Commit Graph

5395 Commits

Author SHA1 Message Date
Mike Salvatore 6307606010 Remove get_files_to_encrypt from Vulture's allow list 2021-06-23 07:14:57 -04:00
Mike Salvatore 297adcf015 agent: Don't redefine EXTENSION in ransomware tests 2021-06-23 07:10:55 -04:00
Mike Salvatore 447138c079 agent: Rename RansomewarePayload.target_dir -> _target_dir 2021-06-23 06:57:31 -04:00
Mike Salvatore cef3bd618d agent: Test that ransomware payload does not encrypt recursively 2021-06-23 06:57:31 -04:00
Mike Salvatore 2dd75d7d0c agent: Rename files encrypted by ransomware with .m0nk3y extension 2021-06-23 06:57:31 -04:00
Mike Salvatore 1ff348d2fc agent: Add in-place, bitflip encryption to RansomwarePayload 2021-06-23 06:57:31 -04:00
Mike Salvatore 3edaffa922 agent: Add utility functions for flipping bits 2021-06-23 06:57:31 -04:00
Mike Salvatore 2b1ba994a4 agent: Remove errant "f" in format string 2021-06-23 06:55:35 -04:00
Mike Salvatore 8226512340
Merge pull request #1263 from guardicore/ransomware-ignore-links
Ransomware ignore links
2021-06-23 06:41:47 -04:00
Mike Salvatore b35670eadb Merge branch 'ransomware-iterate-files' into develop 2021-06-23 06:41:07 -04:00
VakarisZ f5ebd2d39a Fix a bug of incorrect access to ransomware config options in ransomware_payload.py 2021-06-23 11:48:24 +03:00
Mike Salvatore 2549f088d1 agent: Do not encrypt Windows shortcuts in ransomware simulation
In order to keep Infection Monkey safe for production environments, the
ransomware payload will explicitly ignore Windows shortcuts to prevent
important files from accidentally getting encrypted.
2021-06-22 15:27:48 -04:00
Mike Salvatore 41bf137ee4 agent: Add is_not_shortcut_filter()
Adds a filter that can be used with filter_files() to return only files
that are not Windows shortcuts.
2021-06-22 15:27:48 -04:00
Mike Salvatore 4eaa568479 agent: Do not encrypt symlinks in ransomware simulation
In order to keep Infection Monkey safe for production environments, the
ransomware payload will explicitly ignore symlinks to prevent important
files from accidentally getting encrypted.
2021-06-22 15:27:39 -04:00
Mike Salvatore 14845c659a agent: Add is_not_symlink_filter()
Adds a filter that can be used with filter_files() to return only files
that are not symlinks.
2021-06-22 15:27:33 -04:00
Mike Salvatore bfa640444e agent: Test filter_files() with multiple filters 2021-06-22 15:11:32 -04:00
Mike Salvatore 30f88ca319 agent: Refactor add_subdirs_to_dir in test_dir_utils.py 2021-06-22 14:07:31 -04:00
Mike Salvatore b643cd1edd agent: Reimplement get_all_regular_files_in_directory using filter_files 2021-06-22 13:49:17 -04:00
Mike Salvatore f33772060f agent: Rename get_all_files_in_directory()
Rename get_all_files_in_directory() ->
get_all_regular_files_in_directory(), as this name is more explicit
about exactly which files will be included in the function's output.
2021-06-22 13:46:03 -04:00
Mike Salvatore db8dfd9f17 agent: Refactor filter_files to accept a list of filters 2021-06-22 13:43:27 -04:00
Mike Salvatore a8ebe6ae76 agent: Replace self.config with self.target_dir in RansomewarePayload 2021-06-22 13:31:20 -04:00
Mike Salvatore 0b953c8cff agent: Remove ransomware/utils.py
The code for getting files to encrypt has become so trivial that it no
longer warrants a separate function outside of _find_files().
2021-06-22 13:23:14 -04:00
Mike Salvatore 5c1902ca73 agent: Add file_extension_filter to dir_utils 2021-06-22 13:17:11 -04:00
Mike Salvatore cf2cdc4ab8 agent: Add filter_files() function to dir_utils 2021-06-22 13:16:53 -04:00
Mike Salvatore bfc86041ab agent: Switch get_all_files_in_directory from str to Path
Path and PurePath objects provide a lot of syntactic sugar to file
handling that makes the code clearer and more concise.
2021-06-22 12:58:03 -04:00
Mike Salvatore e2dfd6a5e3 agent: Simplify get_all_files_in_directory() with list comprehension 2021-06-22 12:15:03 -04:00
Shreya efef40edf9 tests: Fix ransomware tests and move tests for get_all_files_in_directory from ransomware/test_utils.py to utils/test_dir_utils.py 2021-06-22 20:07:38 +05:30
