Commit Graph

7398 Commits

Author SHA1 Message Date
Ilija Lazoroski 597fe35806 Island: Remove WMI handler that processed wmi info
* Leftover from broken info gathering package
2022-02-22 17:18:31 +02:00
vakarisz 5c5e170296 Island: Add processors for credentials 2022-02-22 17:18:31 +02:00
Shreya Malviya 96bd7bca24
Merge pull request #1728 from guardicore/1605-modify-exploit-result-data
Modify ExploiterResultData
2022-02-22 20:38:22 +05:30
Shreya Malviya b91f3b1551 Agent: Fix comment in ExploitTelem 2022-02-22 17:54:31 +05:30
Shreya Malviya f0679ebb26 Agent: Move `pwd`'s import statement to avoid using try/except 2022-02-22 17:49:08 +05:30
Shreya Malviya e47239f81c Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData 2022-02-22 14:08:39 +05:30
Shreya Malviya dff5bde894 UT: Modify ExploitTelem calls in UTs 2022-02-22 12:50:01 +05:30
Shreya Malviya afb7210179 Agent: Modify ExploitTelem to accept param of type ExploiterResultData 2022-02-22 12:47:42 +05:30
ilija-lazoroski 4b83c79134
Merge pull request #1724 from guardicore/1605-pass-wormconfig-options
1605 pass wormconfig options
2022-02-21 13:52:28 +01:00
Ilija Lazoroski c83285c782 Agent: Modify exploiters to have general and exploiter options 2022-02-21 13:45:58 +01:00
Shreya Malviya 10d8dc1f33
Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option
Remove `skip_exploit_if_file_exist` config option
2022-02-21 17:59:51 +05:30
Shreya Malviya 3c80e1c38b UT: Remove `skip_exploit_if_file_exist` config field 2022-02-21 16:46:23 +05:30
Shreya Malviya 201a838e23 Island: Remove `skip_exploit_if_file_exist` from internal config 2022-02-21 16:45:45 +05:30
Shreya Malviya e6f4c74b79 Agent: Remove `skip_exploit_if_file_exist` option 2022-02-21 16:45:17 +05:30
Shreya Malviya 1cce742692 UT: Fix UTs as per changes to ExploiterResultData and ExploitTelem 2022-02-21 16:02:00 +05:30
Shreya Malviya 125412ee18 Agent: Rename variables to make more sense 2022-02-21 14:50:33 +05:30
Shreya Malviya a9e000f100 Agent: Modify ExploitTelem based on ExploiterResultData changes 2022-02-21 14:38:12 +05:30
Shreya Malviya 9f01aa0a0d Agent: Add try/except for importing pwd (can't do it on Windows) 2022-02-21 13:49:40 +05:30
Shreya Malviya ae856383a9 UT: Modify UTs to conform to modified ExploiterResultData 2022-02-21 13:27:11 +05:30
Shreya Malviya add9c3a4fe Agent: Modify mock puppet to conform to modified ExploiterResultData 2022-02-21 13:26:25 +05:30
Shreya Malviya 8d0fa3faef Agent: Modify ExploiterResultData to have more details 2022-02-21 13:18:53 +05:30
Mike Salvatore 6150610bdc Agent: Remove HostExploiter's dependency on Plugin
Issue #1605
PR #1725
2022-02-21 09:29:45 +02:00
Mike Salvatore 250530b456 Agent: Remove disused HostScanner abstract class 2022-02-20 14:21:21 -05:00
Mike Salvatore 17be51fe71 Agent: Remove disused HostFinger abstract class 2022-02-20 14:20:33 -05:00
Mike Salvatore ccfe0a773e Agent: Use filecmp instead of sha256 hash in ransomware payload 2022-02-20 14:03:42 -05:00
Ilija Lazoroski cecf131528 Island: Modify config to add exploiters and exploit options 2022-02-18 20:04:24 +01:00
Mike Salvatore 5fe2f80aa4
Merge pull request #1723 from guardicore/1605-brute-force-utils
1605 brute force utils
2022-02-18 09:04:00 -05:00
Mike Salvatore 4d6f552ba2 Agent: Add documentation to functions in brute_force. 2022-02-18 09:02:41 -05:00
Mike Salvatore 5c872a67c3 Agent: Simplify generate_username_password_or_ntlm_hash_combinations() 2022-02-18 08:01:49 -05:00
Mike Salvatore b7c7650f49 Agent: Copy credential generation from WormConfig to new brute_force.py
* Create a new module for useful functions for brute-force exploiters
* Copy functions for generating all pairs of username/password to
  brute_force.py
* Replace specific functions for generating username/password pairs and
  username/ssh_key pairs with a single generate_identity_secret_pairs()
  function, since the distinction is no longer needed.
