p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7,797 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

7797 Commits

Author SHA1 Message Date
Shreya Malviya 40b1ae0058 Agent: Modify puppet to run PBAs instead of using the mock puppet 2022-03-30 13:37:47 +05:30
Mike Salvatore 394088e39d BB: Reduce DELAY_BETWEEN_ANALYSIS 2022-03-29 16:10:20 -04:00
Mike Salvatore d596e8c593 Agent: Rename typing to custom_types 
Naming the module "typing" and then importing from "typing" within the
module itself caused some confusion for python and resulted in failed
builds.
 2022-03-29 14:28:16 -04:00
Mike Salvatore 8733d3f6c4 Swimm: update exercise Implement a new PBA — VW4rf3AxRslfT7lwaug7 2022-03-29 14:28:12 -04:00
Mike Salvatore 52ff1e894a Swimm: update exercise Add a new Post Breach Action (PBA) afMu3y3ny5lnrYFWl3EI 2022-03-29 14:28:07 -04:00
Mike Salvatore 2992d91f16
Merge pull request #1817 from guardicore/1801-credentials-store 
1801 credentials store
 2022-03-29 13:54:32 -04:00
Ilija Lazoroski 6ab7bd2f45 Agent, UT: Remove leftover that cause overwrite in CredentialsStore 
* Use `add` instead of `update` - `add` doesn't let to have duplicates
* Move TestTelem to conftest in UT telemetry messenger
 2022-03-29 19:53:39 +02:00
Mike Salvatore 7e476fb649 UT: Fix failing telemetry/pba tests 2022-03-29 13:38:18 -04:00
Mike Salvatore 2ecfdcfe46 Agent: Remove stale TODO in ZerologonExploiter 2022-03-29 13:02:26 -04:00
Mike Salvatore 9ded75d05d Agent: Update TODO in bit_manipulators.py 2022-03-29 12:57:31 -04:00
Mike Salvatore baa9de4087 Agent: Remove stale TODO in AutomatedMaster 2022-03-29 12:44:41 -04:00
Mike Salvatore a3c5d9dd7a Agent: Remove stale TODO in monkey.py 2022-03-29 12:40:20 -04:00
Mike Salvatore 763cf578c7 Agent: Move credentials request caching to AggregatingCredentialsStore 
The ControlChannel shouldn't be concerned with caching. It's mission
should be to service requests. The caching is more appropriately placed
in the AggregatingCredentialsStore.
 2022-03-29 12:00:57 -04:00
Ilija Lazoroski b49d9d9b9a Agent, UT: Update credentials store using `setdefault().update` 
* get_credentials use PropgationCredentials type
* private stored credentials in Aggregating Credentials Store
* initial values in credentials store constructor
* build_puppet accepts ICredentialsStore
* private telemetry_messenger in monkey
 2022-03-29 17:56:39 +02:00
Mike Salvatore def62940af Agent: Add PropagationCredentials type 2022-03-29 17:36:48 +02:00
Ilija Lazoroski e844ecf4e4 Agent: Create credentials store before building the puppet 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 638658178b Agent: Create credential attribute even if we don't have credentials 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 0a5fc84b4e Agent: Fix timeout in ZeroLogon 
Timeout should be on DCERPC transport factory.
