p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
10,005 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

6875 Commits

Author SHA1 Message Date
Mike Salvatore 0607f36404 Common: Move transforms from monkey_island to common 2022-08-24 08:54:41 -04:00
Mike Salvatore fc14a1f573 Common: Make InfectionMonkeyModelConfig immutable 2022-08-24 08:54:41 -04:00
Mike Salvatore 3a94be8766 Common: Move base_models.py to common 2022-08-24 08:54:41 -04:00
Mike Salvatore acc158db44 Island: Use HardwareId in Machine model 2022-08-24 08:54:41 -04:00
Mike Salvatore f418571d93 Common: Add HardwareID type 2022-08-24 08:54:41 -04:00
Kekoa Kaaikala 15bd9a31c6 Agent: Pass ITelemetryMessenger to Ransomware 2022-08-23 20:05:52 -04:00
Mike Salvatore a28cd97c0d Common: Store strongrefs to subscribers 2022-08-23 19:59:57 -04:00
Mike Salvatore 9ab2c0bc6a Agent: Add debug logging to add_creds_from_event_to_prop_creds_repo() 2022-08-23 19:59:57 -04:00
Mike Salvatore 0b8355c8a4 Common: Add debug logging to PyPubSubEventQueue 2022-08-23 10:00:34 -04:00
Mike Salvatore 0864593176 Agent: Add more debug logging to Agg'Prop'Cred'Repo' 2022-08-23 10:00:26 -04:00
Shreya Malviya 512403c1e0 UI: Fix spelling mistake on configuration page 2022-08-22 18:06:53 +05:30
Mike Salvatore b7b3f28213 UT: Fix formatting in test_transforms.py 2022-08-22 08:02:25 -04:00
Mike Salvatore 0e78129515 Common: Rename OperatingSystems -> OperatingSystem 
By convention, Enum names are singular.
 2022-08-19 12:10:43 -04:00
Mike Salvatore 9fb0532646 IT: Speed up ransomware extension test by disabling readme feature 
Reduces the runtime from 1.25s to under 0.005s
 2022-08-19 11:53:36 -04:00
Mike Salvatore 4a05c5a250 Island: Add agent model 2022-08-19 11:31:14 -04:00
Mike Salvatore a625cc4583 Island: Rename Machine.node_id -> hardware_id 
"hardware_id" more accurately explains the data we want to store. It
also avoids any confusion resulting from overloading the term "node".
 2022-08-19 11:31:14 -04:00
Mike Salvatore 59fd83f0a0 Island: Add Node model 2022-08-19 11:31:14 -04:00
Mike Salvatore 5b4b7f0049 Island: Use make_immutable_sequence() when constructing Machine 2022-08-19 11:31:14 -04:00
Mike Salvatore b3bfc598a3 Island: Add transform functions to make immutable copies of sequences 2022-08-19 11:31:14 -04:00
Mike Salvatore 3fd7051869 Island: Add MachineID type definition 2022-08-19 11:31:14 -04:00
Mike Salvatore 54db99350d Island: Add CommunicationType Enum 2022-08-19 11:31:14 -04:00
Mike Salvatore b6e04074a4 Island: Make Machine.network_interfaces immutable 2022-08-19 11:31:14 -04:00
Mike Salvatore a4a4613a66 Island: Add a Machine model 2022-08-19 11:31:14 -04:00
Mike Salvatore 09474ac1fe Island: Add base models for pydantic classes 2022-08-19 11:31:11 -04:00
Mike Salvatore b5581d76b2 Island: Add pydantic to Python dependencies 2022-08-19 11:30:07 -04:00
Mike Salvatore ce390e41b8
Merge pull request #2206 from guardicore/1242-allow-custom-ransomware-extension 
1242 allow custom ransomware extension
 2022-08-19 09:48:34 -04:00
Ilija Lazoroski 9b08b2942f Agent: Initialize MimikatzCollector with a event_queue 2022-08-19 10:12:43 +02:00
Kekoa Kaaikala 59ad57ccbd Agent: Discard the right file extension 2022-08-18 17:51:24 +00:00
Kekoa Kaaikala b5c6240190 UT: Move a ransomware test to integration_tests 2022-08-18 17:46:55 +00:00
Kekoa Kaaikala 9cbee5ba6d UT: Test that ransomware applies the file extension 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 880c2fe707 Agent: Add file extension to ransomware 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 0797afb9a0 UI: Allow for empty file extension 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 194f08c294 Agent: Add file extension to default agent config 2022-08-18 15:30:21 +00:00
Kekoa Kaaikala ae1fbb7cc5 Agent: Add file extension to RansomwareOptions 2022-08-18 15:30:14 +00:00