* Add unit tests
2022-02-18 08:00:46 -05:00
Ilija Lazoroski 915c58e8cc Agent, Island: Modify config to remove boolean propagator field 2022-02-18 06:06:11 -05:00
Mike Salvatore 0bfa0cd1ca
Merge pull request #1721 from guardicore/1605-get-updated-credentials
1605 get updated credentials
2022-02-18 06:01:25 -05:00
vakarisz c66671821c Agent: update pypykatz version to 0.5.2
Update contains fixes for latest windows versions
2022-02-18 10:10:25 +02:00
Mike Salvatore e2d116fdf1 Agent: Make request_cache() decorator thread-safe 2022-02-17 14:40:07 -05:00
Mike Salvatore 4005ea2924 Agent: Add caching to ControlChannel.get_credentials_for_propagation() 2022-02-17 14:34:21 -05:00
Mike Salvatore c3e9690280 Agent: Add request_cache decorator 2022-02-17 14:25:03 -05:00
Mike Salvatore 2305a9d413 UT: Add fixture to test_exploiter to remove code duplication 2022-02-17 12:41:27 -05:00
Mike Salvatore 7551f254fc Agent: Query for updated credentials in Exploiter
Allows exploiters to be run with the most up-to-date configured and
stolen credentials from the Island.
2022-02-17 12:36:17 -05:00
Mike Salvatore 095572f919 Merge branch '1606-run-credential-collectors' into agent-refactor
PR #1719
2022-02-17 09:30:01 -05:00
Mike Salvatore 5a4b508f54
Merge pull request #1718 from guardicore/1697-process-list-collector-pba
Make process list collection a PBA
2022-02-17 07:04:21 -05:00
Shreya Malviya 44b8947497 Docs: Remove adding-system-info-collectors.md 2022-02-17 17:01:05 +05:30
Shreya Malviya 83f544c9f2 Island: Rename mongo query variable in T1082.py 2022-02-17 16:58:41 +05:30
Shreya Malviya f243e4a722 Agent: Drop testing changes made to mock puppet 2022-02-17 16:58:27 +05:30
Shreya Malviya a234713e08 Common: Reword process list collection PBA constant 2022-02-17 16:55:29 +05:30
Mike Salvatore f526933d84 Agent: Add TODO comment regarding OS checks in credential collectors 2022-02-17 06:18:44 -05:00
Mike Salvatore 704236a16f Common: Alphabetize TelemCategoryEnum 2022-02-16 15:31:26 -05:00
Mike Salvatore cc27dc9710 Changelog: Add changelog entry for SSHCollector 2022-02-16 15:17:13 -05:00
Mike Salvatore 0880e16c54 Agent: Change ICredentialCollector interface to return Sequence
Being able to check if the ICredentialCollector returned an empty
Sequence is useful and easier than checking for an "empty" Iterable.
2022-02-16 15:10:38 -05:00
Mike Salvatore 3a3a5f0c9c Agent: Implement run_credential_collector() in Puppet 2022-02-16 15:01:36 -05:00
Mike Salvatore 10ee9f9e75 Agent: Do not run SSHCredentialsCollector if the OS is not Linux 2022-02-16 14:57:05 -05:00