Ilija Lazoroski
897bc11d7b
Agent: Use distinct fields for SSH Keypair
2022-02-16 18:37:16 +01:00
Ilija Lazoroski
5f8e3e3d8e
Agent: Use Telemetry messenger to send SSH collector telemetries
2022-02-16 18:23:29 +01:00
Ilija Lazoroski
63d632d142
Agent: Rework ssh credential collector to match credential architecture
...
* Parametrize empty result unit test
* Apply small changes to ssh credential collector
2022-02-16 17:37:12 +01:00
Ilija Lazoroski
a97b8706ec
Agent: Add SSH keypair credential type
2022-02-16 17:29:21 +01:00
Ilija Lazoroski
b1b0840aed
Agent: Rename SSH credentials collector to match class name
2022-02-16 17:28:11 +01:00
Ilija Lazoroski
3d64d0d2e4
Island: Refactor T1145 report according to the attack telemetry
2022-02-16 15:44:35 +01:00
Ilija Lazoroski
6b64b655ce
Agent: Add T1145 attack telemetry
2022-02-16 15:44:35 +01:00
Ilija Lazoroski
a03a5145a7
Agent: Remove known_hosts from SSH Credential Collector
...
It is not used anywhere.
2022-02-16 15:44:35 +01:00
Ilija Lazoroski
e9e5e95f49
Agent, UT: Separate ssh_handler from SSH Credential Collector
...
* Add different UTs based on what ssh_handler returns
* Fix logic in SSH Credential Collector
2022-02-16 15:44:35 +01:00
Ilija Lazoroski
5aa5e33356
Agent, UT: Refactor SSH info collector to credential collector
2022-02-16 15:44:35 +01:00
Mike Salvatore
976c46cf86
Merge pull request #1715 from guardicore/1695-credential-collectors
...
Agent: define credential collector, credentials interfaces
2022-02-15 14:34:47 -05:00
Mike Salvatore
a9bb2dee70
Agent: Renumber the CredentialType Enum
2022-02-15 14:26:15 -05:00
Mike Salvatore
879abf3df0
Agent: Export MimikatzCredentialCollector from credential_collectors
2022-02-15 14:21:07 -05:00
Mike Salvatore
0583cab8e0
Agent: Rename mimikatz_cred_collector.py to match the class name
2022-02-15 14:17:28 -05:00
Mike Salvatore
569159b11a
Agent: Move the definition of ICredentialCollector to i_puppet
...
Low-level components plug into high-level components. i_puppet defines
all of the interfaces that puppets can use, while the concrete
implementations of these things rely on the definitions in i_puppet.
2022-02-15 14:07:59 -05:00
Mike Salvatore
c39fb6746d
Agent: Rename ICredentialComponent.type -> credential_type
...
"type" is built-in function in Python. To avoid confusion or a potential
name collision, this commit renames the ICredentialComponent.type field
to ICredentialComponent.credential_type
2022-02-15 13:47:01 -05:00
Mike Salvatore
236b545816
UT: Extract function collect_credentials() to reduce code duplication
2022-02-15 13:30:13 -05:00
Mike Salvatore
86f2c7b08c
UT: Parametrize test_mimikatz_collector.test_empty_results()
2022-02-15 13:28:38 -05:00
Mike Salvatore
ebd5642b52
Agent: Refactor credentials and credential_components as dataclasses
...
Using frozen dataclasses for Credentials and ICredentialComponents
automatically creates a useful __eq__() function that allows us to
easily compare credentials-related objects.
2022-02-15 12:27:56 -05:00
vakarisz
811434ff22
Agent: improved type hints in mimikatz_cred_collector.py
2022-02-15 18:41:19 +02:00
vakarisz
ac376a0014
Agent: change the interface of Credentials
...
Refactor from dataclass to object with tuples. This enforces read only identities and secrets so users don't modify them
2022-02-15 18:39:17 +02:00
vakarisz
8868fb9b0c
Agent: change ICredentialComponent interface
...
