VakarisZ
|
e49b7b85cc
|
Improved formatting and link styles in SecurityReport.js
|
2021-03-01 10:27:56 -05:00 |
VakarisZ
|
8eeed20f7e
|
Changed zerologon links to be more consistent and have a style
|
2021-03-01 10:27:56 -05:00 |
VakarisZ
|
b3e9922d0f
|
Changed the logic of zerologon password restoration issue overview to be more consistent with the function of issue map.
|
2021-03-01 10:27:56 -05:00 |
Mike Salvatore
|
cfaf4a15c3
|
Merge pull request #1000 from guardicore/unsafe-options-confirmation
Unsafe options confirmation
|
2021-03-01 10:25:28 -05:00 |
Mike Salvatore
|
5050f33f1a
|
ui: add missing semicolons to ConfigurePage.js
|
2021-03-01 10:14:08 -05:00 |
Shreya
|
7b0f35b8a4
|
Add comment to unit tests, specifying where else changes need to be made
|
2021-03-01 18:00:52 +05:30 |
Mike Salvatore
|
abc76e0c73
|
docs: add missing comma on zerologon docs
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
|
2021-02-28 18:35:07 -05:00 |
Mike Salvatore
|
5e088e6908
|
docs: minor rewording in zerologon docs
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
|
2021-02-28 18:34:47 -05:00 |
Mike Salvatore
|
f094c3e9c1
|
docs: Add warnings and password restoration instructions for Zerologon
|
2021-02-27 19:38:26 -05:00 |
Mike Salvatore
|
f6fc380fd7
|
ui: add fingerprinters to SafeOptionValidator
|
2021-02-26 14:40:49 -05:00 |
Mike Salvatore
|
67e142f4fe
|
ui: generalize isUnsafeOptionSelected
|
2021-02-26 14:33:42 -05:00 |
Mike Salvatore
|
dd7c1bb08c
|
ui: rework logic to remove unsafeOptionsConfirmed
|
2021-02-26 14:27:18 -05:00 |
Mike Salvatore
|
95af08a5fa
|
ui: improve names in unsafeItemSelected
|
2021-02-26 12:50:31 -05:00 |
Mike Salvatore
|
75bf30913a
|
ui: extract UnsafeOptionsConfirmationModal JSX invocation into a function
|
2021-02-26 12:49:57 -05:00 |
Shreya
|
2f99631ed4
|
Fix unit tests
|
2021-02-26 22:39:32 +05:30 |
Mike Salvatore
|
5a9cb8b4af
|
ui: switch unsafe modal cancel button to variant secondary
|
2021-02-26 11:11:52 -05:00 |
Mike Salvatore
|
11c30fec14
|
ui: simplify `onClick()` callbacks in UnsafeOptionsConfirmationModal
|
2021-02-26 11:08:57 -05:00 |
Mike Salvatore
|
2ef81d5688
|
ui: change language from "use" -> submit for consistency
|
2021-02-26 11:06:33 -05:00 |
Mike Salvatore
|
7079a6fd23
|
ui: pass callback, not return value, to setState()
|
2021-02-26 08:42:04 -05:00 |
Mike Salvatore
|
f094efba8f
|
ui: minor change to unsafe modal dialog language
Co-authored-by: VakarisZ <36815064+VakarisZ@users.noreply.github.com>
|
2021-02-26 08:10:13 -05:00 |
Mike Salvatore
|
10a4252aff
|
ui: remove unnecessary semicolons
|
2021-02-26 08:08:48 -05:00 |
Mike Salvatore
|
68e835433a
|
ui: sort unsafe options first so they're less likely to be hidden
|
2021-02-26 08:08:39 -05:00 |
Mike Salvatore
|
88e2ccb30a
|
ui: pass callback, not return value, to setState()
|
2021-02-25 20:02:33 -05:00 |
Mike Salvatore
|
f82d4a1b97
|
ui: fix capitalization of "Import config" button for consistency
|
2021-02-25 19:54:32 -05:00 |
Mike Salvatore
|
8f32c48964
|
ui: make unsafeItemSelected() a pure function
|
2021-02-25 19:47:21 -05:00 |
Mike Salvatore
|
ff28509d0d
|
