Ilija Lazoroski
597fe35806
Island: Remove WMI handler that processed wmi info
...
* Leftover from broken info gathering package
2022-02-22 17:18:31 +02:00
vakarisz
5c5e170296
Island: Add processors for credentials
2022-02-22 17:18:31 +02:00
Shreya Malviya
96bd7bca24
Merge pull request #1728 from guardicore/1605-modify-exploit-result-data
...
Modify ExploiterResultData
2022-02-22 20:38:22 +05:30
Shreya Malviya
b91f3b1551
Agent: Fix comment in ExploitTelem
2022-02-22 17:54:31 +05:30
Shreya Malviya
f0679ebb26
Agent: Move `pwd`'s import statement to avoid using try/except
2022-02-22 17:49:08 +05:30
Shreya Malviya
e47239f81c
Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData
2022-02-22 14:08:39 +05:30
Shreya Malviya
dff5bde894
UT: Modify ExploitTelem calls in UTs
2022-02-22 12:50:01 +05:30
Shreya Malviya
afb7210179
Agent: Modify ExploitTelem to accept param of type ExploiterResultData
2022-02-22 12:47:42 +05:30
ilija-lazoroski
4b83c79134
Merge pull request #1724 from guardicore/1605-pass-wormconfig-options
...
1605 pass wormconfig options
2022-02-21 13:52:28 +01:00
Ilija Lazoroski
c83285c782
Agent: Modify exploiters to have general and exploiter options
2022-02-21 13:45:58 +01:00
Shreya Malviya
10d8dc1f33
Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option
...
Remove `skip_exploit_if_file_exist` config option
2022-02-21 17:59:51 +05:30
Shreya Malviya
3c80e1c38b
UT: Remove `skip_exploit_if_file_exist` config field
2022-02-21 16:46:23 +05:30
Shreya Malviya
201a838e23
Island: Remove `skip_exploit_if_file_exist` from internal config
2022-02-21 16:45:45 +05:30
Shreya Malviya
e6f4c74b79
Agent: Remove `skip_exploit_if_file_exist` option
2022-02-21 16:45:17 +05:30
Shreya Malviya
1cce742692
UT: Fix UTs as per changes to ExploiterResultData and ExploitTelem
2022-02-21 16:02:00 +05:30
Shreya Malviya
125412ee18
Agent: Rename variables to make more sense
2022-02-21 14:50:33 +05:30
Shreya Malviya
a9e000f100
Agent: Modify ExploitTelem based on ExploiterResultData changes
2022-02-21 14:38:12 +05:30
Shreya Malviya
9f01aa0a0d
Agent: Add try/except for importing pwd (can't do it on Windows)
2022-02-21 13:49:40 +05:30
Shreya Malviya
ae856383a9
UT: Modify UTs to conform to modified ExploiterResultData
2022-02-21 13:27:11 +05:30
Shreya Malviya
add9c3a4fe
Agent: Modify mock puppet to conform to modified ExploiterResultData
2022-02-21 13:26:25 +05:30
Shreya Malviya
8d0fa3faef
Agent: Modify ExploiterResultData to have more details
2022-02-21 13:18:53 +05:30
Mike Salvatore
6150610bdc
Agent: Remove HostExploiter's dependency on Plugin
...
Issue #1605
PR #1725
2022-02-21 09:29:45 +02:00
Mike Salvatore
250530b456
Agent: Remove disused HostScanner abstract class
2022-02-20 14:21:21 -05:00
Mike Salvatore
17be51fe71
Agent: Remove disused HostFinger abstract class
2022-02-20 14:20:33 -05:00
Mike Salvatore
ccfe0a773e
Agent: Use filecmp instead of sha256 hash in ransomware payload
2022-02-20 14:03:42 -05:00
Ilija Lazoroski
cecf131528
Island: Modify config to add exploiters and exploit options
2022-02-18 20:04:24 +01:00
Mike Salvatore
5fe2f80aa4
Merge pull request #1723 from guardicore/1605-brute-force-utils
...
