2021-03-30 00:18:47 +08:00
|
|
|
# Changelog
|
2021-08-05 23:23:14 +08:00
|
|
|
All notable changes to this project will be documented in this
|
|
|
|
file.
|
2021-03-30 00:18:47 +08:00
|
|
|
|
2021-08-05 23:23:14 +08:00
|
|
|
The format is based on [Keep a
|
|
|
|
Changelog](https://keepachangelog.com/en/1.0.0/).
|
2021-03-30 00:18:47 +08:00
|
|
|
|
2021-08-05 19:29:08 +08:00
|
|
|
## [Unreleased]
|
2021-09-15 00:30:43 +08:00
|
|
|
### Added
|
|
|
|
- A new exploiter that allows propagation via PowerShell Remoting. #1246
|
|
|
|
- A warning regarding antivirus when agent binaries are missing. #1450
|
|
|
|
- A deployment.json file to store the deployment type. #1205
|
|
|
|
|
2021-08-30 21:46:24 +08:00
|
|
|
### Changed
|
|
|
|
- The name of the "Communicate as new user" post-breach action to "Communicate
|
|
|
|
as backdoor user". #1410
|
2021-09-29 17:18:57 +08:00
|
|
|
- Resetting login credentials also cleans the contents of the database. #1495
|
2021-09-24 20:02:17 +08:00
|
|
|
- ATT&CK report messages (more accurate now). #1483
|
2021-08-30 21:46:24 +08:00
|
|
|
|
2021-08-20 21:27:11 +08:00
|
|
|
### Removed
|
|
|
|
- Internet access check on agent start. #1402
|
|
|
|
- The "internal.monkey.internet_services" configuration option that enabled
|
|
|
|
internet access checks. #1402
|
2021-08-20 22:59:23 +08:00
|
|
|
- Disused traceroute binaries. #1397
|
2021-08-30 21:46:24 +08:00
|
|
|
- "Back door user" post-breach action. #1410
|
2021-08-30 21:56:34 +08:00
|
|
|
- Stale code in the Windows system info collector that collected installed
|
|
|
|
packages and WMI info. #1389
|
2021-09-15 00:30:43 +08:00
|
|
|
- Insecure access feature in the Monkey Island. #1418
|
|
|
|
- The "deployment" field from the server_config.json #1205
|
2021-09-17 19:21:06 +08:00
|
|
|
- The "Execution through module load" ATT&CK technique,
|
2021-09-17 19:46:27 +08:00
|
|
|
since it can no longer be exercise with current code #1416
|
2021-08-05 19:29:08 +08:00
|
|
|
|
|
|
|
### Fixed
|
|
|
|
- Misaligned buttons and input fields on exploiter and network configuration
|
|
|
|
pages. #1353
|
2021-08-20 19:46:02 +08:00
|
|
|
- Credentials shown in plain text on configuration screens. #1183
|
2021-08-20 21:23:23 +08:00
|
|
|
- Typo "trough" -> "through" in telemetry and docstring.
|
2021-08-13 20:41:11 +08:00
|
|
|
- Crash when unexpected character encoding is used by ping command on German
|
|
|
|
language systems. #1175
|
2021-08-23 23:44:29 +08:00
|
|
|
- Malfunctioning timestomping PBA. #1405
|
|
|
|
- Malfunctioning shell startup script PBA. #1419
|
2021-09-02 00:22:17 +08:00
|
|
|
- Trap command produced no output. #1406
|
2021-09-06 21:03:23 +08:00
|
|
|
- Overlapping Guardicore logo in the landing page. #1441
|
|
|
|
- PBA table collapse in security report on data change. #1423
|
2021-09-15 00:30:43 +08:00
|
|
|
- Unsigned Windows agent binaries in Linux packages are now signed. #1444
|
2021-09-27 21:59:11 +08:00
|
|
|
- Some of the gathered credentials no longer appear in database plaintext. #1454
|
2021-10-05 14:59:49 +08:00
|
|
|
- Encryptor breaking with UTF-8 characters. (Passwords in different languages can be submitted in
|
|
|
|
the config successfully now.) #1490
|
2021-10-05 22:16:51 +08:00
|
|
|
- Mimikatz collector no longer fails if Azure credential collector is disabled. #1512 #1493
|
2021-10-04 23:43:55 +08:00
|
|
|
- Unhandled error when "modify shell startup files PBA" is unable to find regular users. #1507
|
2021-10-06 20:54:46 +08:00
|
|
|
- ATT&CK report bug that showed different techniques' results under a technique if the PBA behind
|
2021-10-06 18:35:58 +08:00
|
|
|
them was the same. #1514
|
2021-10-06 20:54:46 +08:00
|
|
|
- ATT&CK report bug that said that the technique "`.bash_profile` and `.bashrc`" was not attempted
|
|
|
|
when it actually was attempted but failed. #1511
|
2021-10-13 20:50:14 +08:00
|
|
|
- Bug that periodically cleared the telemetry table's filter. #1392
|
2021-08-05 19:29:08 +08:00
|
|
|
|
2021-08-30 17:24:09 +08:00
|
|
|
### Security
|
2021-09-02 00:22:17 +08:00
|
|
|
- Generate a random password when creating a new user for CommunicateAsNewUser
|
|
|
|
PBA. #1434
|
2021-09-28 15:59:04 +08:00
|
|
|
- Credentials gathered from victim machines are no longer stored plaintext in the database. #1454
|
2021-10-01 17:48:08 +08:00
|
|
|
- Encrypt the database key with user's credentials. #1463
|
2021-09-28 15:59:04 +08:00
|
|
|
