p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,554 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

6554 Commits

Author SHA1 Message Date
Ilija Lazoroski a438f3afb0 Zoo: Replace --os with --skip-powershell-reuse 
With this logic the powershell cached will run
if we don't provide the cli param --skip-powershell-reuse.
 2021-09-28 17:31:20 +02:00
Ilija Lazoroski 449fe7517e Agent: Changed proxy schema 2021-09-28 16:21:19 +02:00
Mike Salvatore 0839f04b1d
Merge pull request #1483 from guardicore/incorrect-attack-report-msgs 
Fix incorrect ATT&CK report messages
 2021-09-28 07:24:17 -04:00
VakarisZ beafc0bf9e
Merge pull request #1493 from guardicore/credential_duplication_fix 
Duplicate credentials in system info telem
 2021-09-28 13:49:21 +03:00
VakarisZ d240427ce2 Remove mimikatz field from sensitive fields in telemetries since telemetries no longer contain such key 2021-09-28 13:09:06 +03:00
VakarisZ 27e2969e79 Remove the unnecessary "mimikatz" info from telemetry data since the exact same data is stored under "credentials" key 2021-09-28 13:03:10 +03:00
VakarisZ e40c83c2ff
Merge pull request #1485 from guardicore/telemetry_encryption 
Telemetry encryption in database
 2021-09-28 12:18:12 +03:00
VakarisZ 8b9ddb0c4b Removed unnecessary vulture ignores from whitelist 2021-09-28 11:04:42 +03:00
VakarisZ d79892427b Moved credential encryption in mongo CHANGELOG.md entry from Fixes to Security 2021-09-28 11:04:42 +03:00
VakarisZ a24eb841c1 Extract DAL interface for report model into a separate report_dal.py file 2021-09-28 11:04:42 +03:00
VakarisZ 1160ac6af0 Refactor dictionary and sensitive mongo field encryption by moving it to server_utils/encryption 2021-09-28 11:04:42 +03:00
Shreya Malviya cb4b845eaf tests: Fix unit test (remove 'The'; see previous commit) 2021-09-28 12:08:11 +05:30
Shreya Malviya e5b9f96447 island: Remove 'The' from text to be shown in report, for consistency 2021-09-28 12:08:10 +05:30
Shreya Malviya 6def66cfaf island: Move class variable `config_schema_per_attack_technique` to the 
top of its class `AttackTechnique`
 2021-09-28 12:08:10 +05:30
Mike Salvatore 67262e19d1
Merge pull request #1492 from guardicore/1484/faq-network-limitations 
docs: Add faq for limiting monkey propagation
 2021-09-27 14:30:57 -04:00
MarketingYeti 4b0bed8267 Docs: Edits to monkey propagation FAQ section 2021-09-27 14:29:10 -04:00
Mike Salvatore e67066dd0d UI: Add external link icon to Ransomware report 2021-09-27 14:20:04 -04:00
Mike Salvatore 7d9386c266 UI: Add ExternalLink React element 2021-09-27 14:19:55 -04:00
Mike Salvatore cc531a98ae UI: Add link to Guardicore blog in ransomware Attack section 2021-09-27 13:42:52 -04:00
Mike Salvatore ce8fad53cd UI: Add link to Guardicore blog in ransomware Breach section 2021-09-27 13:42:18 -04:00
Mike Salvatore f79e218160 UI: Fix minor formatting issues in LateralMovement.tsx 2021-09-27 13:41:45 -04:00
Ilija Lazoroski 07c08ac0b6 Zoo: Reformat powershell cached credentials test 2021-09-27 19:02:13 +02:00
Mike Salvatore c16cff7b32 Docs: Wrap lines in monkey propagation section of FAQ 2021-09-27 12:43:46 -04:00
Shreya Malviya 72caf5a80a
island: Simplify logic when creating reverse schema 
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
 2021-09-27 22:13:37 +05:30
Mike Salvatore cd937802d7 Docs: Edits to monkey propagation FAQ section 2021-09-27 12:42:46 -04:00
Shreya Malviya 0804cecb64 island, tests: Make config_schema_per_attack_technique a class variable instead of generating it every time 2021-09-27 20:29:30 +05:30
Ilija Lazoroski faef27a7d1 docs: Add faq for limiting monkey propagation 2021-09-27 16:58:25 +02:00
Shreya Malviya afedde8c05 island, tests: Pass schema as arg to generate reverse schema instead of generating reverse schema at runtime 2021-09-27 20:20:04 +05:30
VakarisZ 8b9973238e Add CHANGELOG.md entry about fixed plaintext credentials in mongodb 2021-09-27 16:59:11 +03:00
VakarisZ 46f263be5f Separate the telemetry document from telemetry_dal, also extracted external interface into __init__.py files 2021-09-27 16:56:45 +03:00
VakarisZ 51f6fbe356 Adjust island conftest.py to also rename the encryptor to datastore_encryptor 2021-09-27 16:29:41 +03:00
Shreya Malviya 96c525d656 docs: Add upward right arrow icon to external links 
Taken from
https://www.jayeless.net/2021/08/hugo-mark-external-links.html
 2021-09-27 07:51:15 -04:00
VakarisZ 87809c46c1 Fix breaking PBA file upload unit tests on windows. 
