diff --git a/CHANGELOG.md b/CHANGELOG.md index 59d20c442..019768075 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,12 @@ # Changelog -All notable changes to this project will be documented in this file. +All notable changes to this project will be documented in this +file. -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +The format is based on [Keep a +Changelog](https://keepachangelog.com/en/1.0.0/). -## [Unreleased] +## [1.11.0] - 2021-08-XX ### Added -- PostgreSQL fingerprinter. #892 - A runtime-configurable option to specify a data directory where runtime configuration and other artifacts can be stored. #994 - Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381 @@ -13,53 +14,58 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - A ransomware simulation payload. #1238 - The capability for a user to specify their own SSL certificate. #1208 - API endpoint for ransomware report. #1297 -- Add ransomware report. #1240 +- A ransomware report. #1240 - A script to build a docker image locally. #1140 ### Changed -- server_config.json can be selected at runtime. #963 -- Logger configuration can be selected at runtime. #971 -- `mongo_key.bin` file location can be selected at runtime. #994 -- Monkey agents are stored in the configurable data_dir when monkey is "run - from the island". #997 -- Reformated all code using black. #1070 -- Sorted all imports usind isort. #1081 -- Addressed all flake8 issues. #1071 +- Select server_config.json at runtime. #963 +- Select Logger configuration at runtime. #971 +- Select `mongo_key.bin` file location at runtime. #994 +- Store Monkey agents in the configurable data_dir when monkey is "run from the + island". #997 +- Reformat all code using black. #1070 +- Sort all imports using isort. #1081 +- Address all flake8 issues. #1071 - Use pipenv for python dependency management. #1091 -- Moved unit tests to a dedicated `tests/` directory to improve pytest - collection time. #1102 -- Default BB test suite behavior: if `--run-performance-tests` flag is not - specified, performance tests are skipped. -- Zerologon exploiter writes runtime artifacts to a secure temporary directory +- Move unit tests to a dedicated `tests/` directory to improve pytest collection + time. #1102 +- Skip BB performance tests by default. Run them if `--run-performance-tests` + flag is specified. +- Write Zerologon exploiter's runtime artifacts to a secure temporary directory instead of $HOME. #1143 -- Authentication mechanism to use bcrypt on server side. #1139 -- `server_config.json` puts environment config options in a separate section - named "environment". #1161 -- BlackBox tests can now register if they are ran on a fresh installation. #1180 +- Put environment config options in `server_config.json` into a separate + section named "environment". #1161 +- Automatically register if BlackBox tests are run on a fresh installation. + #1180 - Limit the ports used for scanning in blackbox tests. #1368 - Limit the propagation depth of most blackbox tests. #1400 -- Blackbox tests wait less time for monkeys to die. #1400 -- Improved the structure of unit tests by scoping fixtures only to relevant modules - instead of having a one huge fixture file, improved and renamed the directory - structure of unit tests and unit test infrastructure. #1178 -- MongoDb now gets launched by the Island via python. #1148 -- Create/check data directory on Island init. #1170 -- The formatting of some log messages to make them more readable. #1283 -- Some unit tests to run faster. #1125 +- Wait less time for monkeys to die when running BlackBox tests. #1400 +- Improve the structure of unit tests by scoping fixtures only to relevant + modules instead of having a one huge fixture file. #1178 +- Improve and rename the directory structure of unit tests and unit test + infrastructure. #1178 +- Launch MongoDB when the Island starts via python. #1148 +- Create/check data directory on Island initialization. #1170 +- Format some log messages to make them more readable. #1283 +- Improve runtime of some unit tests. #1125 +- Run curl OR wget (not both) when attempting to communicate as a new user on + Linux. #1407 ### Removed - Relevant dead code as reported by Vulture. #1149 - Island logger config and --logger-config CLI option. #1151 ### Fixed -- Attempted to delete a directory when monkey config reset was called. #1054 +- Attempt to delete a directory when monkey config reset was called. #1054 - An errant space in the windows commands to run monkey manually. #1153 -- gevent tracebacks in console output. #859 +- Gevent tracebacks in console output. #859 - Crash and failure to run PBAs if max depth reached. #1374 ### Security - Address minor issues discovered by Dlint. #1075 -- Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174 +- Hash passwords on server-side instead of client side. #1139 +- Generate random passwords when creating a new user (create user PBA, ms08_67 + exploit). #1174 - Implemented configuration encryption/decryption. #1189, #1204 - Create local custom PBA directory with secure permissions. #1270 - Create encryption key file for MongoDB with secure permissions. #1232 diff --git a/docs/content/reports/mitre.md b/docs/content/reports/mitre.md index 72228e6e5..ac03f1284 100644 --- a/docs/content/reports/mitre.md +++ b/docs/content/reports/mitre.md @@ -2,6 +2,7 @@ title: "MITRE ATT&CK report" description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base" date: 2020-06-24T21:17:18+03:00 +weight: 3 draft: false --- diff --git a/docs/content/reports/ransomware.md b/docs/content/reports/ransomware.md new file mode 100644 index 000000000..cd16d5e7c --- /dev/null +++ b/docs/content/reports/ransomware.md @@ -0,0 +1,49 @@ +--- +title: "Ransomware report" +date: 2021-08-05T13:23:10+03:00 +weight: 4 +draft: false +description: "Provides information about ransomware simulation on your network" +--- + +{{% notice info %}} +Check out [the Infection Monkey's ransomware simulation documentation]({{< ref +"/usage/scenarios/ransomware-simulation" >}}) and [the documentation for other +available reports]({{< ref "/reports" >}}). +{{% /notice %}} + +The Infection Monkey can be configured to [simulate a ransomware +attack](/usage/scenarios/ransomware-simulation) on your network. After running, +it generates a **Ransomware Report** that provides you with insight into how +ransomware might behave within your environment. + +The report is split into three sections: + +- [Breach](#breach) +- [Lateral Movement](#lateral-movement) +- [Attack](#attack) + +## Breach + +The breach section shows when and where the ransomware infection began. + +![Breach](/images/usage/reports/ransomware_report_1_breach.png "Breach") + + +## Lateral movement + +The lateral movement section provides information about how the simulated +ransomware was able to propagate through your network. + + +![Lateral +Movement](/images/usage/reports/ransomware_report_2_lateral_movement.png +"Lateral Movement") + + +## Attack + +The attack section shows the details of what the simulated ransomware +successfully encrypted, including a list of specific files. + +![Attack](/images/usage/reports/ransomware_report_3_attack.png "Attack") diff --git a/docs/content/reports/security.md b/docs/content/reports/security.md index 2ebe150bc..23299b2ab 100644 --- a/docs/content/reports/security.md +++ b/docs/content/reports/security.md @@ -1,6 +1,7 @@ --- title: "Security report" date: 2020-06-24T21:16:10+03:00 +weight: 1 draft: false description: "Provides actionable recommendations and insight into an attacker's view of your network" --- diff --git a/docs/content/reports/zero-trust.md b/docs/content/reports/zero-trust.md index 0e41d8ff7..921025b5b 100644 --- a/docs/content/reports/zero-trust.md +++ b/docs/content/reports/zero-trust.md @@ -1,6 +1,7 @@ --- title: "Zero Trust report" date: 2020-06-24T21:16:18+03:00 +weight: 2 draft: false description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them" --- @@ -28,7 +29,7 @@ This diagram provides you with a quick glance at how your organization scores on ## Test Results -This section shows how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust pillar, so you can quickly navigate to the category you want to prioritize. +This section shows how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust pillar, so you can quickly navigate to the category you want to prioritize. ![Zero Trust Report test results](/images/usage/reports/ztreport2.png "Zero Trust Report test results") diff --git a/docs/content/setup/docker.md b/docs/content/setup/docker.md index 48b3d4e3e..d92aa1bf5 100644 --- a/docs/content/setup/docker.md +++ b/docs/content/setup/docker.md @@ -29,7 +29,7 @@ The Infection Monkey Docker container works on Linux only. It is not compatible 1. Load the Monkey Island Docker image: ```bash - sudo docker load -i dk.monkeyisland.1.10.0.tar + sudo docker load -i dk.monkeyisland.VERSION.tar ``` ### 2. Start MongoDB @@ -58,7 +58,7 @@ been signed by a private certificate authority. sudo docker run \ --name