ui: fix race in unsafe confirmation modal dialog
|
2021-02-25 19:41:36 -05:00 |
Mike Salvatore
|
8fd1582909
|
ui: display modal dialog when unsafe config is imported
|
2021-02-25 19:19:36 -05:00 |
Mike Salvatore
|
d160787851
|
ui: extract renderUnsafeOptionsConfirmationModal() into a component
|
2021-02-25 15:39:32 -05:00 |
Mike Salvatore
|
6813262b30
|
ui: check PBA, exploiter, and system info safety on submit
|
2021-02-25 13:37:41 -05:00 |
Shreya
|
c0d2d5b2b6
|
Fix typo, remove unused import, change function/variable names for consistency
|
2021-02-25 22:38:17 +05:30 |
Mike Salvatore
|
510b001c2a
|
ui: add a modal dialog that asks users to confirm unsafe options
|
2021-02-25 11:59:01 -05:00 |
Shreya
|
f9ea196b98
|
Add unit tests for `set_server_ips_in_config()` in monkey_island/cc/services/config.py
|
2021-02-25 22:14:36 +05:30 |
VakarisZ
|
ce697b3a45
|
Improved exception handling of expected exceptions - if they are expected, we don't need to see the error trace.
|
2021-02-25 16:27:45 +02:00 |
VakarisZ
|
e9b84ff86d
|
Improved zero logon exploiter to fail on failed domain controller name fetch.
|
2021-02-25 16:27:45 +02:00 |
Mike Salvatore
|
67fd1712b5
|
report: rename ZEROLOGON_CRED_RESTORE_FAILED -> ZEROLOGON_PASSWORD_RESTORED
|
2021-02-25 09:04:47 -05:00 |
Shreya
|
11e6b9e281
|
Take IPs for Run Monkey -> Manual page from configuration
|
2021-02-25 19:06:17 +05:30 |
VakarisZ
|
94ac75e649
|
Improved zero logon overview UI and added password restoration warning to overview.
|
2021-02-25 15:29:22 +02:00 |
VakarisZ
|
8b7e0d0fa0
|
Added ZeroLogon overview section to the report
|
2021-02-25 15:16:00 +02:00 |
Shreya
|
6581a5ab0c
|
Add warning to machine-specific recommendation if password was not reset
|
2021-02-25 18:17:50 +05:30 |
Shreya
|
3da1de39a6
|
Add Zerologon (and Drupal) information to "Immediate Threats"
|
2021-02-25 14:54:36 +05:30 |
Mike Salvatore
|
f17c08d286
|
cc,agent: rename password_restore_success -> password_restored
|
2021-02-24 17:26:31 -05:00 |
Mike Salvatore
|
70fd7d7bb0
|
cc: add password_restore_success to zerologon report issue
|
2021-02-24 17:15:32 -05:00 |
Mike Salvatore
|
4fbb0f2026
|
ui: add machine-related recommendation for Zerologon to security report
|
2021-02-24 16:36:53 -05:00 |
Mike Salvatore
|
36bd9834a6
|
agent: add zerologon password restore success/failure to telemetry
|
2021-02-24 15:07:42 -05:00 |
Mike Salvatore
|
b6bb6d8221
|
cc: format exploiter_classes.py with black
|
2021-02-24 13:40:49 -05:00 |
Mike Salvatore
|
b5b8d289ca
|
cc: add a note about resetting password after failed zerologon attempt
|
2021-02-24 13:23:46 -05:00 |
Shreya Malviya
|
bc3283c4a5
|
Merge pull request #911 from shreyamalviya/zerologon-exploiter
Zerologon Exploiter
|
2021-02-24 17:58:45 +05:30 |
Shreya Malviya
|
43cac3568b
|
Reword exploiter description
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
|
2021-02-24 16:18:58 +05:30 |
Shreya
|
28edf7d2b7
|
Encrypt credentials before logging
|
2021-02-24 16:08:36 +05:30 |
VakarisZ
|
fdeb54d541
|
Added jwt_required decorator to the "local_run" endpoint, in order to avoid malicious actors running the monkey
|
2021-02-23 10:47:37 -05:00 |