Commit Graph

5666 Commits

Author SHA1 Message Date
Mike Salvatore 13c9e41a4c agent: Extract default period to constant 2021-06-28 11:15:46 -04:00
shreyamalviya 3bea4bb86f tests: Refactor duplicate code for checking secure Windows permissions 2021-06-28 20:23:03 +05:30
Mike Salvatore 85c91f55bb agent: Use BatchingTelemetryMessenger in RansomewarePayload
We don't want the ransomware payload to encrypt all files and then send
telemetry to the island. This could lead to a long period of time where
the user has no insight into what the monkey is doing on a node. We also
don't want to flood the island with telemetries. By using the
BatchingTelemetryMessenger, ransomware encryption telemetries are
batched together and periodically sent to the island.
2021-06-28 09:48:54 -04:00
Mike Salvatore fadd978050 agent: Add BatchedTelemetryMessenger
This telemetry messenger is a decorator that aggregates batchable
telemetries and sends them to the island periodically.
2021-06-28 09:34:18 -04:00
Mike Salvatore 691e01e9c1 tests: Move telemetry_messenger_spy to infection_monkey/conftest.py 2021-06-28 09:34:18 -04:00
Mike Salvatore e549a4f8f4 agent: Rename TelemetryMessengerWrapper
The term "wrapper" is sometimes used as synonym for the decorator
pattern, whereas this class is a textbook adapter. Use the term
"adapter" instead of "wrapper" and rename "TelemetryMessengerWrapper" to
"LegacyTelemetryMessengerAdapter", as this class servers as an adapter
between the new ITelemetryMessenger interface and the (soon to be) legacy way of
sending telemetry.
2021-06-28 09:34:09 -04:00
Mike Salvatore a0b43a17a2 agent: Implement IBatchableTelem in RansomwareTelem
This allows encryption attempt telmetries to be batched into one
telemetry object so they can be sent to the island in batches.
2021-06-28 09:33:33 -04:00
Mike Salvatore 8e40e44263 agent: Add BatchableTelemMixin
Adds an implementation as a mixin of the two methods specified by
IBatchableTelem.
2021-06-28 09:33:33 -04:00
Mike Salvatore f2a940a4e0 agent: Add IBatchableTelem
IBatchableTelem adds two methods to the ITelem interface. These methods allow
a telemetry object to mange batches of telemetry entries, rather than
just one.
2021-06-28 09:33:33 -04:00
Mike Salvatore 2ec020f276 agent: Add logging to ransomware payload 2021-06-28 09:29:48 -04:00
Mike Salvatore 59efaabd50 agent: Catch and log exceptions thrown by the ransomware payload 2021-06-28 09:28:43 -04:00
VakarisZ b7c8006f94 Add readme to ransomware section of configuration schema 2021-06-28 14:43:51 +03:00
Shreya 7afe0818e5 tests: Use `is_windows_os()` while skipping tests in test_post_breach_files.py 2021-06-28 14:07:06 +05:30
Shreya 7211d59a38 tests: Add unit test for custom PBA dir permissions on Windows 2021-06-28 14:05:41 +05:30
Shreya 75a2f1b12e island: Use `create_secure_directory()` for custom PBA directory creation 2021-06-28 11:56:40 +05:30
Mike Salvatore 33a6e72df5
Merge pull request #1265 from guardicore/ransomware-encryption-documentation
Add documentation for ransomware
2021-06-27 17:32:14 -04:00
Mike Salvatore 3d403a92e8 agent: Fix incorrect config in ransomware payload 2021-06-25 10:21:08 -04:00
Mike Salvatore 1294e38f6e
Merge pull request #1259 from guardicore/ransomware-telemetry
Ransomware telemetry
2021-06-25 10:16:42 -04:00
Shreya 954cc469cf docs: Reword paragaraph about why ransomware simulation is sufficient 2021-06-25 19:07:32 +05:30
Mike Salvatore 76cf8a1bb4 agent: Wrap ransomware payload build/run in run_ransomware() 2021-06-25 09:19:15 -04:00
Shreya 61d95f52e1 docs: Reword the paragraph describing why the ransomware simulation is good enough 2021-06-25 16:37:50 +05:30
Shreya 32026f64a4 docs: Change "relevant extensions" to "targeted extensions" in ransomware docs 2021-06-25 16:27:35 +05:30
Shreya f77d0c28c2 docs: Add note about why ransomware encryption is not recursive and ignores shortcuts and symlinks 2021-06-25 16:22:59 +05:30
Shreya Malviya 3ddde83b5c
docs: Reword ransomware introductory description
Add "only" to clarify that encryption will only take place if a directory is specified.

Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-06-25 16:00:49 +05:30
Mike Salvatore 6773f695ba agent: Use ITelem in send_telemetry() typehint 2021-06-24 15:57:10 -04:00
Mike Salvatore 7b9c39edc6 Remove RansomwareTelem from vulture_allowlist 2021-06-24 15:55:17 -04:00
Mike Salvatore 76da583420 agent: Send telemetry from ransomware payload 2021-06-24 15:49:19 -04:00
Mike Salvatore 21525be192 agent: Use ITelem in ITelemetryMessenger.send() typehint 2021-06-24 13:55:09 -04:00
Mike Salvatore 46da0b7b1f agent: Add ITelem interface
Create a telemetry interface that sits above the BaseTelem abstract
class to allow telemetries to be extended without inheritance.
2021-06-24 12:07:14 -04:00
Mike Salvatore 77e3c8a257 agent: Add telemetry messenger interface
The telemetry classes have too many responsibilities. At the moment, one
such responsibility is to send themselves to the island. As our plugin
interfaces develop, the need may arise to send telemetry using different
mechanisms. To isolate the RansomwarePayload from these changes, the
ITelemetryMessenger interface is introduced in this commit. It provides
a send_telemetry() method that handles the specific details of how
telemetry is sent to the Island.

At the present time, the TelemetryMessengerWrapper class is introduced
to handle sending telemetry. It simply wraps the existing send() method
on the telemetry class.
2021-06-24 10:26:00 -04:00
Shreya cec8341b17 tests: Add unit tests for ransomware telem 2021-06-24 10:26:00 -04:00
Shreya 29bd48f703 telem: Add ransomware telemetry 2021-06-24 10:26:00 -04:00
Shreya d600aa7208 telem: Add telem category for ransomware 2021-06-24 10:26:00 -04:00
Mike Salvatore 6744ee71fc
Merge pull request #1264 from guardicore/ransomware-bitflip-encryption
Ransomware bitflip encryption
2021-06-24 08:24:52 -04:00
Mike Salvatore ef209a693c agent: Remove second file from test_file_encrypted_in_place() 2021-06-24 07:00:44 -04:00
Mike Salvatore f1e592380b agent: Rename test_file_with_included_extension_encrypted 2021-06-24 07:00:06 -04:00
Shreya 97bc0fd205 docs: Add more information about the safety and sufficiency of the ransomware simulation 2021-06-24 14:41:38 +05:30
Shreya 91c3a6cb0d docs: Reword some content on the ransomware page 2021-06-24 13:19:39 +05:30
Mike Salvatore 70480c7011 agent: Rename RansomwareBitflipEncryptor -> BitflipEncryptor 2021-06-23 11:05:34 -04:00
Mike Salvatore 1929ea7dae agent: Add file_selectors.select_production_safe_target_files() 2021-06-23 11:01:58 -04:00
Mike Salvatore 97cf198965 agent: Narrow the responsibilities of RansomwareBitflipEncryptor 2021-06-23 10:50:14 -04:00
Shreya da204416e6 docs: Add reference page for ransomware 2021-06-23 19:45:43 +05:30
Mike Salvatore 2ea5dc6ac7 tests: Add missing test_lib.dll
The .gitignore file prevents dlls from being added to git. Since this
isn't a real dll, but is only used for testing, we can add it anyway.
2021-06-23 09:57:27 -04:00
Mike Salvatore 9165737389 agent: Use larger chunk size in RansomwarePayload
The larger chunk size improves efficiency by reducing the number of
reads.
2021-06-23 09:42:12 -04:00
Mike Salvatore ae0dfec3cc agent: Return results from RansomwareBitflipEncryptor.encrypt_files() 2021-06-23 09:37:33 -04:00
Mike Salvatore f1a365def2 agent: Add unit test for RansomwareBitflipEncryptor 2021-06-23 09:19:46 -04:00
Mike Salvatore 707b40608a tests: Extract ransomware target files to ransomware_target_files.py 2021-06-23 09:08:36 -04:00
Mike Salvatore d99811f83f tests: Move ransomware_target() fixture to ransomware/conftest.py 2021-06-23 09:04:24 -04:00
Mike Salvatore 45ba743418 tests: Move hash_file() into tests/utils.py 2021-06-23 09:01:42 -04:00
Mike Salvatore ab40518881 agent: Extract bitflip encryption into its own class 2021-06-23 08:56:12 -04:00