Kekoa Kaaikala
b5c6240190
UT: Move a ransomware test to integration_tests
2022-08-18 17:46:55 +00:00
Kekoa Kaaikala
baa1687487
Docs: Add a section for custom file extension
2022-08-18 16:47:57 +00:00
Kekoa Kaaikala
9cbee5ba6d
UT: Test that ransomware applies the file extension
2022-08-18 15:30:28 +00:00
Kekoa Kaaikala
880c2fe707
Agent: Add file extension to ransomware
2022-08-18 15:30:28 +00:00
Kekoa Kaaikala
0797afb9a0
UI: Allow for empty file extension
2022-08-18 15:30:28 +00:00
Kekoa Kaaikala
194f08c294
Agent: Add file extension to default agent config
2022-08-18 15:30:21 +00:00
Kekoa Kaaikala
ae1fbb7cc5
Agent: Add file extension to RansomwareOptions
2022-08-18 15:30:14 +00:00
Kekoa Kaaikala
4f776f0102
UI: Add field for ransomed file extension
2022-08-17 20:10:23 +00:00
Kekoa Kaaikala
639fb26445
Agent: Improve the speed of bit flipping code
...
- Remove a function call
- Use a generator
- Use a more efficient flip calculation (subtraction instead of xor)
Issue #2123
2022-08-17 10:52:57 -04:00
Mike Salvatore
8b32e6d7a5
Merge pull request #2203 from guardicore/build-downgrade-pipenv
...
Build: Downgrade pipenv to use 2022.7.4
2022-08-17 09:01:07 -04:00
Ilija Lazoroski
8355d9e68a
Buid: Export CI to get rid of nasty characters
2022-08-17 09:00:44 -04:00
Ilija Lazoroski
a96efcdc7d
Build: Downgrade pipenv to use 2022.7.4
...
It seems that every time a new version of pipenv is released, it breaks
our build. See also 01e886f866
.
2022-08-17 08:59:51 -04:00
Mike Salvatore
2edaf52140
Merge pull request #2196 from guardicore/2176-modify-ssh-collector-for-events
...
2176 modify ssh collector for events
2022-08-16 12:41:14 -04:00
Ilija Lazoroski
eec48e9cd8
Agent: Remove target from SSHCredentialCollector event construction
2022-08-16 17:31:02 +02:00
Ilija Lazoroski
205ff84b31
Common: Add defaults for each argument in AbstractEvent
2022-08-16 17:30:30 +02:00
Ilija Lazoroski
b3d37d9223
Agent: Change SSHCredentialCollector tag to lowercase
2022-08-16 17:27:43 +02:00
Ilija Lazoroski
5466bd5dba
UT: Remove unneeded fixture in SSHCredentialCollector tests
2022-08-16 17:26:25 +02:00
Ilija Lazoroski
142136dd41
Agent: Remove duplication in SSHCredentialCollector
2022-08-16 17:14:37 +02:00
Ilija Lazoroski
d38a386f67
Agent: Add prefix `attack-` to attack tecniques tags
2022-08-16 14:25:28 +02:00
Ilija Lazoroski
c18ceff85d
Agent: Remove unneeded variable in SSHCredentialCollector
2022-08-16 14:24:26 +02:00
Ilija Lazoroski
ea9082d412
Agent: Remove hack_event from CredentialsStolenEvent
2022-08-16 14:23:25 +02:00
Mike Salvatore
1d79d98689
Agent: Rename credentials_store -> propagation_credentials_repository
2022-08-16 08:17:04 -04:00
Ilija Lazoroski
c3557caf1c
Agent: Add _ATTACK_TECHNIQUE_ to attack_technique tags
2022-08-16 14:11:16 +02:00
Ilija Lazoroski
fdd0368837
Agent: Extract SSH collector tags into constants
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
706a626d24
Agent: Move subscribtion to a separate method for readability
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
2a94a67767
Agent: Rename usr_info to user_info in ssh_handler
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
88bb856859
Common: Reorder params in docstring AbstractEvent
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
8f5681b1df
Agent: Init a callable class and subscribe to it
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
d672fcfffe
Agent: Fix a typo in ssh_handler
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
03d569cc00
Agent: Init SSHCredentialCollector with an IEventQueue
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
4aa71cba7e
Agent: Remove default values from CredentialsStolenEvent creation
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
486a7a9225
Common: Use a temporary hack to define non-defaults from a inherited class event
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
5f631a78f7
Agent: Remove IGUID from config
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
39f07603a7
Agent: Define integer GUID and use it in ssh_handler
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
b22ccdb942
Agent: Publish CredentialsStolenEvent each time we find a SSHKeypair
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
e439a53bde
UT: Fix SSHCredentialCollector test to accept IEventQueue
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
2610666f93
Agent: Publish an CredentialsStolenEvent from SSHCredentialCollector
2022-08-16 11:58:53 +02:00
Ilija Lazoroski
4952a544c0
Agent: Accept IEventQueue in SSHCollector constructor
2022-08-16 11:58:53 +02:00
Mike Salvatore
d09c1a689e
Merge pull request #2200 from guardicore/2191-fix-credentials-repository-get
...
2191 fix credentials repository get
2022-08-15 15:45:03 -04:00
Kekoa Kaaikala
e4f7707b66
Agent: Return credentials when credentials propagation fails
2022-08-15 19:25:54 +00:00
Kekoa Kaaikala
9e6a569393
Agent: Update credentials repository to cache per-instance
2022-08-15 19:25:54 +00:00
Mike Salvatore
500eeeb582
Merge pull request #2194 from guardicore/2191-trailing-url-slashes
...
Island: Remove trailing slashes before registering a URL
2022-08-15 14:25:28 -04:00
Kekoa Kaaikala
a67a4418c9
Island: Remove PropagationCredentials URL trailing slash
2022-08-15 18:04:56 +00:00
Mike Salvatore
96f794e192
UT: Mark TestEvent* classes with `__test__ = False`
2022-08-15 14:04:09 -04:00
Kekoa Kaaikala
19df4d9755
Island: Enforce "no trailing slash" rule for URLs
2022-08-15 18:01:32 +00:00
Mike Salvatore
4e9aa62c61
Merge pull request #2195 from guardicore/refactor-island-boot
...
Refactor island boot
2022-08-15 08:35:00 -04:00
Mike Salvatore
01e886f866
Project: Remove step in travis build to upgrade pipenv
...
It seems that every time a new version of pipenv is released it breaks
travis. For the moment, it seems that the magic combination is to
upgrade pip but not upgrade pipenv.
I've been unable to reproduce the issue outside of any environment other
than Travis CI.
Once we split our project up into multiple repos, we should strongly
consider switching to poetry.
2022-08-15 08:23:17 -04:00
Mike Salvatore
879f809aa4
Project: Use the latest pip in travis build
2022-08-15 07:37:36 -04:00
Mike Salvatore
fae4247505
Project: Add special `fix-travis` branch to travis build list
...
When attempting to fix an issue with travis, it's important to actually
run travis. In order to do this without a pull request, I've added a
special `fix-travis` branch to the list of branches travis is allowed to
build.
2022-08-15 07:34:39 -04:00
Mike Salvatore
9f89d3f508
Merge pull request #2193 from guardicore/2176-stolen-credentials-subscriber
...
2176 stolen credentials subscriber
2022-08-15 07:26:18 -04:00