p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5,423 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

5423 Commits

Author SHA1 Message Date
Mike Salvatore 3d403a92e8 agent: Fix incorrect config in ransomware payload 2021-06-25 10:21:08 -04:00
Mike Salvatore 1294e38f6e
Merge pull request #1259 from guardicore/ransomware-telemetry 
Ransomware telemetry
 2021-06-25 10:16:42 -04:00
Mike Salvatore 76cf8a1bb4 agent: Wrap ransomware payload build/run in run_ransomware() 2021-06-25 09:19:15 -04:00
Mike Salvatore 6773f695ba agent: Use ITelem in send_telemetry() typehint 2021-06-24 15:57:10 -04:00
Mike Salvatore 7b9c39edc6 Remove RansomwareTelem from vulture_allowlist 2021-06-24 15:55:17 -04:00
Mike Salvatore 76da583420 agent: Send telemetry from ransomware payload 2021-06-24 15:49:19 -04:00
Mike Salvatore 21525be192 agent: Use ITelem in ITelemetryMessenger.send() typehint 2021-06-24 13:55:09 -04:00
Mike Salvatore 46da0b7b1f agent: Add ITelem interface 
Create a telemetry interface that sits above the BaseTelem abstract
class to allow telemetries to be extended without inheritance.
 2021-06-24 12:07:14 -04:00
Mike Salvatore 77e3c8a257 agent: Add telemetry messenger interface 
The telemetry classes have too many responsibilities. At the moment, one
such responsibility is to send themselves to the island. As our plugin
interfaces develop, the need may arise to send telemetry using different
mechanisms. To isolate the RansomwarePayload from these changes, the
ITelemetryMessenger interface is introduced in this commit. It provides
a send_telemetry() method that handles the specific details of how
telemetry is sent to the Island.