ilija-lazoroski 808bf5fee9
Merge pull request #2205 from guardicore/2179-create-ieventserializer 
Event serializer
 2022-08-18 16:06:14 +02:00
Ilija Lazoroski ff0469690f UT: Add type checking tests for EventSerializer Registry 2022-08-18 15:54:11 +02:00
Ilija Lazoroski b541dc465d Common: Type checking in EventSerializerRegistry 2022-08-18 15:54:04 +02:00
Mike Salvatore c55098e186
Merge pull request #2197 from guardicore/2176-remove-credentials-intercepting-telemetry-messenger 
2176 remove credentials intercepting telemetry messenger
 2022-08-18 06:39:42 -04:00
Mike Salvatore bc0c46bfb9
Merge pull request #2201 from guardicore/2176-publish-credentials-stolen-in-mimikatz 
CredentialsStolenEvent in MimikatzCredentialCollector
 2022-08-18 06:37:40 -04:00
Ilija Lazoroski 4b1ad70f84 Common: Set event to registry only by class 2022-08-18 10:33:10 +02:00
Ilija Lazoroski aeaabbccc4 UT: Test EventSerializerRegistry 2022-08-18 10:31:10 +02:00
Ilija Lazoroski e83503e65a Common: Export EventSerializerRegistry from __init__ 2022-08-18 10:30:38 +02:00
Ilija Lazoroski a32d9359b0 Common: Accept Union[str, Type[AbstractEvent]] in EventSerializerRegistry 2022-08-18 09:44:45 +02:00
Ilija Lazoroski 23604009a0 Common: Fix hint in IEventSerializer 2022-08-18 09:32:02 +02:00
Ilija Lazoroski 20f529d6a2 UT: Separate mimikatz credentials stolen event test 2022-08-18 09:22:59 +02:00
Kekoa Kaaikala 4f776f0102 UI: Add field for ransomed file extension 2022-08-17 20:10:23 +00:00
Shreya Malviya 141c766b51 Common: Add EventSerializerRegistry 2022-08-17 21:29:06 +05:30
Shreya Malviya 0b9191ca43 Common: Add IEventSerializer to common/event_serializers/__init__.py 2022-08-17 21:28:33 +05:30
Kekoa Kaaikala 639fb26445 Agent: Improve the speed of bit flipping code 
- Remove a function call
- Use a generator
- Use a more efficient flip calculation (subtraction instead of xor)

Issue #2123
 2022-08-17 10:52:57 -04:00
Shreya Malviya 6722057491 Agent: Use existing patch function in test_pypykatz_result_parsing_no_secrets 2022-08-17 18:03:07 +05:30
Shreya Malviya c09adfb01b Common: Add IEventSerializer 2022-08-17 17:57:28 +05:30
Shreya Malviya 4334740002 UT: Simplify test_mimikatz_credentials_stolen_event_published 2022-08-17 17:31:06 +05:30
Shreya Malviya 2c3b29493f Agent: Define SSH_COLLECTOR_EVENT_TAGS as a frozenset 2022-08-17 17:29:48 +05:30
Shreya Malviya 5747c2e8b4 UT: Update MimikatzCredentialCollector test now that MIMIKATZ_EVENT_TAGS is a frozenset 2022-08-17 17:28:44 +05:30
Shreya Malviya 3dca01d5d5 Agent: Define MIMIKATZ_EVENT_TAGS as a frozenset 2022-08-17 17:28:18 +05:30
Shreya Malviya a3ddd6fb42 Common: Create directory and files for event serializer 2022-08-17 17:25:44 +05:30
Ilija Lazoroski 69e1f21312 Agent: Use frozenset for zerologon event tags 2022-08-17 13:45:13 +02:00
Ilija Lazoroski 74b9dd58fc Agent: Add _ATTACK_TECHNIQUE to zerologon technique tags 2022-08-17 12:11:23 +02:00
Shreya Malviya f9f3daffa7 UT: Add missing type hint to event_queue_subscriber fixture 2022-08-17 14:48:16 +05:30
Shreya Malviya f510b89c08 UT: Move event_queue_subscriber fixture back to test_pypubsub_event_queue.py 2022-08-17 14:46:54 +05:30
Shreya Malviya 11901b1835 UT: Simplify variable logic in MimikatzCredentialCollector's event publishing test 2022-08-17 14:44:43 +05:30
Shreya Malviya eb17b20625 UT: Simplify MimikatzCredentialCollector's event publishing test 2022-08-17 14:41:26 +05:30
Shreya Malviya 8f789b9d60 Agent: Remove unneeded argument passed to CredentialsStolenEvent in MimikatzCredentialCollector 2022-08-17 11:52:02 +05:30
Shreya Malviya 7faf6d3ecf Agent: Modify Mimikatz credential collector's attack technique tags' strings 2022-08-17 11:50:38 +05:30
Shreya Malviya 457cc6be27 Agent: Modify Mimikatz credential collector tag string 2022-08-17 11:49:43 +05:30
