Commit Graph

7516 Commits

Author SHA1 Message Date
Ilija Lazoroski 58b1a04bd7 Agent: Modify exploit_host() to accept object instead of string 2022-02-22 19:30:53 +01:00
Ilija Lazoroski f2b2a9c5c3 Agent: Modify SSH exploit
* Remove credential hashes from logs
* Get rid of config and use brute_force utils
* Use telemetry messenger to send attack telemetries
* Zerologon and Powershell needs to be revised based on UT
2022-02-22 19:24:21 +01:00
vakarisz 8c90a98d05 UT: rename mimikatz credential processing to credential processing 2022-02-22 17:42:36 +02:00
vakarisz 0cbfc79a92 Island: remove unfinished ssh key processor 2022-02-22 17:42:33 +02:00
vakarisz 719d8dd2ad Island, Agent, Common: rename CredentialsType to CredentialComponentType 2022-02-22 17:41:38 +02:00
vakarisz c87297eb2a Island: fix a bug in lm_hash_processor.py 2022-02-22 17:40:56 +02:00
vakarisz 80bf561820 Island: fix a bug in lm_hash_processor.py 2022-02-22 17:40:56 +02:00
vakarisz 600753b53c Island: add username processor 2022-02-22 17:40:56 +02:00
vakaris_zilius 4b3750076a Agent, Island, Common: change code to process CredentialType value
Island: rename credentials_type.py
2022-02-22 17:40:55 +02:00
vakarisz bb760c7e8a Island: fix detection if credential is a keypair 2022-02-22 17:21:48 +02:00
vakaris_zilius d874cd9d5a Agent: fix broken pwd import on windows for ssh_handler.py 2022-02-22 17:18:57 +02:00
vakaris_zilius b344676425 Agent: add basic log statements to the mimikatz collector 2022-02-22 17:18:32 +02:00
vakaris_zilius 036388e704 Agent: don't log the contents of credentials telemetries 2022-02-22 17:18:31 +02:00
Ilija Lazoroski b224348881 Island: Fix credential collector parsing for SSH 2022-02-22 17:18:31 +02:00
vakarisz c96674f834 Island, Agent: fixed imports to reference credential type enum in common 2022-02-22 17:18:31 +02:00
vakarisz 73434537fe Island: remove system_info processing file
No system info telemetries need to be processed anymore
2022-02-22 17:18:31 +02:00
vakarisz 5471e9854c Island: remove credentials parsing boundary 2022-02-22 17:18:31 +02:00
vakarisz a8717dc691 Agent: rename and move credentials_type enum to common 2022-02-22 17:18:31 +02:00
Ilija Lazoroski 597fe35806 Island: Remove WMI handler that processed wmi info
* Leftover from broken info gathering package
2022-02-22 17:18:31 +02:00
vakarisz 5c5e170296 Island: Add processors for credentials 2022-02-22 17:18:31 +02:00
Shreya Malviya 96bd7bca24
Merge pull request #1728 from guardicore/1605-modify-exploit-result-data
Modify ExploiterResultData
2022-02-22 20:38:22 +05:30
Shreya Malviya b91f3b1551 Agent: Fix comment in ExploitTelem 2022-02-22 17:54:31 +05:30
Shreya Malviya f0679ebb26 Agent: Move `pwd`'s import statement to avoid using try/except 2022-02-22 17:49:08 +05:30
Shreya Malviya e47239f81c Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData 2022-02-22 14:08:39 +05:30
Shreya Malviya dff5bde894 UT: Modify ExploitTelem calls in UTs 2022-02-22 12:50:01 +05:30
Shreya Malviya afb7210179 Agent: Modify ExploitTelem to accept param of type ExploiterResultData 2022-02-22 12:47:42 +05:30
ilija-lazoroski 4b83c79134
Merge pull request #1724 from guardicore/1605-pass-wormconfig-options
1605 pass wormconfig options
2022-02-21 13:52:28 +01:00
Ilija Lazoroski c83285c782 Agent: Modify exploiters to have general and exploiter options 2022-02-21 13:45:58 +01:00
Shreya Malviya 10d8dc1f33
Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option
Remove `skip_exploit_if_file_exist` config option
2022-02-21 17:59:51 +05:30
Shreya Malviya 3c80e1c38b UT: Remove `skip_exploit_if_file_exist` config field 2022-02-21 16:46:23 +05:30
Shreya Malviya 201a838e23 Island: Remove `skip_exploit_if_file_exist` from internal config 2022-02-21 16:45:45 +05:30
Shreya Malviya e6f4c74b79 Agent: Remove `skip_exploit_if_file_exist` option 2022-02-21 16:45:17 +05:30
Shreya Malviya 1cce742692 UT: Fix UTs as per changes to ExploiterResultData and ExploitTelem 2022-02-21 16:02:00 +05:30
Shreya Malviya 125412ee18 Agent: Rename variables to make more sense 2022-02-21 14:50:33 +05:30
Shreya Malviya a9e000f100 Agent: Modify ExploitTelem based on ExploiterResultData changes 2022-02-21 14:38:12 +05:30
Shreya Malviya 9f01aa0a0d Agent: Add try/except for importing pwd (can't do it on Windows) 2022-02-21 13:49:40 +05:30
Shreya Malviya ae856383a9 UT: Modify UTs to conform to modified ExploiterResultData 2022-02-21 13:27:11 +05:30
Shreya Malviya add9c3a4fe Agent: Modify mock puppet to conform to modified ExploiterResultData 2022-02-21 13:26:25 +05:30
Shreya Malviya 8d0fa3faef Agent: Modify ExploiterResultData to have more details 2022-02-21 13:18:53 +05:30
Mike Salvatore 6150610bdc Agent: Remove HostExploiter's dependency on Plugin
Issue #1605
PR #1725
2022-02-21 09:29:45 +02:00
Mike Salvatore 250530b456 Agent: Remove disused HostScanner abstract class 2022-02-20 14:21:21 -05:00
Mike Salvatore 17be51fe71 Agent: Remove disused HostFinger abstract class 2022-02-20 14:20:33 -05:00
Mike Salvatore ccfe0a773e Agent: Use filecmp instead of sha256 hash in ransomware payload 2022-02-20 14:03:42 -05:00
Ilija Lazoroski cecf131528 Island: Modify config to add exploiters and exploit options 2022-02-18 20:04:24 +01:00
Mike Salvatore 5fe2f80aa4
Merge pull request #1723 from guardicore/1605-brute-force-utils
1605 brute force utils
2022-02-18 09:04:00 -05:00
Mike Salvatore 4d6f552ba2 Agent: Add documentation to functions in brute_force. 2022-02-18 09:02:41 -05:00
Mike Salvatore 5c872a67c3 Agent: Simplify generate_username_password_or_ntlm_hash_combinations() 2022-02-18 08:01:49 -05:00
Mike Salvatore b7c7650f49 Agent: Copy credential generation from WormConfig to new brute_force.py
* Create a new module for useful functions for brute-force exploiters
* Copy functions for generating all pairs of username/password to
  brute_force.py
* Replace specific functions for generating username/password pairs and
  username/ssh_key pairs with a single generate_identity_secret_pairs()
  function, since the distinction is no longer needed.
* Add unit tests
2022-02-18 08:00:46 -05:00
Ilija Lazoroski 915c58e8cc Agent, Island: Modify config to remove boolean propagator field 2022-02-18 06:06:11 -05:00
Mike Salvatore 0bfa0cd1ca
Merge pull request #1721 from guardicore/1605-get-updated-credentials
1605 get updated credentials
2022-02-18 06:01:25 -05:00