At the present time, the TelemetryMessengerWrapper class is introduced
to handle sending telemetry. It simply wraps the existing send() method
on the telemetry class.
 2021-06-24 10:26:00 -04:00
Shreya cec8341b17 tests: Add unit tests for ransomware telem 2021-06-24 10:26:00 -04:00
Shreya 29bd48f703 telem: Add ransomware telemetry 2021-06-24 10:26:00 -04:00
Shreya d600aa7208 telem: Add telem category for ransomware 2021-06-24 10:26:00 -04:00
Mike Salvatore 6744ee71fc
Merge pull request #1264 from guardicore/ransomware-bitflip-encryption 
Ransomware bitflip encryption
 2021-06-24 08:24:52 -04:00
Mike Salvatore ef209a693c agent: Remove second file from test_file_encrypted_in_place() 2021-06-24 07:00:44 -04:00
Mike Salvatore f1e592380b agent: Rename test_file_with_included_extension_encrypted 2021-06-24 07:00:06 -04:00
Mike Salvatore 70480c7011 agent: Rename RansomwareBitflipEncryptor -> BitflipEncryptor 2021-06-23 11:05:34 -04:00
Mike Salvatore 1929ea7dae agent: Add file_selectors.select_production_safe_target_files() 2021-06-23 11:01:58 -04:00
Mike Salvatore 97cf198965 agent: Narrow the responsibilities of RansomwareBitflipEncryptor 2021-06-23 10:50:14 -04:00
Mike Salvatore 2ea5dc6ac7 tests: Add missing test_lib.dll 
The .gitignore file prevents dlls from being added to git. Since this
isn't a real dll, but is only used for testing, we can add it anyway.
 2021-06-23 09:57:27 -04:00
Mike Salvatore 9165737389 agent: Use larger chunk size in RansomwarePayload 
The larger chunk size improves efficiency by reducing the number of
reads.
 2021-06-23 09:42:12 -04:00
Mike Salvatore ae0dfec3cc agent: Return results from RansomwareBitflipEncryptor.encrypt_files() 2021-06-23 09:37:33 -04:00
Mike Salvatore f1a365def2 agent: Add unit test for RansomwareBitflipEncryptor 2021-06-23 09:19:46 -04:00
Mike Salvatore 707b40608a tests: Extract ransomware target files to ransomware_target_files.py 2021-06-23 09:08:36 -04:00
Mike Salvatore d99811f83f tests: Move ransomware_target() fixture to ransomware/conftest.py 2021-06-23 09:04:24 -04:00
Mike Salvatore 45ba743418 tests: Move hash_file() into tests/utils.py 2021-06-23 09:01:42 -04:00
Mike Salvatore ab40518881 agent: Extract bitflip encryption into its own class 2021-06-23 08:56:12 -04:00
Mike Salvatore 2c97d04673 Agent: Don't run ransomware payload if no directory was specified 2021-06-23 08:34:09 -04:00
Mike Salvatore 7149e112b0 agent: Remove dirs_exist_ok from shutil.copytree() call 
The dirs_exist_ok parameter of shutil.copytree() was introduced in
Python 3.8. Since the agent uses python3.7 in order to be more
compatible with older systems, we can't use this parameter.
 2021-06-23 08:14:34 -04:00
Mike Salvatore 6307606010 Remove get_files_to_encrypt from Vulture's allow list 2021-06-23 07:14:57 -04:00
Mike Salvatore 297adcf015 agent: Don't redefine EXTENSION in ransomware tests 2021-06-23 07:10:55 -04:00
Mike Salvatore 447138c079 agent: Rename RansomewarePayload.target_dir -> _target_dir 2021-06-23 06:57:31 -04:00
Mike Salvatore cef3bd618d agent: Test that ransomware payload does not encrypt recursively 2021-06-23 06:57:31 -04:00
Mike Salvatore 2dd75d7d0c agent: Rename files encrypted by ransomware with .m0nk3y extension 2021-06-23 06:57:31 -04:00
Mike Salvatore 1ff348d2fc agent: Add in-place, bitflip encryption to RansomwarePayload 2021-06-23 06:57:31 -04:00
Mike Salvatore 3edaffa922 agent: Add utility functions for flipping bits 2021-06-23 06:57:31 -04:00
Mike Salvatore 2b1ba994a4 agent: Remove errant "f" in format string 2021-06-23 06:55:35 -04:00
Mike Salvatore 8226512340
Merge pull request #1263 from guardicore/ransomware-ignore-links 
Ransomware ignore links
 2021-06-23 06:41:47 -04:00
Mike Salvatore b35670eadb Merge branch 'ransomware-iterate-files' into develop 2021-06-23 06:41:07 -04:00
VakarisZ f5ebd2d39a Fix a bug of incorrect access to ransomware config options in ransomware_payload.py 2021-06-23 11:48:24 +03:00
Mike Salvatore 2549f088d1 agent: Do not encrypt Windows shortcuts in ransomware simulation 
In order to keep Infection Monkey safe for production environments, the
ransomware payload will explicitly ignore Windows shortcuts to prevent
important files from accidentally getting encrypted.
 2021-06-22 15:27:48 -04:00
Mike Salvatore 41bf137ee4 agent: Add is_not_shortcut_filter() 
Adds a filter that can be used with filter_files() to return only files
that are not Windows shortcuts.
 2021-06-22 15:27:48 -04:00
Mike Salvatore 4eaa568479 agent: Do not encrypt symlinks in ransomware simulation 
In order to keep Infection Monkey safe for production environments, the
ransomware payload will explicitly ignore symlinks to prevent important
files from accidentally getting encrypted.
 2021-06-22 15:27:39 -04:00
Mike Salvatore 14845c659a agent: Add is_not_symlink_filter() 
Adds a filter that can be used with filter_files() to return only files
that are not symlinks.
 2021-06-22 15:27:33 -04:00
Mike Salvatore bfa640444e agent: Test filter_files() with multiple filters 2021-06-22 15:11:32 -04:00
Mike Salvatore 30f88ca319 agent: Refactor add_subdirs_to_dir in test_dir_utils.py 2021-06-22 14:07:31 -04:00
Mike Salvatore b643cd1edd agent: Reimplement get_all_regular_files_in_directory using filter_files 2021-06-22 13:49:17 -04:00
Mike Salvatore f33772060f agent: Rename get_all_files_in_directory() 
Rename get_all_files_in_directory() ->
get_all_regular_files_in_directory(), as this name is more explicit
about exactly which files will be included in the function's output.
 2021-06-22 13:46:03 -04:00
Mike Salvatore db8dfd9f17 agent: Refactor filter_files to accept a list of filters 2021-06-22 13:43:27 -04:00
Mike Salvatore a8ebe6ae76 agent: Replace self.config with self.target_dir in RansomewarePayload 2021-06-22 13:31:20 -04:00
Mike Salvatore 0b953c8cff agent: Remove ransomware/utils.py 
The code for getting files to encrypt has become so trivial that it no
longer warrants a separate function outside of _find_files().
 2021-06-22 13:23:14 -04:00