Shreya Malviya a0cf3d65f4 Agent: Rename variable in SSH handler 2022-08-17 11:48:35 +05:30
Shreya Malviya 140967b05f UT: Use event_queue_subscriber fixture in MimikatzCredentialCollector tests 2022-08-17 11:47:52 +05:30
Shreya Malviya b6c7001294 UT: Use event_queue_subscriber fixture in PyPubSubEventQueue tests 2022-08-17 11:47:52 +05:30
Shreya Malviya 2fbe9f3a4a UT: Create event_queue_subscriber fixture 2022-08-17 11:47:52 +05:30
Shreya Malviya b7ada959fa UT: Simplify MimikatzCredentialCollector's event publishing test 2022-08-17 11:47:52 +05:30
Shreya Malviya 95a3be0273 UT: Add test to check CredentialStolenEvent is published in MimikatzCredentialCollector 2022-08-17 11:47:52 +05:30
Shreya Malviya f453ff21fd UT: Pass event queue to MimikatzCredentialCollector's constructor in tests 2022-08-17 11:47:52 +05:30
Shreya Malviya c8a2c2156b Agent: Fix variable name in MimikatzCredentialCollector 2022-08-17 11:47:51 +05:30
Shreya Malviya 56770d25c6 Agent: Publish credentials stolen event in MimikatzCredentialCollector 2022-08-17 11:47:51 +05:30
Shreya Malviya e03f140749 Agent: Add function to publish credentials stolen event in Mimikatz credential collector 2022-08-17 11:47:51 +05:30
Shreya Malviya b5058ce611 Agent: Add event tag constants for Mimikatz credential collector 2022-08-17 11:47:51 +05:30
Shreya Malviya d745e10bf1 Agent: Accept event queue in Mimikatz collector's constructor 2022-08-17 11:47:51 +05:30
Ilija Lazoroski 3a9830415c Agent: Use default target for ZerologonExploiter event 2022-08-17 00:58:45 +02:00
Ilija Lazoroski f8b56dd171 Agent: Add T1098 (Account Manipulation) to ZerologonExploiter 2022-08-17 00:58:45 +02:00
Ilija Lazoroski 3c8091d242 Agent: Add T1003 tag to zerologon exploiter 2022-08-17 00:58:45 +02:00
Ilija Lazoroski b0f76383c4 Agent: Change zerologon tag to `zerologon-exploiter 
`
 2022-08-17 00:58:45 +02:00
Ilija Lazoroski 550c7465fa Agent: Add IEventQueue to ExploitWrapper 2022-08-17 00:58:45 +02:00
Ilija Lazoroski d400fcb215 Agent: Extract zerologon tags into constant 2022-08-17 00:58:45 +02:00
Ilija Lazoroski aaef2f1f81 UT: Fix Powershell tests to accept IEventQueue 2022-08-17 00:58:45 +02:00
Ilija Lazoroski 76bbe62c3b Agent: Modify Zerologon to publish CredentialsStolenEvent 2022-08-17 00:55:09 +02:00
Ilija Lazoroski f171e548f3 Agent: Modify exploiter wrapper to accept IEventQueue 2022-08-17 00:55:09 +02:00
Ilija Lazoroski c6cb477474 Agent: Add event_queue to the exploit_host in HostExploiter 2022-08-17 00:55:09 +02:00
Ilija Lazoroski fb0f7c86af Agent: Remove usage of CredentialsInterceptingTelemetryMessenger 2022-08-17 00:24:59 +02:00
Ilija Lazoroski 8dd6c5b7c2 Agent: Remove CredentialsInterceptingTelemetryMessenger 2022-08-17 00:21:05 +02:00
Ilija Lazoroski eec48e9cd8 Agent: Remove target from SSHCredentialCollector event construction 2022-08-16 17:31:02 +02:00
Ilija Lazoroski 205ff84b31 Common: Add defaults for each argument in AbstractEvent 2022-08-16 17:30:30 +02:00
Ilija Lazoroski b3d37d9223 Agent: Change SSHCredentialCollector tag to lowercase 2022-08-16 17:27:43 +02:00
Ilija Lazoroski 5466bd5dba UT: Remove unneeded fixture in SSHCredentialCollector tests 2022-08-16 17:26:25 +02:00
Ilija Lazoroski 142136dd41 Agent: Remove duplication in SSHCredentialCollector 2022-08-16 17:14:37 +02:00
Ilija Lazoroski d38a386f67 Agent: Add prefix `attack-` to attack tecniques tags 2022-08-16 14:25:28 +02:00
Ilija Lazoroski c18ceff85d Agent: Remove unneeded variable in SSHCredentialCollector 2022-08-16 14:24:26 +02:00
Ilija Lazoroski ea9082d412 Agent: Remove hack_event from CredentialsStolenEvent 2022-08-16 14:23:25 +02:00
Mike Salvatore 1d79d98689 Agent: Rename credentials_store -> propagation_credentials_repository 2022-08-16 08:17:04 -04:00
Ilija Lazoroski c3557caf1c Agent: Add _ATTACK_TECHNIQUE_ to attack_technique tags 2022-08-16 14:11:16 +02:00
