ace60052da
Alter usages of telemetry collection in report to store/fetch system info telemetry using the Telemetry model
...
This is required to automatically encrypt/decrypt the telemetries and it's a good practice to have a DAL for telemetries
2021-09-24 13:31:26 +03:00
e6ad125be9
Change the telemetry model to have a method for fetching the telemetries based on queries.
...
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
3781095f25
Change the mock database name to "db", because all of the codebase is using this database.
...
This change enables us to write unit tests without the need to patch the the database name in all of the mongo queries that look like "mongo.db.collection"
2021-09-24 13:31:26 +03:00
1ab0fe7b13
Add Telemetry model
2021-09-24 13:31:26 +03:00
989d0ffd84
Add unit tests for telemetry model
2021-09-24 13:31:26 +03:00
b2db5e77c4
Change test_string_list_encryptor.py to re-use fixture "uses_encryptor" rather than implementing the same fixture locally
2021-09-24 13:31:23 +03:00
854ce4e1e1
Refactor DocumentEncryptor class into a series of methods.
...
DocumentEncryptor class serves no purpose because it holds no state, sensitive_fields can be passed as a parameter to methods
2021-09-24 13:30:28 +03:00
f3865d022b
Change mongomock_fixtures.py to drop the whole database instead of specified collections.
...
This makes it easier to add new database related tests, because we no longer need to modify the mongomock_fixtures.py to also drop a particular collection we are testing.
2021-09-24 13:30:27 +03:00
f1c7cf4047
Generalize report_encryptor.py into document_encryptor.py and extract the sensitive fields to report_encryptor.py
2021-09-24 13:30:27 +03:00
089158a976
Agent: Remove editable pyspnego degendency
...
pyspnego v0.2.0 has been released, so we no longer need to specify a git
commit hash in order to get the correct version.
2021-09-23 14:14:32 -04:00
1996387cc5
Remove unnecessary # noqa: E402 from __init__.py files
2021-09-23 13:39:48 -04:00
f0a2a43d51
Remove unnecessary # noqa: F401 from __init__.py files
2021-09-23 13:38:47 -04:00
8b7cb9c0b1
Merge pull request #1481 from guardicore/1471/merge-encryptions
...
Refactor encryptors
2021-09-23 13:38:00 -04:00
e2ede28967
Island: Rename get_encryptor and initialize_encryptor
...
Renamed to get_datastore_encryptor and
initialize_datastore_encryptor
2021-09-23 19:04:22 +02:00
e0779347b2
Island: Add all imports from encryption to __init__
...
Now the imports are shorter by one directory.
Check the __init__ in encryption.
2021-09-23 19:00:13 +02:00
071a4eb1a7
Island: Add IEncryptor to __init__
...
Dnt abbrev in PassworBasedEncryptor and KeyBasedEncryptor
Add comment for review and evaluate the padding function
2021-09-23 17:52:15 +02:00
1b91616778
Island: Add explanation for KBE and PBE
...
KeyBasedEncryptor and PasswordBasedEncryptor
2021-09-23 12:44:05 +02:00
a661dc4fe6
Island: Refactor encryptors
...
All encryptors are moved to server_utils/encryption.
They were renamed according to the class name.
Everywhere that we had use the encryptors I have updated the names.
Unit tests are also moved to UTs server_utils/encryption.
2021-09-22 22:48:13 +02:00
803d1c910f
Island: Separate password and key encryption
2021-09-22 18:10:16 +02:00
380d0ee74f
Merge pull request #1479 from guardicore/1476/upgrade-python-deps
...
Update Python dependencies
2021-09-22 08:30:13 -04:00
67b23c42bf
Tests: Simplify test names in test_string_list_encryptor.py
2021-09-22 07:44:54 -04:00
71d0cccdba
Island: Update boto3, botocore and awscli
...
botocore is dependency of boto3 which is
then dependency of awscli.
2021-09-22 11:26:47 +02:00
57bce38661
Agent: Upgrade urllib3 to 1.26.5
...
It should work because all the deps are
there.
2021-09-22 11:23:07 +02:00
ba4aabb67f
Merge pull request #1477 from guardicore/report_encryption
...
