Mike Salvatore
13c9e41a4c
agent: Extract default period to constant
2021-06-28 11:15:46 -04:00
shreyamalviya
3bea4bb86f
tests: Refactor duplicate code for checking secure Windows permissions
2021-06-28 20:23:03 +05:30
Mike Salvatore
85c91f55bb
agent: Use BatchingTelemetryMessenger in RansomewarePayload
...
We don't want the ransomware payload to encrypt all files and then send
telemetry to the island. This could lead to a long period of time where
the user has no insight into what the monkey is doing on a node. We also
don't want to flood the island with telemetries. By using the
BatchingTelemetryMessenger, ransomware encryption telemetries are
batched together and periodically sent to the island.
2021-06-28 09:48:54 -04:00
Mike Salvatore
fadd978050
agent: Add BatchedTelemetryMessenger
...
This telemetry messenger is a decorator that aggregates batchable
telemetries and sends them to the island periodically.
2021-06-28 09:34:18 -04:00
Mike Salvatore
691e01e9c1
tests: Move telemetry_messenger_spy to infection_monkey/conftest.py
2021-06-28 09:34:18 -04:00
Mike Salvatore
e549a4f8f4
agent: Rename TelemetryMessengerWrapper
...
The term "wrapper" is sometimes used as synonym for the decorator
pattern, whereas this class is a textbook adapter. Use the term
"adapter" instead of "wrapper" and rename "TelemetryMessengerWrapper" to
"LegacyTelemetryMessengerAdapter", as this class servers as an adapter
between the new ITelemetryMessenger interface and the (soon to be) legacy way of
sending telemetry.
2021-06-28 09:34:09 -04:00
Mike Salvatore
a0b43a17a2
agent: Implement IBatchableTelem in RansomwareTelem
...
This allows encryption attempt telmetries to be batched into one
telemetry object so they can be sent to the island in batches.
2021-06-28 09:33:33 -04:00
Mike Salvatore
8e40e44263
agent: Add BatchableTelemMixin
...
Adds an implementation as a mixin of the two methods specified by
IBatchableTelem.
2021-06-28 09:33:33 -04:00
Mike Salvatore
f2a940a4e0
agent: Add IBatchableTelem
...
IBatchableTelem adds two methods to the ITelem interface. These methods allow
a telemetry object to mange batches of telemetry entries, rather than
just one.
2021-06-28 09:33:33 -04:00
Mike Salvatore
2ec020f276
agent: Add logging to ransomware payload
2021-06-28 09:29:48 -04:00
Mike Salvatore
59efaabd50
agent: Catch and log exceptions thrown by the ransomware payload
2021-06-28 09:28:43 -04:00
VakarisZ
b7c8006f94
Add readme to ransomware section of configuration schema
2021-06-28 14:43:51 +03:00
Shreya
7afe0818e5
tests: Use `is_windows_os()` while skipping tests in test_post_breach_files.py
2021-06-28 14:07:06 +05:30
Shreya
7211d59a38
tests: Add unit test for custom PBA dir permissions on Windows
2021-06-28 14:05:41 +05:30
Shreya
75a2f1b12e
island: Use `create_secure_directory()` for custom PBA directory creation
2021-06-28 11:56:40 +05:30
Mike Salvatore
33a6e72df5
Merge pull request #1265 from guardicore/ransomware-encryption-documentation
...
Add documentation for ransomware
2021-06-27 17:32:14 -04:00
Mike Salvatore
3d403a92e8
agent: Fix incorrect config in ransomware payload
2021-06-25 10:21:08 -04:00
Mike Salvatore
1294e38f6e
Merge pull request #1259 from guardicore/ransomware-telemetry
...
Ransomware telemetry
2021-06-25 10:16:42 -04:00
Shreya
954cc469cf
docs: Reword paragaraph about why ransomware simulation is sufficient
2021-06-25 19:07:32 +05:30
Mike Salvatore
76cf8a1bb4
agent: Wrap ransomware payload build/run in run_ransomware()
2021-06-25 09:19:15 -04:00
Shreya
61d95f52e1
docs: Reword the paragraph describing why the ransomware simulation is good enough
2021-06-25 16:37:50 +05:30
Shreya
32026f64a4
docs: Change "relevant extensions" to "targeted extensions" in ransomware docs
2021-06-25 16:27:35 +05:30
Shreya
f77d0c28c2
docs: Add note about why ransomware encryption is not recursive and ignores shortcuts and symlinks
2021-06-25 16:22:59 +05:30
Shreya Malviya
3ddde83b5c
docs: Reword ransomware introductory description
...