Ilija Lazoroski fdd0368837 Agent: Extract SSH collector tags into constants 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 706a626d24 Agent: Move subscribtion to a separate method for readability 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 2a94a67767 Agent: Rename usr_info to user_info in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 88bb856859 Common: Reorder params in docstring AbstractEvent 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 8f5681b1df Agent: Init a callable class and subscribe to it 2022-08-16 11:58:53 +02:00
Ilija Lazoroski d672fcfffe Agent: Fix a typo in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 03d569cc00 Agent: Init SSHCredentialCollector with an IEventQueue 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 4aa71cba7e Agent: Remove default values from CredentialsStolenEvent creation 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 486a7a9225 Common: Use a temporary hack to define non-defaults from a inherited class event 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 5f631a78f7 Agent: Remove IGUID from config 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 39f07603a7 Agent: Define integer GUID and use it in ssh_handler 2022-08-16 11:58:53 +02:00
Ilija Lazoroski b22ccdb942 Agent: Publish CredentialsStolenEvent each time we find a SSHKeypair 2022-08-16 11:58:53 +02:00
Ilija Lazoroski e439a53bde UT: Fix SSHCredentialCollector test to accept IEventQueue 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 2610666f93 Agent: Publish an CredentialsStolenEvent from SSHCredentialCollector 2022-08-16 11:58:53 +02:00
Ilija Lazoroski 4952a544c0 Agent: Accept IEventQueue in SSHCollector constructor 2022-08-16 11:58:53 +02:00
Mike Salvatore d09c1a689e
Merge pull request #2200 from guardicore/2191-fix-credentials-repository-get 
2191 fix credentials repository get
 2022-08-15 15:45:03 -04:00
Kekoa Kaaikala e4f7707b66 Agent: Return credentials when credentials propagation fails 2022-08-15 19:25:54 +00:00
Kekoa Kaaikala 9e6a569393 Agent: Update credentials repository to cache per-instance 2022-08-15 19:25:54 +00:00
Mike Salvatore 500eeeb582
Merge pull request #2194 from guardicore/2191-trailing-url-slashes 
Island: Remove trailing slashes before registering a URL
 2022-08-15 14:25:28 -04:00
Kekoa Kaaikala a67a4418c9 Island: Remove PropagationCredentials URL trailing slash 2022-08-15 18:04:56 +00:00
Mike Salvatore 96f794e192 UT: Mark TestEvent* classes with `__test__ = False` 2022-08-15 14:04:09 -04:00
Kekoa Kaaikala 19df4d9755 Island: Enforce "no trailing slash" rule for URLs 2022-08-15 18:01:32 +00:00
Mike Salvatore 4e9aa62c61
Merge pull request #2195 from guardicore/refactor-island-boot 
Refactor island boot
 2022-08-15 08:35:00 -04:00
Ilija Lazoroski f6712c5f84 Agent: Subscribe CredentialsStolenEvent to the EventQueue 2022-08-15 10:02:00 +02:00
Ilija Lazoroski b3ac7a6538 UT: Add tests for adding credentials from event to repository 2022-08-15 09:30:04 +02:00
Ilija Lazoroski db8e1e50da Agent: Add add_credentials_from_event_to_propagation_credentials_repository 
Callable class that adds credentials to the propagation credentials
repository
 2022-08-15 09:30:04 +02:00
Mike Salvatore d6e0b03a64 Island: Move island log file registration to setup_server.py 2022-08-12 12:02:23 -04:00
Mike Salvatore fdc041ead6 Island: Only call get_ip_addresses() once in server_setup.py 2022-08-12 11:57:31 -04:00
Mike Salvatore 315c17eb48 Island: Remove unneeded ANALYTICS_URL constant 2022-08-12 11:53:33 -04:00
Mike Salvatore 6da38e341f Island: Run analytics request asynchronously 2022-08-12 11:49:16 -04:00
Mike Salvatore 0c39268668 Island: Reorder function calls in run_monkey_island() 
Configuration options should be validated before they are used.
