Commit Graph

9367 Commits

Author SHA1 Message Date
Mike Salvatore 87363d3096 BB: Rename credentials -> CREDENTIALS 2022-07-19 08:57:19 -04:00
Mike Salvatore 707aa97a65 BB: Add TCP ports to depth_1_a_test_configuration 2022-07-19 08:47:57 -04:00
Mike Salvatore 189e2ad3d1 BB: Add HTTP ports to depth_1_a_test_configuration 2022-07-19 08:13:09 -04:00
Mike Salvatore 0c6764daf5 BB: Add add_http_ports() 2022-07-19 08:12:46 -04:00
Shreya Malviya 53e366a677 Island: Remove unused _KEY_LENGTH_BYTES variables from DataStoreEncryptor and RepositoryEncryptor 2022-07-19 14:51:58 +05:30
Shreya Malviya f8eeda1e6f Island: Use cryptography.fernet to generate key in DataStoreEncryptor
and RepositoryEncryptor

We changed our encryption code to use cryptography.fernet instead of
pycryptodome. Using secrets.token_bytes() with fernet was causing
padding and encoding issues. This is a quicker and easier solution, and
also probably more reliable since everything to do with encryption is
from the same module now.
2022-07-19 14:51:58 +05:30
Shreya Malviya 5eb77dcbb6 UT: Change key in test_key_based_encryptor.py to be URL safe (cryptography.fernet requires this) 2022-07-19 14:51:58 +05:30
Shreya Malviya f542c9d0a8 Island: Fix KeyBasedEncryptor's encrypt function's logic 2022-07-19 14:51:58 +05:30
Shreya Malviya 637926ed09 Island: Extract fernet_object to an object variable in KeyBasedEncryptor 2022-07-19 14:51:58 +05:30
Shreya Malviya 373d34dce6 Island: Use cryptography.fernet for encryption in KeyBasedEncryptor 2022-07-19 14:51:58 +05:30
Shreya Malviya c1449fb897 Island: Remove TODO comment about using cryptography.fernet 2022-07-19 14:51:58 +05:30
Shreya Malviya 09e57541cc Project: Update Island dependencies to add `cryptography` 2022-07-19 14:51:58 +05:30
Shreya Malviya c12e281e4e Island: Use secrets instead of Crypto (pycryptodome) in DataStoreEncryptor 2022-07-19 14:51:58 +05:30
Ilija Lazoroski cc021f33ff UI: Add note about removal of 'weak_password' issue 2022-07-19 10:15:22 +02:00
Ilija Lazoroski b3ec9e340f UI: Fix Credentials parsing to use simplified credentials object 2022-07-18 21:49:24 +02:00
Ilija Lazoroski 57f2c7e058 Island: Fix credentials formatting to use simplified credentials object 2022-07-18 21:48:47 +02:00
Ilija Lazoroski c56b38f695 UI: Add note in StolenPasswords component 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 67e67441c1 UI: Remove unused getCredenatislSecrets function 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 07b4956717 UI: Set stolen_creds issues in state 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 5e1adbb877 UI: Add formatting to StolenPasswordsComponent
This component was used in security and attack report with
two different sets of data. The first one is from the
credentials endpoint which needed formatting and the second
from the telemetry which was already formatted.
2022-07-18 21:23:17 +02:00
Ilija Lazoroski 27c0b838c4 Island: Fix one missed telemetry processor 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 474a26aeff UI: Fix StolenCredentials issue to add if we have any stolen credentials 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 5c765f85c2 UI: Add StolenCredentialsIssue to issues 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 35ed7f60c4 Island: Fix an import in initialize 2022-07-18 21:23:17 +02:00
Ilija Lazoroski c65439e049 UI: Remove WeakPassword issue
* We don't have the passwords used for exploiting the machines
  in the UI
* All it will be reworked
2022-07-18 21:23:17 +02:00
Ilija Lazoroski 1683265868 Island: Rename reporting/stolen_credentials.py to
reporting/format_credentials.py
2022-07-18 21:23:17 +02:00
Ilija Lazoroski 5ebf0ed8f6 Island: Remove StolenCredentials model 2022-07-18 21:23:17 +02:00
Ilija Lazoroski a24bdd43b8 Island: Move credentials parser hack to dirty_hacks function 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 885f0565a8 Island: Patch T1003 with a callable class 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 06a64c14d7 Island: Add callable class for T1003 2022-07-18 21:23:17 +02:00
Ilija Lazoroski c83f76b02b Island: Add formatting credentials for report 2022-07-18 21:23:17 +02:00
Ilija Lazoroski c75ee22c29 Island: Remove get_config_{users,passwords} from reporting 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 94419d8141 Island: Add PTHReportservice get issues functions
* get_duplicated_passwords_issues
* get strong_users_on_crit_issues
2022-07-18 21:23:17 +02:00
Ilija Lazoroski f417cff17b UI: Rename UsedCredentials.tsx.js to UsedCredentials.js 2022-07-18 21:23:17 +02:00
Ilija Lazoroski bfda71dd45 UI: Check for actual stolen credentials in issues 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 89f5ff89d2 Island: Remove extract_ssh_keys from stolen_credentials reporting 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 4dbdbcc75e UI: Remove unneeded logging in UsedCredentials component 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 8ccdba7528 UI: Grab credentials from endpoint and render them 2022-07-18 21:23:17 +02:00
Ilija Lazoroski f99bd74cd4 UI: Construct and render stolen credentials 2022-07-18 21:23:17 +02:00
Ilija Lazoroski 2861f0b085 UI: Add UsedCredentials component to render credentials 2022-07-18 21:23:17 +02:00
Ilija Lazoroski e61b0bfdca UI: Add credentials parsing functionalities 2022-07-18 21:23:17 +02:00
Ilija Lazoroski f0f4f6d591 Island: Remove credentials from reporting 2022-07-18 21:23:17 +02:00
Mike Salvatore f1d9ea64e5 BB: Add tcp ports to depth_1_a_test_configuration 2022-07-18 15:17:33 -04:00
Mike Salvatore 0a0cb5de19 BB: Set maximum depth in depth_1_a_test_configuration 2022-07-18 15:17:33 -04:00
Mike Salvatore 365b4098e4 BB: Set maximum depth in zerologon_test_configuration 2022-07-18 15:17:32 -04:00
Mike Salvatore 5a1a40a515 BB: Add set_maximum_depth() 2022-07-18 15:17:30 -04:00
ilija-lazoroski 7456ef6b05
Merge pull request #2100 from guardicore/2092-remove-single-tests
2092 remove single tests
2022-07-18 21:02:54 +02:00
Mike Salvatore c2028f15a4 BB: Add depth_1_a_test_configuration 2022-07-18 15:00:06 -04:00
Mike Salvatore 138ce81f1b BB: Add add_credential_collectors() 2022-07-18 14:52:31 -04:00
Mike Salvatore dbc138d263 BB: Add replace_propagation_credentials() 2022-07-18 14:52:05 -04:00