = "Monkey didn't try to use pass the hash attack."
scanned_msg = "Monkey tried to use hashes while logging in but didn't succeed."
used_msg = "Monkey successfully used hashed credentials."

5
monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
View File

@ -5,9 +5,10 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
class T1086(AttackTechnique):
tech_id = "T1086"
unscanned_msg = "Monkey didn't run powershell since it didn't run on any Windows machines."
relevant_systems = ["Windows"]
unscanned_msg = "Monkey didn't run PowerShell."
scanned_msg = ""
used_msg = "Monkey successfully ran powershell commands on exploited machines in the network."
used_msg = "Monkey successfully ran PowerShell commands on exploited machines in the network."
query = [
{

5
monkey/monkey_island/cc/services/attack/technique_reports/T1146.py
View File

@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
class T1146(PostBreachTechnique):
tech_id = "T1146"
unscanned_msg = (
"Monkey didn't try clearing the command history since it didn't run on any Linux machines."
)
relevant_systems = ["Linux"]
unscanned_msg = "Monkey didn't try clearing the command history."
scanned_msg = "Monkey tried clearing the command history but failed."
used_msg = "Monkey successfully cleared the command history (and then restored it back)."
pba_names = [POST_BREACH_CLEAR_CMD_HISTORY]

3
monkey/monkey_island/cc/services/attack/technique_reports/T1154.py
View File

@ -4,7 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
class T1154(PostBreachTechnique):
tech_id = "T1154"
unscanned_msg = "Monkey didn't use the trap command since it didn't run on any Linux machines."
relevant_systems = ["Linux"]
unscanned_msg = "Monkey didn't use the trap command."
scanned_msg = "Monkey tried using the trap command but failed."
used_msg = "Monkey used the trap command successfully."
pba_names = [POST_BREACH_TRAP_COMMAND]

5
monkey/monkey_island/cc/services/attack/technique_reports/T1156.py
View File

@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
class T1156(PostBreachTechnique):
tech_id = "T1156"
unscanned_msg = (
"Monkey didn't try modifying bash startup files since it didn't run on any Linux machines."
)
relevant_systems = ["Linux"]
unscanned_msg = "Monkey didn't try modifying bash startup files."
scanned_msg = "Monkey tried modifying bash startup files but failed."
used_msg = "Monkey successfully modified bash startup files."
pba_names = [POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION]

5
monkey/monkey_island/cc/services/attack/technique_reports/T1168.py
View File

@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
class T1168(PostBreachTechnique):
tech_id = "T1168"
unscanned_msg = (
"Monkey didn't try scheduling a job on Linux since it didn't run on any Linux machines."
)
relevant_systems = ["Linux"]
unscanned_msg = "Monkey didn't try scheduling a job on Linux."
scanned_msg = "Monkey tried scheduling a job on the Linux system but failed."
used_msg = "Monkey scheduled a job on the Linux system."
pba_names = [POST_BREACH_JOB_SCHEDULING]

5
monkey/monkey_island/cc/services/attack/technique_reports/T1197.py
View File

@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
class T1197(AttackTechnique):
tech_id = "T1197"
unscanned_msg = (
"Monkey didn't try to use any bits jobs since it didn't run on any Windows machines."
)
relevant_systems = ["Windows"]
unscanned_msg = "Monkey didn't try to use any bits jobs."
scanned_msg = "Monkey tried to use bits jobs but failed."
used_msg = "Monkey successfully used bits jobs at least once in the network."

3
monkey/monkey_island/cc/services/attack/technique_reports/T1216.py
View File

@ -4,9 +4,10 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
class T1216(PostBreachTechnique):
tech_id = "T1216"
relevant_sytems = ["Windows"]
unscanned_msg = (
"Monkey didn't attempt to execute an arbitrary program with the help of a "
"pre-existing signed script since it didn't run on any Windows machines. "
"pre-existing signed script. "
)
scanned_msg = (
"Monkey attempted to execute an arbitrary program with the help of a "