monkey-island \ --network=host \ - guardicore/monkey-island:1.10.0 + guardicore/monkey-island:VERSION ``` ### 3b. Start Monkey Island with user-provided certificate @@ -81,7 +81,7 @@ been signed by a private certificate authority. --network=host \ --user "$(id -u ${USER}):$(id -g ${USER})" \ --volume "$(realpath ./monkey_island_data)":/monkey_island_data \ - guardicore/monkey-island:1.10.0 --setup-only + guardicore/monkey-island:VERSION --setup-only ``` 1. Move your `.crt` and `.key` files to `./monkey_island_data`. @@ -122,7 +122,7 @@ been signed by a private certificate authority. --network=host \ --user "$(id -u ${USER}):$(id -g ${USER})" \ --volume "$(realpath ./monkey_island_data)":/monkey_island_data \ - guardicore/monkey-island:1.10.0 + guardicore/monkey-island:VERSION ``` ### 4. Accessing Monkey Island @@ -152,7 +152,7 @@ to store data in the `monkey-mongo` container. UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte ``` -Starting a new container from the `guardicore/monkey-island:1.10.0` image +Starting a new container from the `guardicore/monkey-island:VERSION` image generates a new secret key for storing sensitive information in MongoDB. If you have an old database instance running (from a previous instance of Infection Monkey), the data stored in the `monkey-mongo` container has been encrypted diff --git a/docs/content/setup/linux.md b/docs/content/setup/linux.md index 877fb6a93..09bf7cac3 100644 --- a/docs/content/setup/linux.md +++ b/docs/content/setup/linux.md @@ -18,10 +18,10 @@ installed, but the ones that we've tested are: - Kali 2021.2 - Parrot 4.11 - Rocky 8 -- Suse Leap 15.3 -- Ubuntu 18.04 -- Ubuntu 20.04 -- Ubuntu 21.04 +- openSUSE Leap 15.3 +- Ubuntu Bionic 18.04 +- Ubuntu Focal 20.04 +- Ubuntu Hirsute 21.04 ## Deployment diff --git a/docs/content/setup/vmware.md b/docs/content/setup/vmware.md deleted file mode 100644 index c6519672b..000000000 --- a/docs/content/setup/vmware.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: "VMware" -date: 2020-05-26T20:57:14+03:00 -draft: false -pre: ' ' -weight: 3 -tags: ["setup", "vmware"] ---- - -## Deployment - -1. Deploy the Infection Monkey OVA by choosing **Deploy OVF Template** and - following the wizard instructions. *Note: make sure ports 5000 and 5001 on - the machine are accessible for inbound TCP traffic.* -1. Turn on the Infection Monkey VM. -1. Log in to the machine with the following credentials: - 1. Username: **monkeyuser** - 1. Password: **Noon.Earth.Always** -1. For security purposes, it's recommended that you change the machine - passwords by running the following commands: `sudo passwd monkeyuser`, `sudo - passwd root`. - -## OVA network modes - -You can use the OVA in one of two modes: - -1. In a network with the DHCP configured — In this case, the Monkey Island will - automatically query and receive an IP address from the network. -1. With a static IP address — In this case, you should log in to the VM console - with the username `monkeyuser` and the password `Noon.Earth.Always`. After logging - in, edit the Netplan configuration by entering the following command in the - prompt: - - ```sh - sudo nano /etc/netplan/00-installer-config.yaml - ``` - - Make the following changes: - - ```diff - # This is the network config written by 'subiquity' - network: - ethernets: - ens160: - - dhcp4: true - + dhcp4: false - + addresses: [XXX.XXX.XXX.XXX/24] - + gateway4: YYY.YYY.YYY.YYY - + nameservers: - + addresses: [1.1.1.1] - version: 2 - ``` - - Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace - `YYY.YYY.YYY.YYY` with the default gateway. - - Save the changes then run the command: - - ```sh - sudo netplan apply - ``` - - If this configuration does not suit your needs, see - https://netplan.io/examples/ for more information about how to configure - Netplan. - -## Upgrading - -Currently, there's no "upgrade-in-place" option when a new version is released. -To get an updated version, download the updated OVA file. - -If you'd like to keep your existing configuration, you can export it to a file -using the *Export config* button and then import it to the new Monkey Island. - -![Export configuration](../../images/setup/export-configuration.png "Export configuration") diff --git a/docs/content/setup/windows.md b/docs/content/setup/windows.md index b9d79a924..080a2a035 100644 --- a/docs/content/setup/windows.md +++ b/docs/content/setup/windows.md @@ -20,7 +20,7 @@ After running the installer, the following prompt should appear on the screen: 1. Follow the steps to complete the installation. 