Add "only" to clarify that encryption will only take place if a directory is specified.
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-06-25 16:00:49 +05:30
Mike Salvatore
6773f695ba
agent: Use ITelem in send_telemetry() typehint
2021-06-24 15:57:10 -04:00
Mike Salvatore
7b9c39edc6
Remove RansomwareTelem from vulture_allowlist
2021-06-24 15:55:17 -04:00
Mike Salvatore
76da583420
agent: Send telemetry from ransomware payload
2021-06-24 15:49:19 -04:00
Mike Salvatore
21525be192
agent: Use ITelem in ITelemetryMessenger.send() typehint
2021-06-24 13:55:09 -04:00
Mike Salvatore
46da0b7b1f
agent: Add ITelem interface
...
Create a telemetry interface that sits above the BaseTelem abstract
class to allow telemetries to be extended without inheritance.
2021-06-24 12:07:14 -04:00
Mike Salvatore
77e3c8a257
agent: Add telemetry messenger interface
...
The telemetry classes have too many responsibilities. At the moment, one
such responsibility is to send themselves to the island. As our plugin
interfaces develop, the need may arise to send telemetry using different
mechanisms. To isolate the RansomwarePayload from these changes, the
ITelemetryMessenger interface is introduced in this commit. It provides
a send_telemetry() method that handles the specific details of how
telemetry is sent to the Island.
At the present time, the TelemetryMessengerWrapper class is introduced
to handle sending telemetry. It simply wraps the existing send() method
on the telemetry class.
2021-06-24 10:26:00 -04:00
Shreya
cec8341b17
tests: Add unit tests for ransomware telem
2021-06-24 10:26:00 -04:00
Shreya
29bd48f703
telem: Add ransomware telemetry
2021-06-24 10:26:00 -04:00
Shreya
d600aa7208
telem: Add telem category for ransomware
2021-06-24 10:26:00 -04:00
Mike Salvatore
6744ee71fc
Merge pull request #1264 from guardicore/ransomware-bitflip-encryption
...
Ransomware bitflip encryption
2021-06-24 08:24:52 -04:00
Mike Salvatore
ef209a693c
agent: Remove second file from test_file_encrypted_in_place()
2021-06-24 07:00:44 -04:00
Mike Salvatore
f1e592380b
agent: Rename test_file_with_included_extension_encrypted
2021-06-24 07:00:06 -04:00
Shreya
97bc0fd205
docs: Add more information about the safety and sufficiency of the ransomware simulation
2021-06-24 14:41:38 +05:30
Shreya
91c3a6cb0d
docs: Reword some content on the ransomware page
2021-06-24 13:19:39 +05:30
Mike Salvatore
70480c7011
agent: Rename RansomwareBitflipEncryptor -> BitflipEncryptor
2021-06-23 11:05:34 -04:00
Mike Salvatore
1929ea7dae
agent: Add file_selectors.select_production_safe_target_files()
2021-06-23 11:01:58 -04:00
Mike Salvatore
97cf198965
agent: Narrow the responsibilities of RansomwareBitflipEncryptor
2021-06-23 10:50:14 -04:00
Shreya
da204416e6
docs: Add reference page for ransomware
2021-06-23 19:45:43 +05:30
Mike Salvatore
2ea5dc6ac7
tests: Add missing test_lib.dll
...
The .gitignore file prevents dlls from being added to git. Since this
isn't a real dll, but is only used for testing, we can add it anyway.
2021-06-23 09:57:27 -04:00
Mike Salvatore
9165737389
agent: Use larger chunk size in RansomwarePayload
...
The larger chunk size improves efficiency by reducing the number of
reads.
2021-06-23 09:42:12 -04:00
Mike Salvatore
ae0dfec3cc
agent: Return results from RansomwareBitflipEncryptor.encrypt_files()
2021-06-23 09:37:33 -04:00
Mike Salvatore
f1a365def2
agent: Add unit test for RansomwareBitflipEncryptor
2021-06-23 09:19:46 -04:00
Mike Salvatore
707b40608a
tests: Extract ransomware target files to ransomware_target_files.py
2021-06-23 09:08:36 -04:00
Mike Salvatore
d99811f83f
tests: Move ransomware_target() fixture to ransomware/conftest.py
2021-06-23 09:04:24 -04:00
Mike Salvatore
45ba743418
tests: Move hash_file() into tests/utils.py
2021-06-23 09:01:42 -04:00
Mike Salvatore
ab40518881
agent: Extract bitflip encryption into its own class
2021-06-23 08:56:12 -04:00