Map "Back door user" PBA with "Create account" attack technique

"Create Account" turned off in the ATT&CK matrix config -> "Back door user" turns off in the PBA config section ... and vice-versa
2020-04-12 17:48:42 +05:30 · 2020-04-12 17:48:42 +05:30 · 7a3f747a10
parent 141abfe708
commit 7a3f747a10
2 changed files with 28 additions and 2 deletions
--- a/monkey/monkey_island/cc/services/config_schema.py
+++ b/monkey/monkey_island/cc/services/config_schema.py
@ -150,7 +150,7 @@ SCHEMA = {
                        "BackdoorUser"
                    ],
                    "title": "Back door user",
-                    "attack_techniques": []
+                    "attack_techniques": ["T1136"]
                },
                {
                    "type": "string",
@ -378,6 +378,7 @@ SCHEMA = {
                                "$ref": "#/definitions/post_breach_acts"
                            },
                            "default": [
+                                "BackdoorUser",
                                "CommunicateAsNewUser"
                            ],
                            "description": "List of actions the Monkey will run post breach"
--- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
@ -180,7 +180,19 @@ class ConfigurePageComponent extends AuthComponent {
      if (techType[1].properties.hasOwnProperty(technique)) {
        let tempMatrix = this.state.attackConfig;
        tempMatrix[techType[0]].properties[technique].value = value;
-        this.setState({attackConfig: tempMatrix});
+
+        if (technique == 'T1136') {
+          let newConfig = this.state.configuration;
+          if (value && !newConfig['monkey']['general']['post_breach_actions'].includes('BackdoorUser')) {
+              newConfig['monkey']['general']['post_breach_actions'].push('BackdoorUser');
+            }
+          else if (!value && newConfig['monkey']['general']['post_breach_actions'].includes('BackdoorUser')) {
+              let toRemoveIndex = newConfig['monkey']['general']['post_breach_actions'].indexOf('BackdoorUser');
+              newConfig['monkey']['general']['post_breach_actions'].splice(toRemoveIndex, 1);
+            }
+          this.setState({attackConfig: tempMatrix, configuration: newConfig});
+          this.configSubmit();
+      }

        // Toggle all mapped techniques
        if (!mapped) {
@ -205,6 +217,19 @@ class ConfigurePageComponent extends AuthComponent {
  updateConfigSection = () => {
    let newConfig = this.state.configuration;
    if (Object.keys(this.currentFormData).length > 0) {
+
+      if (this.currentSection == 'monkey') {
+        let tempMatrix = this.state.attackConfig;
+        if (this.currentFormData['general']['post_breach_actions'].includes('BackdoorUser')) {
+          tempMatrix['persistence'].properties['T1136'].value = true;
+        }
+        else {
+          tempMatrix['persistence'].properties['T1136'].value = false;
+        }
+        this.setState({attackConfig: tempMatrix});
+        this.matrixSubmit();
+      }
+
      newConfig[this.currentSection] = this.currentFormData;
      this.currentFormData = {};
    }