Commit Graph

6195 Commits

Author SHA1 Message Date
Mike Salvatore 60e34636ec UI: Fix stupid typo in the attack section of the ransomware report 2021-09-14 12:50:39 -04:00
Mike Salvatore 1d991be6b4 Update CHANGELOG.md 2021-09-14 12:30:43 -04:00
Mike Salvatore f54b759d92
Merge pull request #1459 from guardicore/extract-deployment-field
Extract deployment field from server config
2021-09-14 12:24:46 -04:00
Mike Salvatore 3287f4831e Build: Remove deployment.json files 2021-09-14 12:22:03 -04:00
Mike Salvatore 238810e743 Build: Remove unused install_common_build_prereqs() 2021-09-14 12:09:13 -04:00
Ilija Lazoroski 6ebe2e391b Island: Add more exceptions to get_deployment_from_file 2021-09-14 16:54:06 +02:00
Mike Salvatore 412aefab3e Island: Switch get_deployment_from_file() to use Paths 2021-09-14 10:19:14 -04:00
VakarisZ ed93971595 Remove the empty test_server_config_handler.py file. 2021-09-14 14:49:30 +03:00
Mike Salvatore 58ed42a247 Agent: Add comment regarding NTLM hashes to format_password() 2021-09-14 07:44:03 -04:00
Shreya Malviya 38011f20b5 island: Remove unnecessary type conversion in log statement 2021-09-14 16:05:19 +05:30
Shreya Malviya 686f65e4f4 tests: Move monkeypatch statements to fixtures in test_version_update.py 2021-09-14 16:04:06 +05:30
Shreya Malviya 90c6392e16 island, tests: Handle exceptions when getting deployment type from file and add related tests 2021-09-14 15:47:50 +05:30
Shreya Malviya 9fd6ea9598 island, tests: Modify function to get deployment type with file path as input and modify related tests 2021-09-14 14:02:24 +05:30
Ilija Lazoroski c1fc56d4ce Island: Change monkey code to use deployment.json
Add UTs for get_deployment. Fix Enviroment UTs.
2021-09-13 18:47:28 +02:00
VakarisZ 4759fe1581
Merge pull request #1458 from guardicore/1450/av_explanation_missing_binary
UI: Add AV explanation if binaries are missing
2021-09-13 09:24:34 +03:00
Mike Salvatore 8d2b704bd9 Docs: Fix broken link in FAQ 2021-09-11 13:15:55 -04:00
VakarisZ 45429f6b29
Merge pull request #1457 from guardicore/1126/ut_for_pba_file_upload
UT: Add unit tests for pba_upload
2021-09-10 17:03:54 +03:00
Ilija Lazoroski 92b829ede2 UI: Add AV explanation if binaries are missing 2021-09-10 15:39:28 +02:00
Ilija Lazoroski c348a01b16 UT: Improve readability on pba_file_upload 2021-09-10 14:48:39 +02:00
Shreya Malviya 78ab3f176c tests: Remove deployment field from unit tests' server configs 2021-09-10 17:41:43 +05:30
Ilija Lazoroski 2fd38061b2 UT: Add unit tests for pba_upload 2021-09-10 14:10:31 +02:00
Shreya Malviya 2b4beb2200 island: Don't set deployment type from server config in env config 2021-09-10 17:36:57 +05:30
Shreya Malviya a62328dcf6 island: Get deployment type from file in env config 2021-09-10 17:31:33 +05:30
Shreya Malviya 2af3878e81 common: Pick up version details from deployment.json in common/version.py 2021-09-10 16:36:26 +05:30
Shreya Malviya 2b9b755177 island: Extract deployment type and version number into deployment.json 2021-09-10 16:29:31 +05:30
Shreya Malviya c46c02507f build_scripts: Extract deployment field from server configs to separate files for appimage and docker 2021-09-10 15:21:34 +05:30
VakarisZ dec2fc43c2
Merge pull request #1449 from guardicore/powershell-exploiter-ntlm-hashes
Use LM and NT hashes in powershell exploiter
2021-09-09 11:56:02 +03:00
