Mike Salvatore
3480b18e39
BB: Remove zerologon exploiter from depth_1_a_test_configuration
2022-07-19 09:00:51 -04:00
Mike Salvatore
4cd1c6bf3c
BB: Reorder some things in depth_1_a.py
2022-07-19 08:59:10 -04:00
Mike Salvatore
87363d3096
BB: Rename credentials -> CREDENTIALS
2022-07-19 08:57:19 -04:00
Mike Salvatore
707aa97a65
BB: Add TCP ports to depth_1_a_test_configuration
2022-07-19 08:47:57 -04:00
Mike Salvatore
189e2ad3d1
BB: Add HTTP ports to depth_1_a_test_configuration
2022-07-19 08:13:09 -04:00
Mike Salvatore
0c6764daf5
BB: Add add_http_ports()
2022-07-19 08:12:46 -04:00
Shreya Malviya
53e366a677
Island: Remove unused _KEY_LENGTH_BYTES variables from DataStoreEncryptor and RepositoryEncryptor
2022-07-19 14:51:58 +05:30
Shreya Malviya
f8eeda1e6f
Island: Use cryptography.fernet to generate key in DataStoreEncryptor
...
and RepositoryEncryptor
We changed our encryption code to use cryptography.fernet instead of
pycryptodome. Using secrets.token_bytes() with fernet was causing
padding and encoding issues. This is a quicker and easier solution, and
also probably more reliable since everything to do with encryption is
from the same module now.
2022-07-19 14:51:58 +05:30
Shreya Malviya
5eb77dcbb6
UT: Change key in test_key_based_encryptor.py to be URL safe (cryptography.fernet requires this)
2022-07-19 14:51:58 +05:30
Shreya Malviya
f542c9d0a8
Island: Fix KeyBasedEncryptor's encrypt function's logic
2022-07-19 14:51:58 +05:30
Shreya Malviya
637926ed09
Island: Extract fernet_object to an object variable in KeyBasedEncryptor
2022-07-19 14:51:58 +05:30
Shreya Malviya
373d34dce6
Island: Use cryptography.fernet for encryption in KeyBasedEncryptor
2022-07-19 14:51:58 +05:30
Shreya Malviya
c1449fb897
Island: Remove TODO comment about using cryptography.fernet
2022-07-19 14:51:58 +05:30
Shreya Malviya
09e57541cc
Project: Update Island dependencies to add `cryptography`
2022-07-19 14:51:58 +05:30
Shreya Malviya
c12e281e4e
Island: Use secrets instead of Crypto (pycryptodome) in DataStoreEncryptor
2022-07-19 14:51:58 +05:30
Ilija Lazoroski
cc021f33ff
UI: Add note about removal of 'weak_password' issue
2022-07-19 10:15:22 +02:00
Ilija Lazoroski
b3ec9e340f
UI: Fix Credentials parsing to use simplified credentials object
2022-07-18 21:49:24 +02:00
Ilija Lazoroski
57f2c7e058
Island: Fix credentials formatting to use simplified credentials object
2022-07-18 21:48:47 +02:00
Ilija Lazoroski
c56b38f695
UI: Add note in StolenPasswords component
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
67e67441c1
UI: Remove unused getCredenatislSecrets function
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
07b4956717
UI: Set stolen_creds issues in state
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
5e1adbb877
UI: Add formatting to StolenPasswordsComponent
...
This component was used in security and attack report with
two different sets of data. The first one is from the
credentials endpoint which needed formatting and the second
from the telemetry which was already formatted.
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
27c0b838c4
Island: Fix one missed telemetry processor
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
474a26aeff
UI: Fix StolenCredentials issue to add if we have any stolen credentials
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
5c765f85c2
UI: Add StolenCredentialsIssue to issues
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
35ed7f60c4
Island: Fix an import in initialize
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
c65439e049
UI: Remove WeakPassword issue
...
* We don't have the passwords used for exploiting the machines
in the UI
* All it will be reworked
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
1683265868
Island: Rename reporting/stolen_credentials.py to
...
reporting/format_credentials.py
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
5ebf0ed8f6
Island: Remove StolenCredentials model
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
a24bdd43b8
Island: Move credentials parser hack to dirty_hacks function
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
885f0565a8
Island: Patch T1003 with a callable class
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
06a64c14d7
Island: Add callable class for T1003
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
c83f76b02b
Island: Add formatting credentials for report
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
c75ee22c29
Island: Remove get_config_{users,passwords} from reporting
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
94419d8141
Island: Add PTHReportservice get issues functions
...
* get_duplicated_passwords_issues
* get strong_users_on_crit_issues
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
f417cff17b
UI: Rename UsedCredentials.tsx.js to UsedCredentials.js
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
bfda71dd45
UI: Check for actual stolen credentials in issues
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
89f5ff89d2
Island: Remove extract_ssh_keys from stolen_credentials reporting
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
4dbdbcc75e
UI: Remove unneeded logging in UsedCredentials component
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
8ccdba7528
UI: Grab credentials from endpoint and render them
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
f99bd74cd4
UI: Construct and render stolen credentials
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
2861f0b085
UI: Add UsedCredentials component to render credentials
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
e61b0bfdca
UI: Add credentials parsing functionalities
2022-07-18 21:23:17 +02:00
Ilija Lazoroski
f0f4f6d591
Island: Remove credentials from reporting
2022-07-18 21:23:17 +02:00
Mike Salvatore
f1d9ea64e5
BB: Add tcp ports to depth_1_a_test_configuration
2022-07-18 15:17:33 -04:00
Mike Salvatore
0a0cb5de19
BB: Set maximum depth in depth_1_a_test_configuration
2022-07-18 15:17:33 -04:00
Mike Salvatore
365b4098e4
BB: Set maximum depth in zerologon_test_configuration
2022-07-18 15:17:32 -04:00
Mike Salvatore
5a1a40a515
BB: Add set_maximum_depth()
2022-07-18 15:17:30 -04:00
ilija-lazoroski
7456ef6b05
Merge pull request #2100 from guardicore/2092-remove-single-tests
...
2092 remove single tests
2022-07-18 21:02:54 +02:00
Mike Salvatore
c2028f15a4
BB: Add depth_1_a_test_configuration
2022-07-18 15:00:06 -04:00