The tests broke because `get` endpoint opened up the file handle which was not closed anywhere. The delete endpoint couldn't delete the file, since a process was using it.
 2021-09-27 07:47:51 -04:00
Ilija Lazoroski 689e6ac532 Zoo: Add os specific black box test. 
Add new --os flag to the blackbox tests.
If not specified it will skip all os marked tests.
 2021-09-27 13:08:52 +02:00
Ilija Lazoroski b90e9ccf21 Zoo: Add second hop bb test 
Added new powershell-3-48 machine for second hop test.
Explanation why cached are not working after the first hop.
Documentation for the zoo.
 2021-09-24 15:29:11 +02:00
Shreya Malviya c2c5710dfa swimm: update exercise Add details about your new PBA JFXftJml8DpmuCPBA9rL 2021-09-24 17:41:08 +05:30
Shreya Malviya 1807bfcb3e swimm: update exercise Add a new System Info Collector OwcKMnALpn7tuBaJY1US 2021-09-24 17:37:59 +05:30
Shreya Malviya d6f91e45f7 swimm: update exercise Add details about your new PBA JFXftJml8DpmuCPBA9rL 2021-09-24 17:35:36 +05:30
Shreya Malviya a857d291d8 CHANGELOG: Add entry for modifying ATT&CK report messages 2021-09-24 17:32:17 +05:30
Shreya Malviya 85e54419f3 tests: Extract mocking to an autouse, function-scoped fixture to reduce 
code in test_technique_reports.py
 2021-09-24 17:23:59 +05:30
Shreya Malviya 6f903bd8f1 tests: Use enums for expected msgs for better readibility in 
test_technique_reports.py
 2021-09-24 17:12:03 +05:30
Shreya Malviya aff2bad777 tests: Move some code around in test_technique_reports.py so it's easier 
to read
 2021-09-24 16:42:04 +05:30
Shreya Malviya 90f3cff3cd tests: Add unit tests for `get_message_by_status()` in 
monkey_island\cc\services\attack\technique_reports\__init__.py
 2021-09-24 16:33:57 +05:30
VakarisZ ace60052da Alter usages of telemetry collection in report to store/fetch system info telemetry using the Telemetry model 
This is required to automatically encrypt/decrypt the telemetries and it's a good practice to have a DAL for telemetries
 2021-09-24 13:31:26 +03:00
VakarisZ e6ad125be9 Change the telemetry model to have a method for fetching the telemetries based on queries. 
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
 2021-09-24 13:31:26 +03:00
VakarisZ 3781095f25 Change the mock database name to "db", because all of the codebase is using this database. 
This change enables us to write unit tests without the need to patch the the database name in all of the mongo queries that look like "mongo.db.collection"
 2021-09-24 13:31:26 +03:00
VakarisZ 1ab0fe7b13 Add Telemetry model 2021-09-24 13:31:26 +03:00
VakarisZ 989d0ffd84 Add unit tests for telemetry model 2021-09-24 13:31:26 +03:00
VakarisZ b2db5e77c4 Change test_string_list_encryptor.py to re-use fixture "uses_encryptor" rather than implementing the same fixture locally 2021-09-24 13:31:23 +03:00
VakarisZ 854ce4e1e1 Refactor DocumentEncryptor class into a series of methods. 
DocumentEncryptor class serves no purpose because it holds no state, sensitive_fields can be passed as a parameter to methods
 2021-09-24 13:30:28 +03:00