1605 brute force utils
2022-02-18 09:04:00 -05:00
Mike Salvatore
4d6f552ba2
Agent: Add documentation to functions in brute_force.
2022-02-18 09:02:41 -05:00
Mike Salvatore
5c872a67c3
Agent: Simplify generate_username_password_or_ntlm_hash_combinations()
2022-02-18 08:01:49 -05:00
Mike Salvatore
b7c7650f49
Agent: Copy credential generation from WormConfig to new brute_force.py
...
* Create a new module for useful functions for brute-force exploiters
* Copy functions for generating all pairs of username/password to
brute_force.py
* Replace specific functions for generating username/password pairs and
username/ssh_key pairs with a single generate_identity_secret_pairs()
function, since the distinction is no longer needed.
* Add unit tests
2022-02-18 08:00:46 -05:00
Ilija Lazoroski
915c58e8cc
Agent, Island: Modify config to remove boolean propagator field
2022-02-18 06:06:11 -05:00
Mike Salvatore
0bfa0cd1ca
Merge pull request #1721 from guardicore/1605-get-updated-credentials
...
1605 get updated credentials
2022-02-18 06:01:25 -05:00
vakarisz
c66671821c
Agent: update pypykatz version to 0.5.2
...
Update contains fixes for latest windows versions
2022-02-18 10:10:25 +02:00
Mike Salvatore
e2d116fdf1
Agent: Make request_cache() decorator thread-safe
2022-02-17 14:40:07 -05:00
Mike Salvatore
4005ea2924
Agent: Add caching to ControlChannel.get_credentials_for_propagation()
2022-02-17 14:34:21 -05:00
Mike Salvatore
c3e9690280
Agent: Add request_cache decorator
2022-02-17 14:25:03 -05:00
Mike Salvatore
2305a9d413
UT: Add fixture to test_exploiter to remove code duplication
2022-02-17 12:41:27 -05:00
Mike Salvatore
7551f254fc
Agent: Query for updated credentials in Exploiter
...
Allows exploiters to be run with the most up-to-date configured and
stolen credentials from the Island.
2022-02-17 12:36:17 -05:00
Mike Salvatore
095572f919
Merge branch '1606-run-credential-collectors' into agent-refactor
...
PR #1719
2022-02-17 09:30:01 -05:00
Mike Salvatore
5a4b508f54
Merge pull request #1718 from guardicore/1697-process-list-collector-pba
...
Make process list collection a PBA
2022-02-17 07:04:21 -05:00
Shreya Malviya
44b8947497
Docs: Remove adding-system-info-collectors.md
2022-02-17 17:01:05 +05:30
Shreya Malviya
83f544c9f2
Island: Rename mongo query variable in T1082.py
2022-02-17 16:58:41 +05:30
Shreya Malviya
f243e4a722
Agent: Drop testing changes made to mock puppet
2022-02-17 16:58:27 +05:30
Shreya Malviya
a234713e08
Common: Reword process list collection PBA constant
2022-02-17 16:55:29 +05:30
Mike Salvatore
f526933d84
Agent: Add TODO comment regarding OS checks in credential collectors
2022-02-17 06:18:44 -05:00
Mike Salvatore
704236a16f
Common: Alphabetize TelemCategoryEnum
2022-02-16 15:31:26 -05:00
Mike Salvatore
cc27dc9710
Changelog: Add changelog entry for SSHCollector
2022-02-16 15:17:13 -05:00
Mike Salvatore
0880e16c54
Agent: Change ICredentialCollector interface to return Sequence
...
Being able to check if the ICredentialCollector returned an empty
Sequence is useful and easier than checking for an "empty" Iterable.
2022-02-16 15:10:38 -05:00
Mike Salvatore
3a3a5f0c9c
Agent: Implement run_credential_collector() in Puppet
2022-02-16 15:01:36 -05:00
Mike Salvatore
10ee9f9e75
Agent: Do not run SSHCredentialsCollector if the OS is not Linux
2022-02-16 14:57:05 -05:00