vakarisz
9d5ea0f41f
Island: add log4shell issue processing and reporting
2022-01-06 12:26:00 +02:00
vakarisz
c382987430
Project: vulture allow LDAPServerFactory.buildProtocol
2022-01-05 15:18:12 +02:00
VakarisZ
8b9ddb0c4b
Removed unnecessary vulture ignores from whitelist
2021-09-28 11:04:42 +03:00
VakarisZ
e6ad125be9
Change the telemetry model to have a method for fetching the telemetries based on queries.
...
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
VakarisZ
c7e91c5784
Add report model and a unit test for it's encryption
2021-09-21 10:39:39 +03:00
Mike Salvatore
805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
...
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Mike Salvatore
8aedc2c391
Agent: Add pyinstaller hooks for pypsrp
2021-08-25 14:44:31 -04:00
Ilija Lazoroski
5cee9443ff
Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
...
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00
Shreya Malviya
b6c3623e74
agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')
2021-08-24 13:15:47 +05:30
VakarisZ
2b71fb80c7
Fixed missing powershell exploiter report components.
2021-08-24 11:40:39 +05:30
VakarisZ
9966c54fe2
Added powershell remoting exploiter.
2021-08-24 11:40:39 +05:30
VakarisZ
91ca828c72
Monkey: add launch time to the monkey collection
...
Launch time is needed if we want to tell the user when exactly the exploit occurred/monkey got run
2021-07-26 11:28:40 +03:00
Ilija Lazoroski
81a8ccf673
Island: Return empty post status for island mode
2021-07-13 10:25:48 -04:00
Mike Salvatore
96fc33025e
Island: Redirect gevent tracebacks to file and log exceptions
...
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.
Fixes #859
2021-07-06 08:39:30 -04:00
Mike Salvatore
01b9c41c6e
Remove mock_home_env() from vulture_allowlist.py
2021-07-02 18:59:24 -04:00
Mike Salvatore
6307606010
Remove get_files_to_encrypt from Vulture's allow list
2021-06-23 07:14:57 -04:00
Shreya
5b64ea5151
agent: ransomware: Iterate through files in directory and get list of files to encrypt
2021-06-22 19:30:44 +05:30
VakarisZ
fc1f12c24d
Implemented safety check on import.
2021-06-03 17:02:12 +03:00
VakarisZ
9fcfaac781
Improved exceptions thrown in configuration decryption and unit tests.
2021-06-03 17:01:56 +03:00
Shreya
52b57a7166
Have Vulture skip tests/ instead of tests/unit_tests/
2021-06-03 11:57:44 +05:30
Shreya
b69c1c531a
Rename vulture_whitelist.py -> vultue_allowlist.py
2021-06-02 13:08:37 +05:30