Minor content fixes

This commit is contained in:
Shay Nehmad 2020-06-29 17:02:57 +03:00
parent e6c4e0d41c
commit e6f26cea32
6 changed files with 10 additions and 7 deletions

View File

@ -23,7 +23,7 @@ To run the monkey, select one of the following options:
![Run Page](/images/usage/getting-started/run_page_with_arrows.jpg "Run Page") ![Run Page](/images/usage/getting-started/run_page_with_arrows.jpg "Run Page")
1. Click **Run on C&C Server** to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate from a machine in the Monkey Island subnet. 1. Click **Run on C&C Server** to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate through local network from Monkey Island machine.
2. Click **Run on machine of your choice** to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate. 2. Click **Run on machine of your choice** to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate.
![Run on machine of your choice](/images/usage/getting-started/run_page_button_no_arrow.jpg "Run on machine of your choice") ![Run on machine of your choice](/images/usage/getting-started/run_page_button_no_arrow.jpg "Run on machine of your choice")

View File

@ -18,11 +18,14 @@ The MITRE ATT&CK report is centred around the ATT&CK matrix:
The Monkey rates your network on the attack techniques it attempted. For each technique, you can get The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
- **Red**: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed. - {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
- **Yellow**: The Monkey **tried to use** the technique, but didnt manage to. That means your network isnt vulnerable to the way Monkey employs this technique. - {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didnt manage to. That means your network isnt vulnerable to the way Monkey employs this technique.
- {{< label other Grey >}}: The Monkey **didn't try** the technique this time. Perhaps it wasn't relevant to this network or wasn't configured.
Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, lets look at the “Private keys” technique thats a part of employing the “Credentials Access” tactic: Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, lets look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique thats a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.jpg "MITRE Report Credentials Access technique") ![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
In this example, you can see **from which machines** the Monkey was able to steal SSH keys, and the mitigations recommended, including **Restricting File and Directory access** and implementing **Network Segmentation**. In this example, you can see how the Monkey was able to use one old `root` password to access all machines in the network. When scrolling to the bottom of this list, you can also see the mitigation recommended, including **Account Use Policies** and implementing **Multiple Factor Authentication**.
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access-mitigations.png "MITRE Report Credentials Access technique")

View File

@ -19,7 +19,7 @@ This diagram provides a quick glance at how your organization scores on each com
## Test Results ## Test Results
See how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust components so you can so you quickly navigate to the components you care about first. See how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust components so you can quickly navigate to the components you care about first.
![Zero Trust Report test results](/images/usage/reports/ztreport2.png "Zero Trust Report test results") ![Zero Trust Report test results](/images/usage/reports/ztreport2.png "Zero Trust Report test results")

Binary file not shown.

After

Width:  |  Height:  |  Size: 149 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 27 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 163 KiB