Interface changed from dataclass (dataclasses are not inheritable) to simple class with type abstract property
2022-02-15 18:35:32 +02:00
vakarisz
26806392ec
Agent: split up nt and lm hash credential types
2022-02-15 18:33:04 +02:00
vakarisz
d392de4a02
Agent: remove ssh_keypair, as it's not used anywhere
2022-02-15 18:32:00 +02:00
vakarisz
ae9fed3c2b
Agent: fixup typehints in ICredentialCollector
2022-02-15 16:16:43 +02:00
vakarisz
01612c402a
Agent: add options to ICredentialCollector interface
2022-02-15 15:25:42 +02:00
vakarisz
0fae933477
Agent: refactor content dict out of credential component
...
Content dict serves no purpose, because dataclasses can be serialized without explicit conversion to dict
2022-02-15 14:46:21 +02:00
vakarisz
b7003bc231
Agent: split up nt and lm hashes into separate credential components
2022-02-15 14:19:53 +02:00
vakarisz
9037dfdf99
Agent: rename CredentialTypes enum to CredentialType
2022-02-15 12:42:36 +02:00
vakarisz
02cdebb88b
Agent: fix ICredentialCollector return type-hint
2022-02-15 12:41:19 +02:00
vakarisz
f5740b2a6e
Agent: add mimikatz collector unit tests
2022-02-15 10:09:53 +01:00
vakarisz
a6c2762823
Agent: change mimikatz collector to return a list of credentials
2022-02-15 10:09:53 +01:00
vakarisz
2f1b57a526
Agent: fix pypykatz import in mimikatz_cred_collector.py
2022-02-15 10:09:53 +01:00
vakarisz
2ba793e0cf
Agent: move mimikatz collector to credential collectors
2022-02-15 10:09:53 +01:00
VakarisZ
144afc0fd3
Merge pull request #1712 from guardicore/1696-refactor-aws-collector
...
Agent: Refactor AWS collector
2022-02-14 17:12:28 +02:00
Ilija Lazoroski
ae13953f52
Agent: Run AWS Environment check in a thread
...
* Use Telemetry Messenger to send AWS telemetry
* Send only instance_id to AWS Instance Telemetry
* Rename AwsInstanceTelemetry to AWSInstanceTelemetry
2022-02-14 16:00:38 +01:00
vakarisz
6aa2160f31
Agent: refactor mimikatz_cred_collector to credential collector
2022-02-14 15:25:06 +02:00
Ilija Lazoroski
7f6496b330
Island, UT: Remove system info AWS Collector
2022-02-14 12:00:08 +01:00
Ilija Lazoroski
412a06fa9b
Island: Handle AWS info telemetry
2022-02-14 12:00:08 +01:00
Ilija Lazoroski
1f76a42279
Agent: Refactor AWS collector
2022-02-14 11:59:48 +01:00
vakarisz
c21cf681a4
Agent: define credential collector, credentials interfaces
2022-02-14 12:12:13 +02:00
VakarisZ
b0bd3f9c51
Merge pull request #1713 from guardicore/1690-investigate-pyinstaller-versions
...
1690 investigate pyinstaller versions
2022-02-14 11:47:47 +02:00
Mike Salvatore
414b1cb815
Agent: Add return type annotation to create_daemon_thread()
2022-02-12 09:44:04 -05:00
vakarisz
216a245329
Island: bumped pyinstaller to 4.9
2022-02-11 17:25:04 +02:00
vakarisz
a3ba7fb830
Agent: bumped pyinstaller to 4.9 and locked pywin32 to windows
2022-02-11 17:24:33 +02:00
vakarisz
40548e85c1
Agent: bump agent pyinstaller to 4.8
2022-02-11 15:37:31 +02:00
vakarisz
31abc065f6
Agent: add explicit requirements for for pywin32-ctypes and pefile
...
These are pyinstaller dependencies that don't get auto-resolved and installed for some reason
2022-02-11 12:40:59 +02:00
Mike Salvatore
5a8c072d6a
Merge pull request #1709 from guardicore/1601-fix-check-tcp-ports-bugs
...
Minor changes to TCP scanning
2022-02-10 12:23:29 -05:00
Ilija Lazoroski
543ff24ac3
UT: Add tests for tcp scanning
2022-02-10 18:14:36 +01:00
Mike Salvatore
36a2b3ff6b
Agent: Add sleep back into _check_tcp_ports()
2022-02-10 18:14:36 +01:00