Shreya a2ebe3386f agent: Rename utils/file_utils.py to utils/dir_utils.py 2021-06-22 20:02:59 +05:30
Shreya 5f714e0d98 agent: Move get_all_files_in_directory() from ransomware/utils.py to utils/file_utils.py 2021-06-22 19:45:50 +05:30
Shreya c6da73ad79 agent: ransomware: Incorporate changes into stub 2021-06-22 19:42:50 +05:30
Shreya 48967a2e5b tests: Modify unit tests for ransomware utils to test for a file like file.jpg.zip 2021-06-22 19:30:44 +05:30
Shreya 8abb9d95ce agent: ransomware: Move VALID_FILE_EXTENSIONS_FOR_ENCRYPTION to separate file 2021-06-22 19:30:44 +05:30
Shreya f8c1886977 tests: Add unit tests for ransomware utils - get_files_to_encrypt(), get_all_files_in_directory() 2021-06-22 19:30:44 +05:30
Shreya 3192355f5a agent: ransomware: Return list instead of filter object when getting files in directory 2021-06-22 19:30:44 +05:30
Shreya 5b64ea5151 agent: ransomware: Iterate through files in directory and get list of files to encrypt 2021-06-22 19:30:44 +05:30
Mike Salvatore 901485c9e4 Disable codecov annotations in pull requests 2021-06-22 10:00:23 -04:00
Mike Salvatore ccc3557021
Merge pull request #1255 from guardicore/ransomware_stub
Adds ransomware stub
2021-06-22 09:59:14 -04:00
VakarisZ 947a03c9a1 Refactor ransomware configuration option from flattened to a dict that encompasses any ransomware options 2021-06-22 16:42:09 +03:00
VakarisZ 63901bcd26 Refactor ransomware payload __init__.py into ransomware_payload.py with a stubbed ransomware payload class 2021-06-22 16:37:44 +03:00
VakarisZ d7f4035884 Adds ransomware entrypoint in monkey and logs values provided in ransomware configuration options 2021-06-22 10:39:02 +03:00
VakarisZ 00edb17b86 Adds ransomware page to the configuration UI 2021-06-22 10:35:21 +03:00
VakarisZ 9ef4ce8bac Fixes formatting and naming for ransomware configuration options 2021-06-22 09:47:11 +03:00
VakarisZ 1ede7ebaec Adds ransomware configuration options to monkey configuration 2021-06-22 09:14:29 +03:00
Mike Salvatore a715894220
Merge pull request #1256 from guardicore/secure-file-permissions-contextmanager
Secure file permissions contextmanager
2021-06-21 14:04:07 -04:00
Mike Salvatore 02ed22bab7 island: Remove FILE_SHARE_WRITE from windows permissions
Granting FILE_SHARE_WRITE on mongo_key.bin is unnecessary. Since
mongo_key.bin is the only file that is created using
_get_file_descriptor_for_new_secure_file_windows() at the moment, we
won't grant FILE_SHARE_WRITE.
2021-06-21 14:00:30 -04:00
Mike Salvatore 4d4dbc1dff
Merge pull request #1257 from guardicore/swimm-verify-system-info-collector
Swimm: update exercise Add a new System Info Collector (id: OwcKMnALpn7tuBaJY1US)
2021-06-21 13:28:29 -04:00
Shreya d908b183f5 Swimm: update exercise Add a new System Info Collector (id: OwcKMnALpn7tuBaJY1US).
Modify snippet in monkey_island/cc/services/config_schema/monkey.py to only hide HOSTNAME_COLLECTOR instead of the whole import statement block
2021-06-21 22:40:37 +05:30
Mike Salvatore 3b3ce2f86e Swimm: update exercise Add a new System Info Collector (id: OwcKMnALpn7tuBaJY1US). 2021-06-21 11:19:43 -04:00
Mike Salvatore 2d18a68787 island: Fix return type hint for _get_null_value_for_win32()
The _get_null_value_for_win32() function does not return None, it
returns a PyHANDLE object. For the moment, I'm unable to determine the
correct way to import PyHANDLE so that it can be specified in the type
hint. Since type hints aren't actually enforced, it's not worth the
effort to fully solve this at the present time, so the type hint has
just been removed.
2021-06-21 10:40:09 -04:00
Mike Salvatore 51aa0d1564 island: Refactor get_file_descriptor_for_new_secure_file as contextmgr
get_file_descriptor_for_new_secure_file() has been refactored as a
contextmanager. Additionally, it has been renamed to
open_new_securely_permissioned_file(). The function can now be used
similarly to open().

Example:

with open_new_securely_permissioned_file(file_path, "wb") as f:
    f.write(data)
2021-06-21 10:40:08 -04:00