Ilija Lazoroski 1ba10d7059 UT: Fix powershell copy_file tests 2021-09-09 10:35:24 +02:00
VakarisZ cc1c049ee9 Refactor test_login_attemps_correctly_reported in test_powershell.py to address the changes in the flow of powershell and powershell client 2021-09-09 11:34:38 +03:00
VakarisZ e44e8f503e Refactor powershell client to not perform actions on init and clean up powershell exploiter a bit 2021-09-07 12:18:34 +03:00
Shreya Malviya eefd7a69e8
Merge pull request #1453 from guardicore/bugfix-expanded-report-reset
Don't collapse PBA table in security report on data change
2021-09-07 13:09:00 +05:30
Shreya Malviya f917258979 CHANGELOG: Add entry for bugfix (table collapse on reset) 2021-09-06 18:33:23 +05:30
Shreya Malviya 114758978b cc: Set `collapseOnDataChange` to false in PBA table in security report 2021-09-06 18:31:35 +05:30
Ilija Lazoroski d27194c568 Zoo: Fix powershell bb config for ntlm hash 2021-09-06 13:50:24 +02:00
Shreya Malviya 6740812f4b
Merge pull request #1439 from guardicore/remove-standard-environment
Remove standard environment (insecure access feature)
2021-09-06 13:18:27 +05:30
VakarisZ 57908b94eb
Merge pull request #1452 from guardicore/1418/bb-to-use-credentials
Zoo: Change island to use credentials
2021-09-06 10:28:39 +03:00
Ilija Lazoroski 1e5d49024d Zoo: Change island to use credentials 2021-09-06 09:17:15 +02:00
VakarisZ 17bc9e3f75
Merge pull request #1451 from guardicore/logo_overlap_bugfix
Fix the Guardicore logo overlap
2021-09-03 15:33:08 +03:00
VakarisZ f2739f426c Add a CHANGELOG.md entry about the fixed Guardicore logo overlapping 2021-09-03 15:30:50 +03:00
VakarisZ 4dbd7b41f5 Fix the Guardicore logo which is overlaping the landing page buttons on smaller screens 2021-09-03 15:27:04 +03:00
Mike Salvatore 65c9be90d3 Docs: Add NTLM hash details to PowerShell exploiter docs 2021-09-02 14:29:07 -04:00
Mike Salvatore 71c4e4d8dc Agent: Fix incorrect host arch identification in PowerShellClient 2021-09-02 14:06:36 -04:00
Mike Salvatore 1a1a130716 Agent: Format NT/LM hashes for use with pypsrp in PowerShellClient 2021-09-02 13:26:24 -04:00
Mike Salvatore 9cc488d36a Agent: Remove powershell_utils/utils.py
Move single function that was previously in
powershell_utils/utils.py to powershell.py
2021-09-02 13:26:24 -04:00
Mike Salvatore 501fc162b4 Agent: Attempt login with LM and NT hashes in PowerShellExploiter 2021-09-02 13:26:23 -04:00
Mike Salvatore a2e6b0bfbd Agent: Add LM and NT hashes to PowerShell Credentials
Adds two list parameters to get_credentials() that contain LM and NT
hashes respectively. Adds a "secret_type" field to Credentials so that
the user of the Credentials object can distinguish between using cached
credentials (on windows), passwords, and NT or LM hashes.
2021-09-02 12:29:49 -04:00
Mike Salvatore 3a6f725cc4 Agent: Rename Credentials.password to Credentials.secret
The PowerShell Credentials dataclass will hold more than just passwords.
It will also hold NT and LM hashes. "secret" is, therefore, a more
accurate name than "password".
2021-09-02 12:02:30 -04:00
Mike Salvatore 0ecbfdea38
Merge pull request #1446 from guardicore/powershell-exploiter-refactor
Powershell exploiter refactor
2021-09-02 11:58:01 -04:00
Mike Salvatore 023d6a2d04 Tests: Add more tests for PowerShellExploiter 2021-09-02 11:54:22 -04:00
Mike Salvatore 936074605f Agent: Ensure temp file is removed by PowerShellExploiter 2021-09-02 11:53:13 -04:00