 2022-08-12 11:46:16 -04:00
Mike Salvatore 09f6cce6de Island: Collect system info in server_setup.py 
Information about the system (host machine, island, etc.) should be
collected early on and passed to the components that require it.
 2022-08-12 11:45:52 -04:00
Mike Salvatore 1873ce3bfe Island: Rename ex -> err in server_setup.py 2022-08-12 10:55:25 -04:00
vakaris_zilius 5d36b7a981 Island: Remove trailing slashes before registering a URL 
Strict slashes seems to not handle a case when URL is defined with a trailing slash, but request is sent without one. Removing trailing slashes before registering a URL will solve the burden of remembering to register URLS without slashes
 2022-08-12 14:54:28 +00:00
Mike Salvatore dd30b61658 Island: Add missing type hint to _configure_gevent_exception_handling() 2022-08-12 10:50:23 -04:00
Mike Salvatore 2379271c13 Island: Call _configure_gevent_ex_handling from _start_island_server 2022-08-12 10:49:45 -04:00
Mike Salvatore 61cb14d628 Island: Wrap mongo start in _initialize_mongodb_connection() 2022-08-12 10:47:23 -04:00
Mike Salvatore 82c7782ff0
Merge pull request #2188 from guardicore/2165-labda-decoupling 
2165 lambda decoupling
 2022-08-12 10:33:51 -04:00
Mike Salvatore af7eb23bef Island: Reword warning in Version 2022-08-12 10:31:30 -04:00
Mike Salvatore 658607de25 UT: Remove unnecessary wait() from test_version 
Unit tests should not be exposed to the internals of what they are
testing. Furthermore, the `latest_version` and `download` properties
wait for the event to be set, making the extra `wait()` redundant.
 2022-08-12 10:27:53 -04:00
Mike Salvatore 94a25b07b2 Island: Simplify error messages in Version 2022-08-12 10:24:29 -04:00
Mike Salvatore df1b9f0f9c Island: Fix return type hint for Version._get_version_info() 2022-08-12 10:22:22 -04:00
Mike Salvatore 617d101af2 Island: Fix string formatting in _send_analytics() 2022-08-12 10:20:30 -04:00
Mike Salvatore 6dc29e36e2 UT: Fix test_version__request_failed() 2022-08-12 10:16:46 -04:00
Mike Salvatore 2e70b87ee9 Revert "Island, UI: Handle the case when version couldn't be fetched" 
This reverts commit 737070f956.
 2022-08-12 10:15:44 -04:00
Mike Salvatore dc0f865f9b
Merge pull request #2192 from guardicore/2176-initialize-event-queue 
Initialize IEventQueue
 2022-08-12 10:14:20 -04:00
Mike Salvatore 23b96c2a36 Agent: Convert _event_queue from member to local variable 2022-08-12 10:13:36 -04:00
Ilija Lazoroski 21c9ea9d44 Agent: Initialize IEventQueue 2022-08-12 15:31:55 +02:00
Mike Salvatore 74ca26657e
Merge pull request #2189 from guardicore/2176-define-stolen-credentials-event 
2176 define stolen credentials event
 2022-08-12 06:48:16 -04:00
Mike Salvatore b0b0874be9 Common: Modify stolen_credentials description in docstring 2022-08-12 06:47:08 -04:00
Ilija Lazoroski 743d40abab Common: Rename StolenCredentialsEvent to CredentialsStolenEvent 2022-08-12 09:39:04 +02:00