|
2021-08-30 17:24:09 +08:00
|
|
|
|
2021-08-13 20:38:05 +08:00
|
|
|
## [1.11.0] - 2021-08-13
|
2021-04-01 01:51:31 +08:00
|
|
|
### Added
|
2021-04-01 00:07:20 +08:00
|
|
|
- A runtime-configurable option to specify a data directory where runtime
|
|
|
|
configuration and other artifacts can be stored. #994
|
2021-08-01 07:22:42 +08:00
|
|
|
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
|
2021-05-12 03:03:18 +08:00
|
|
|
- `log_level` option to server config. #1151
|
2021-06-29 23:48:07 +08:00
|
|
|
- A ransomware simulation payload. #1238
|
2021-07-05 20:18:00 +08:00
|
|
|
- The capability for a user to specify their own SSL certificate. #1208
|
2021-07-06 18:46:35 +08:00
|
|
|
- API endpoint for ransomware report. #1297
|
2021-08-05 23:23:14 +08:00
|
|
|
- A ransomware report. #1240
|
2021-07-27 01:23:38 +08:00
|
|
|
- A script to build a docker image locally. #1140
|
2021-04-01 00:07:20 +08:00
|
|
|
|
|
|
|
### Changed
|
2021-08-05 23:23:14 +08:00
|
|
|
- Select server_config.json at runtime. #963
|
|
|
|
- Select Logger configuration at runtime. #971
|
|
|
|
- Select `mongo_key.bin` file location at runtime. #994
|
|
|
|
- Store Monkey agents in the configurable data_dir when monkey is "run from the
|
2021-08-30 21:44:20 +08:00
|
|
|
- island". #997
|
2021-08-05 23:23:14 +08:00
|
|
|
- Reformat all code using black. #1070
|
2021-08-05 23:42:13 +08:00
|
|
|
- Sort all imports using isort. #1081
|
2021-08-05 23:23:14 +08:00
|
|
|
- Address all flake8 issues. #1071
|
2021-04-26 23:59:17 +08:00
|
|
|
- Use pipenv for python dependency management. #1091
|
2021-08-05 23:42:13 +08:00
|
|
|
- Move unit tests to a dedicated `tests/` directory to improve pytest collection
|
2021-08-05 23:23:14 +08:00
|
|
|
time. #1102
|
|
|
|
- Skip BB performance tests by default. Run them if `--run-performance-tests`
|
|
|
|
flag is specified.
|
|
|
|
- Write Zerologon exploiter's runtime artifacts to a secure temporary directory
|
2021-05-04 20:36:22 +08:00
|
|
|
instead of $HOME. #1143
|
2021-08-05 23:23:14 +08:00
|
|
|
- Put environment config options in `server_config.json` into a separate
|
|
|
|
section named "environment". #1161
|
2021-09-02 00:22:17 +08:00
|
|
|
- Automatically register if BlackBox tests are run on a fresh
|
|
|
|
installation. #1180
|
2021-08-05 03:20:34 +08:00
|
|
|
- Limit the ports used for scanning in blackbox tests. #1368
|
|
|
|
- Limit the propagation depth of most blackbox tests. #1400
|
2021-08-05 23:23:14 +08:00
|
|
|
- Wait less time for monkeys to die when running BlackBox tests. #1400
|
|
|
|
- Improve the structure of unit tests by scoping fixtures only to relevant
|
|
|
|
modules instead of having a one huge fixture file. #1178
|
|
|
|
- Improve and rename the directory structure of unit tests and unit test
|
|
|
|
infrastructure. #1178
|
|
|
|
- Launch MongoDB when the Island starts via python. #1148
|
|
|
|
- Create/check data directory on Island initialization. #1170
|
|
|
|
- Format some log messages to make them more readable. #1283
|
|
|
|
- Improve runtime of some unit tests. #1125
|
2021-08-10 00:18:47 +08:00
|
|
|
- Run curl OR wget (not both) when attempting to communicate as a new user on
|
|
|
|
Linux. #1407
|
2021-05-12 03:03:18 +08:00
|
|
|
|
|
|
|
### Removed
|
|
|
|
- Relevant dead code as reported by Vulture. #1149
|
|
|
|
- Island logger config and --logger-config CLI option. #1151
|
2021-04-27 00:01:19 +08:00
|
|
|
|
|
|
|
### Fixed
|
2021-08-05 23:23:14 +08:00
|
|
|
- Attempt to delete a directory when monkey config reset was called. #1054
|
2021-05-10 23:32:45 +08:00
|
|
|
- An errant space in the windows commands to run monkey manually. #1153
|
2021-08-05 23:23:14 +08:00
|
|
|
- Gevent tracebacks in console output. #859
|
2021-07-30 17:49:24 +08:00
|
|
|
- Crash and failure to run PBAs if max depth reached. #1374
|
2021-04-27 00:03:16 +08:00
|
|
|
|
|
|
|
### Security
|
|
|
|
- Address minor issues discovered by Dlint. #1075
|
2021-08-05 23:23:14 +08:00
|
|
|
- Hash passwords on server-side instead of client side. #1139
|
|
|
|
- Generate random passwords when creating a new user (create user PBA, ms08_67
|
|
|
|
exploit). #1174
|
2021-06-09 22:02:44 +08:00
|
|
|
- Implemented configuration encryption/decryption. #1189, #1204
|
2021-07-05 20:18:00 +08:00
|
|
|
- Create local custom PBA directory with secure permissions. #1270
|
|
|
|
- Create encryption key file for MongoDB with secure permissions. #1232
|