1. Run the Monkey Island by clicking on the desktop shortcut. -### Start Monkey Island with user-provided certificcate +### Start Monkey Island with user-provided certificate By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In enterprise or other security-sensitive environments, it is recommended that the diff --git a/docs/content/usage/file-checksums.md b/docs/content/usage/file-checksums.md index b063550ed..68f8d6f2a 100644 --- a/docs/content/usage/file-checksums.md +++ b/docs/content/usage/file-checksums.md @@ -37,24 +37,31 @@ $ sha256sum monkey-linux-64 | Filename | Type | Version | SHA256 | |------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| -| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` | -| monkey-windows-32.exe | Windows Agent | 1.10.0 | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` | -| monkey-linux-64 | Linux Agent | 1.10.0 | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` | -| monkey-linux-32 | Linux Agent | 1.10.0 | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` | -| infection_monkey_deb.tgz | Debian Package | 1.10.0 | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` | -| infection_monkey_debzt.tgz | Debian Package | 1.10.0 | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` | -| Monkey Island v1.10.0_3593_windows.exe | Windows Installer | 1.10.0 | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` | -| Monkey Island v1.10.0_3593_windowszt.exe | Windows Installer | 1.10.0 | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` | -| infection_monkey_docker_docker_20210326_171631.tgz | Docker | 1.10.0 | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` | -| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` | -| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` | -| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` | +| monkey-windows-64.exe | Windows Agent | 1.11.0 | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` | +| monkey-windows-32.exe | Windows Agent | 1.11.0 | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` | +| monkey-linux-64 | Linux Agent | 1.11.0 | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` | +| monkey-linux-32 | Linux Agent | 1.11.0 | `88d6d717f99047ae6f8ff9527b41ff004217c99b1b027f112d062dd9e66d11ab` | +| Infection_Monkey-1.11.0-x86_64.AppImage | Linux Package | 1.11.0 | `6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2` | +| infection_monkey_docker_20210811_211212.tgz | Docker | 1.11.0 | `40f203387cadd153f97c6a21dfdddacd4d4eeea334a9300d862bfb4ba528e2e6` | +| Monkey Island v1.11.0_3789.exe | Windows Installer | 1.11.0 | `20633c1993ea5f86b57b3a48d6875e8f72881f856f4713d747f07a559da05ccc` | ## Older checksums | Filename | Type | Version | SHA256 | |------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| +| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` | +| monkey-windows-32.exe | Windows Agent | 1.10.0 | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` | +| monkey-linux-64 | Linux Agent | 1.10.0 | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` | +| monkey-linux-32 | Linux Agent | 1.10.0 | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` | +| infection_monkey_deb.tgz | Debian Package | 1.10.0 | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` | +| infection_monkey_debzt.tgz | Debian Package | 1.10.0 | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` | +| Monkey Island v1.10.0_3593_windows.exe | Windows Installer | 1.10.0 | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` | +| Monkey Island v1.10.0_3593_windowszt.exe | Windows Installer | 1.10.0 | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` | +| infection_monkey_docker_docker_20210326_171631.tgz | Docker | 1.10.0 | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` | +| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` | +| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` | +| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` | | monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` | | monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` | | monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` | diff --git a/docs/layouts/shortcodes/homepage_shortcuts.html b/docs/layouts/shortcodes/homepage_shortcuts.html index df26d2ae5..7ae2fdbd7 100644 --- a/docs/layouts/shortcodes/homepage_shortcuts.html +++ b/docs/layouts/shortcodes/homepage_shortcuts.html @@ -74,10 +74,10 @@
Learn about use cases of the Infection Monkey.
+Learn about scenarios of the Infection Monkey.