Report encryption
2021-09-22 11:48:22 +03:00
88f3a2b9ca
Add unit tests for string list encryptor
2021-09-22 10:23:41 +03:00
a1c0af4257
Improve readability and test empty list in test_report_model.py
2021-09-22 10:21:48 +03:00
627a31c902
Island: Remove string_encryptor.py
2021-09-21 13:58:16 -04:00
2ddd369afd
Island: Move encode/decode dot mongo functions to Report model
2021-09-21 13:58:14 -04:00
f662369a07
Tests: Decouple test_report_model.py from StringListEncryptor
2021-09-21 12:51:55 -04:00
13ba0b9091
Island: Rename FieldType to FieldEncryptor
...
* Switch FieldTypeABC from abstract class to interface, since there's no
intention of ever implementing FieldTypeABC's methods.
* Rename FieldTypeABC to IFieldEncryptor and rename StringList to
StringListEncryptor.
2021-09-21 12:30:35 -04:00
96ac13c579
Merge pull request #1478 from guardicore/powershell-pth-on-windows
...
Powershell pth on windows
2021-09-21 08:14:45 -04:00
5077d84269
Change report service to use report model.
...
Because report saving/fetching happens through model, model can encrypt/decrypt sensitive data
2021-09-21 10:45:39 +03:00
ea7a75df26
Add infrastructure for encrypting fields in database.
2021-09-21 10:43:34 +03:00
c7e91c5784
Add report model and a unit test for it's encryption
2021-09-21 10:39:39 +03:00
cf7b94613b
Rename test_config_encryption.py to test_encryption.py
...
This change is done because the code being tested is in encryption.py, not in config_encryption.py
2021-09-21 10:25:48 +03:00
f61602552f
Island: update dpath to the latest v2.0.5 and other packages version updates.
...
dpath lib had to be updated to get a bugfix
2021-09-21 10:19:21 +03:00
8fc79c2fe3
Agent: Use pyspnego with bugfix to enable PowerShell PTH on Windows
...
Specify commit 3f748f21 of pyspnego, as this commit contains a bugfix
that allows Infection Monkey to launch pass-the-hash attacks from a
Windows attacker.
2021-09-20 20:43:00 -04:00
4afeba6334
Merge pull request #1475 from guardicore/1468/fix-nodejs-dependencies
...
Update nodejs dependencies
2021-09-20 09:58:59 +02:00
844d244d67
Agent: Use NTLM specifically for PowerShell if using pass-the-hash
2021-09-17 11:43:06 -04:00
79aacf3dcb
Agent: Extract _get_*() functions from get_auth_options()
2021-09-17 11:42:52 -04:00
444fb90f93
Agent: Return single AuthOptions from get_auth_options()
...
The test suite was overly complicated for get_auth_options(), which
indicated that, perhaps, the function itself was overly complicated.
Previously, it accepted a list of Credentials and returned a list of
AuthOptions. Now, it accepts a single Credentials object and returns a
single AuthOptions object. This simpler interface allowed the test suite
to be easier to read, while adding negligible complexity to
PowerShellExploiter._exploit_host()
2021-09-17 11:30:32 -04:00
83615e8c66
UI: Upgrade babel/cli due to vuln in glob-parent
2021-09-17 16:22:28 +02:00
aac1b00553
UI: Replace node-sass with sass (Dart Sass)
...
Note: There are some annoying deprecation warnings
which come from bootstrap. Those can be dealt with
if we upgrade bootstrap.
2021-09-17 14:55:21 +02:00
f942e87b75
UI: Update npm webpack
...
Note: webpack doesn't have verbose option anymore
2021-09-17 14:02:33 +02:00
9d07f82bd6
Fix typo in CHANGELOG
2021-09-17 07:46:27 -04:00
5a8507e5c6
Add the removal of "Execution through the module load" T1129 attack technique to the CHANGELOG.md
2021-09-17 14:21:06 +03:00
b69916428b
Remove T1129 attack technique from the codebase
2021-09-17 14:19:42 +03:00
525a112eaa
UI: Update npm version to 7.24.0
2021-09-17 12:27:57 +02:00
43b1201751
UI: Update node dependencies using npm audit fix
2021-09-17 11:43:00 +02:00
a93d6361a3
Docs: fix broken scenario link in homepage_shortcuts.html
2021-09-16 14:46:31 +03:00
VakarisZ
Mike Salvatore
Ilija Lazoroski
VakarisZ