 2022-03-29 17:36:48 +02:00
Ilija Lazoroski e7e6201d75 Agent: Use credential intercepting messenger in Zerologon 2022-03-29 17:36:48 +02:00
Ilija Lazoroski b8a72a9719 UT: Add credentials intercepting telemetry messenger tests 
Add __test__ to False to discard pytest warning about __init__
constructors of TestTelem classes
 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 06773ba9d9 UT: Fix AutomatedMaster unit test to include Credentials Store 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 1b9bbfe752 Agent: Fix ssh string to include proper user and ip 2022-03-29 17:36:48 +02:00
Ilija Lazoroski ccb0337aef Agent: Add return to get credentials method in Credentials Store 2022-03-29 17:36:48 +02:00
Ilija Lazoroski d434c20bcb Agent: Inject credentials store to Automated Master 
Intercept credentials and update the credentials store using
credentials intercepting telemetry messenger
 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 4de90584c9 Agent: Add Credentials intercepting telemetry messenger 2022-03-29 17:36:48 +02:00
Mike Salvatore eb6342e2f8 Agent: Add public credentials property to CredentialsTelem 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 5060ddb5d1 Agent: Fix logic in concrete Credentials Store 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 162dd0a920 UT: Add Credentials Store tests 2022-03-29 17:36:48 +02:00
Ilija Lazoroski b5d2d1d641 Agent: Implement concrete Credentials Store 2022-03-29 17:36:48 +02:00
Ilija Lazoroski cafbe97880 Agent: Add interface for Credentials Store 2022-03-29 17:36:48 +02:00
Mike Salvatore cf211bc46f
Merge pull request #1824 from guardicore/1604-itelemetrymessenger-in-pbas 
Telemetry messenger in PBAs
 2022-03-29 11:31:42 -04:00
vakarisz dbbdb508e3 Agent: Change PBA constructor to accept telemetry messenger 
This change allows to run different PBA's with different telemetry messengers
 2022-03-29 17:04:48 +03:00
Mike Salvatore 6937b1a5c5
Merge pull request #1825 from guardicore/check-supported-os-for-exploiters 
Check supported os for exploiters
 2022-03-29 09:57:24 -04:00
Mike Salvatore a2e283e824 UT: Update automated_master_config.json 2022-03-29 09:49:43 -04:00
Mike Salvatore 8737a3df89 Agent: Remove disused HostExploiter._TARGET_OS_TYPE 2022-03-29 09:49:43 -04:00
Mike Salvatore ddbe5b463f Agent: Skip exploiter if victim OS is not supported 2022-03-29 09:49:41 -04:00
Shreya Malviya 1c24411b26 Agent: Pass telemetry messenger to PBAs for sending ATT&CK telem 2022-03-29 16:29:24 +03:00
Shreya Malviya 8d4c29fc06 Agent: Fix return types for run_pba in puppets and master 2022-03-29 18:38:25 +05:30
Shreya Malviya 314bc49d1c
Merge pull request #1822 from guardicore/1604-modify-pbas-to-return-postbreachdata 
Modify PBAs to return PostBreachData
 2022-03-29 18:23:50 +05:30
Shreya Malviya 246a72c940 Agent: Modify comment in shell startup PBA to make more sense 2022-03-29 17:16:17 +05:30
Shreya Malviya 70186a40f6 Agent: Remove comment from function in backdoor user PBA since the code is self-explanatory 2022-03-29 17:13:44 +05:30
vakarisz ba49e4d23e Agent: Small style improvements in PBA code 2022-03-29 14:20:29 +03:00
Shreya Malviya 1f2867a70a Project: Add ProcessListCollection to Vulture's allowlist 2022-03-29 14:20:29 +03:00
Shreya Malviya 61ff95b568 Agent: Modify PBAs to return Iterable[PostBreachData] 2022-03-29 14:20:29 +03:00
Shreya Malviya 778f230589 Agent: Modify remaining PBAs to yield PostBreachData 2022-03-29 14:20:29 +03:00
Shreya Malviya ec2b2beca5 Agent: Modify PBAs to yield PostBreachData instead of returning it 
This is done mainly because of the hide files PBA which needs to send
telemetry two times. It also makes more sense to do it this way so that
it's easier to send telemetry multiple times in any PBA.
 2022-03-29 14:20:28 +03:00
Shreya Malviya 28ff112872 Agent: Modify hide files PBA to return PostBreachData 2022-03-29 14:20:25 +03:00
Shreya Malviya 8418a5ce77 Agent: Modify modify shell startup files PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 29d40f8e9d Agent: Modify communicates as backdoor user PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 0b2ac96dee Agent: Modify use signed scripts PBA to return PostBreachData 2022-03-29 14:18:22 +03:00