Commit Graph

9776 Commits

Author SHA1 Message Date
Kekoa Kaaikala b5c6240190 UT: Move a ransomware test to integration_tests 2022-08-18 17:46:55 +00:00
Kekoa Kaaikala baa1687487 Docs: Add a section for custom file extension 2022-08-18 16:47:57 +00:00
Kekoa Kaaikala 9cbee5ba6d UT: Test that ransomware applies the file extension 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 880c2fe707 Agent: Add file extension to ransomware 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 0797afb9a0 UI: Allow for empty file extension 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 194f08c294 Agent: Add file extension to default agent config 2022-08-18 15:30:21 +00:00
Kekoa Kaaikala ae1fbb7cc5 Agent: Add file extension to RansomwareOptions 2022-08-18 15:30:14 +00:00
Kekoa Kaaikala 4f776f0102 UI: Add field for ransomed file extension 2022-08-17 20:10:23 +00:00
Kekoa Kaaikala 639fb26445 Agent: Improve the speed of bit flipping code
- Remove a function call
- Use a generator
- Use a more efficient flip calculation (subtraction instead of xor)

Issue #2123
2022-08-17 10:52:57 -04:00
Mike Salvatore 8b32e6d7a5
Merge pull request #2203 from guardicore/build-downgrade-pipenv
Build: Downgrade pipenv to use 2022.7.4
2022-08-17 09:01:07 -04:00
Ilija Lazoroski 8355d9e68a Buid: Export CI to get rid of nasty characters 2022-08-17 09:00:44 -04:00
Ilija Lazoroski a96efcdc7d Build: Downgrade pipenv to use 2022.7.4
It seems that every time a new version of pipenv is released, it breaks
our build. See also 01e886f866.
2022-08-17 08:59:51 -04:00
Mike Salvatore 2edaf52140
Merge pull request #2196 from guardicore/2176-modify-ssh-collector-for-events
2176 modify ssh collector for events
2022-08-16 12:41:14 -04:00
Ilija Lazoroski eec48e9cd8 Agent: Remove target from SSHCredentialCollector event construction 2022-08-16 17:31:02 +02:00
Ilija Lazoroski 205ff84b31 Common: Add defaults for each argument in AbstractEvent 2022-08-16 17:30:30 +02:00
Ilija Lazoroski b3d37d9223 Agent: Change SSHCredentialCollector tag to lowercase 2022-08-16 17:27:43 +02:00
Ilija Lazoroski 5466bd5dba UT: Remove unneeded fixture in SSHCredentialCollector tests 2022-08-16 17:26:25 +02:00
Ilija Lazoroski 142136dd41 Agent: Remove duplication in SSHCredentialCollector 2022-08-16 17:14:37 +02:00
Ilija Lazoroski d38a386f67 Agent: Add prefix `attack-` to attack tecniques tags 2022-08-16 14:25:28 +02:00
Ilija Lazoroski c18ceff85d Agent: Remove unneeded variable in SSHCredentialCollector 2022-08-16 14:24:26 +02:00
Ilija Lazoroski ea9082d412 Agent: Remove hack_event from CredentialsStolenEvent 2022-08-16 14:23:25 +02:00
Mike Salvatore 1d79d98689 Agent: Rename credentials_store -> propagation_credentials_repository 2022-08-16 08:17:04 -04:00
Ilija Lazoroski c3557caf1c Agent: Add _ATTACK_TECHNIQUE_ to attack_technique tags 2022-08-16 14:11:16 +02:00
Ilija Lazoroski fdd0368837 Agent: Extract SSH collector tags into constants 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 706a626d24 Agent: Move subscribtion to a separate method for readability 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 2a94a67767 Agent: Rename usr_info to user_info in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 88bb856859 Common: Reorder params in docstring AbstractEvent 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 8f5681b1df Agent: Init a callable class and subscribe to it 2022-08-16 11:58:53 +02:00
Ilija Lazoroski d672fcfffe Agent: Fix a typo in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 03d569cc00 Agent: Init SSHCredentialCollector with an IEventQueue 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 4aa71cba7e Agent: Remove default values from CredentialsStolenEvent creation 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 486a7a9225 Common: Use a temporary hack to define non-defaults from a inherited class event 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 5f631a78f7 Agent: Remove IGUID from config 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 39f07603a7 Agent: Define integer GUID and use it in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski b22ccdb942 Agent: Publish CredentialsStolenEvent each time we find a SSHKeypair 2022-08-16 11:58:53 +02:00
Ilija Lazoroski e439a53bde UT: Fix SSHCredentialCollector test to accept IEventQueue 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 2610666f93 Agent: Publish an CredentialsStolenEvent from SSHCredentialCollector 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 4952a544c0 Agent: Accept IEventQueue in SSHCollector constructor 2022-08-16 11:58:53 +02:00
Mike Salvatore d09c1a689e
Merge pull request #2200 from guardicore/2191-fix-credentials-repository-get
2191 fix credentials repository get
2022-08-15 15:45:03 -04:00
Kekoa Kaaikala e4f7707b66 Agent: Return credentials when credentials propagation fails 2022-08-15 19:25:54 +00:00
Kekoa Kaaikala 9e6a569393 Agent: Update credentials repository to cache per-instance 2022-08-15 19:25:54 +00:00
Mike Salvatore 500eeeb582
Merge pull request #2194 from guardicore/2191-trailing-url-slashes
Island: Remove trailing slashes before registering a URL
2022-08-15 14:25:28 -04:00
Kekoa Kaaikala a67a4418c9 Island: Remove PropagationCredentials URL trailing slash 2022-08-15 18:04:56 +00:00
Mike Salvatore 96f794e192 UT: Mark TestEvent* classes with `__test__ = False` 2022-08-15 14:04:09 -04:00
Kekoa Kaaikala 19df4d9755 Island: Enforce "no trailing slash" rule for URLs 2022-08-15 18:01:32 +00:00
Mike Salvatore 4e9aa62c61
Merge pull request #2195 from guardicore/refactor-island-boot
Refactor island boot
2022-08-15 08:35:00 -04:00
Mike Salvatore 01e886f866 Project: Remove step in travis build to upgrade pipenv
It seems that every time a new version of pipenv is released it breaks
travis. For the moment, it seems that the magic combination is to
upgrade pip but not upgrade pipenv.

I've been unable to reproduce the issue outside of any environment other
than Travis CI.

Once we split our project up into multiple repos, we should strongly
consider switching to poetry.
2022-08-15 08:23:17 -04:00
Mike Salvatore 879f809aa4 Project: Use the latest pip in travis build 2022-08-15 07:37:36 -04:00
Mike Salvatore fae4247505 Project: Add special `fix-travis` branch to travis build list
When attempting to fix an issue with travis, it's important to actually
run travis. In order to do this without a pull request, I've added a
special `fix-travis` branch to the list of branches travis is allowed to
build.
2022-08-15 07:34:39 -04:00
Mike Salvatore 9f89d3f508
Merge pull request #2193 from guardicore/2176-stolen-credentials-subscriber
2176 stolen credentials subscriber
2022-08-15 07:26:18 -04:00