Shreya Malviya
778f230589
Agent: Modify remaining PBAs to yield PostBreachData
2022-03-29 14:20:29 +03:00
Shreya Malviya
ec2b2beca5
Agent: Modify PBAs to yield PostBreachData instead of returning it
...
This is done mainly because of the hide files PBA which needs to send
telemetry two times. It also makes more sense to do it this way so that
it's easier to send telemetry multiple times in any PBA.
2022-03-29 14:20:28 +03:00
Shreya Malviya
28ff112872
Agent: Modify hide files PBA to return PostBreachData
2022-03-29 14:20:25 +03:00
Shreya Malviya
8418a5ce77
Agent: Modify modify shell startup files PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
29d40f8e9d
Agent: Modify communicates as backdoor user PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
0b2ac96dee
Agent: Modify use signed scripts PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
5a8e8850a5
Agent: Modify schedule jobs PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
24ba5e37da
Agent: Modify collect running processes PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
ee24538407
Agent: Modify clear command history PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
2e48d9ead9
Agent: Return PostBreachData in PBA's run() instead of sending PostBreachTelem
2022-03-29 14:18:22 +03:00
vakarisz
936b9ead05
Agent: Change post breach telem to use name from data argument
2022-03-29 10:26:00 +00:00
vakarisz
3c853b6625
Agent: Change PostBreachTelemetry to accept post breach data
2022-03-29 10:26:00 +00:00
vakarisz
299a261387
Agent: Refactor puppet and tools to use CONNECTION_TIMEOUT
2022-03-29 06:28:45 +00:00
Mike Salvatore
b73c3d10e1
Island: Add a list of supported OSs to exploiters
2022-03-28 20:08:08 -04:00
Mike Salvatore
1ec5be908d
Merge pull request #1819 from guardicore/1612-interruptible-ransomware
...
1612 interruptible ransomware
2022-03-28 09:15:30 -04:00
vakarisz
0877b0a885
Agent: Load PBA's into puppet
2022-03-28 09:29:31 +00:00
Mike Salvatore
f67a455868
Agent: Add comment to Ransomware.encrypt_files()
2022-03-25 13:33:16 -04:00
Mike Salvatore
593095cdcf
Agent: Reword a log message in ransomware payload
2022-03-25 13:33:16 -04:00
Mike Salvatore
7047fa0cd0
Agent: Use interruptible_function decorator in ransomware payload
2022-03-25 13:33:16 -04:00
Mike Salvatore
20e3b20cb5
Agent: Add interruptible_function decorator
2022-03-25 13:33:16 -04:00
Mike Salvatore
7c6ba2e276
Agent: Use iterators instead of lists for ransomware file filtering
2022-03-25 13:33:15 -04:00
Mike Salvatore
703dc315bc
Agent: Remove disused Plugin abstract class
2022-03-25 08:34:45 -04:00
Mike Salvatore
4316329384
Project: Add strict_slashes to vulture_allowlist
2022-03-25 07:57:54 -04:00
Mike Salvatore
f3773ddbaa
Agent: Remove disused list_object() function
2022-03-25 07:57:54 -04:00
Mike Salvatore
344530281a
Common: Remove disused function get_value_from_dict()
2022-03-25 07:57:54 -04:00
Mike Salvatore
bb854d2daf
Island: Remove disused GROUPTYPE constant
2022-03-25 07:57:54 -04:00
Mike Salvatore
a1d08abe19
Project: Rename EXPLOITED_* to PROPAGATED_*
...
These states were renamed in 5e3829aab
and 2c8aef6d8
2022-03-25 07:57:54 -04:00
Mike Salvatore
9c64ee592f
Island: Remove disused NodeCreationException
2022-03-25 07:57:54 -04:00
Mike Salvatore
4e489ad62b
Merge pull request #1814 from guardicore/1801-fix-blackbox-tests
...
1801 fix blackbox tests
2022-03-25 07:18:22 -04:00
Shreya Malviya
5bc961d715
Merge pull request #1815 from guardicore/1604-remove-pba-plugin-dependency
...
Remove PBA's Plugin dependency + add display_name to PostBreachData
2022-03-25 14:29:51 +05:30
Shreya Malviya
dda922d06f
Agent: Add display_name to PostBreachData
2022-03-25 13:09:10 +05:30
Shreya Malviya
196f814860
Agent: Remove PBA's dependency on Plugin
2022-03-25 12:54:03 +05:30
Ilija Lazoroski
db03ac3dd9
Agent: Use random binary destination path for Hadoop
2022-03-24 14:59:51 -04:00
Mike Salvatore
8d4edca419
Merge pull request #1813 from guardicore/1801-fix-failure-quitting-tunnel
...
1801 fix failure quitting tunnel
2022-03-24 14:57:24 -04:00
Mike Salvatore
35923c1eb1
BB: Reduce the timeouts for tunneling tests
2022-03-24 13:43:04 -04:00
vakarisz
a92a8af96b
BB: Remove smb-20 machine
2022-03-24 13:08:30 -04:00
Mike Salvatore
b3b5707a45
Agent: Convert dest_path to str before performing comparison
2022-03-24 12:51:07 -04:00
Mike Salvatore
8aad5b16d5
Agent: Fix tunnel address parsing in _close_tunnel()
...
The current proxy schema specifies that tunnels start with "http://",
not "https://". This lead to a bug in the tunnel address parsing which
prevented the tunnel from being quit properly.
2022-03-24 12:27:22 -04:00
Mike Salvatore
ef134be044
Agent: Remove default servers from WormConfiguration.command_servers
...
In my 16 months working on this project, the default server included in
WormConfiguration.command_servers has never had a Monkey Island running
on it. This adds a 30 second delay to each hop in the tunneling test as
the agent attempts to contact this bogus IP. Removing it speeds up
propagation and also avoids unintended consequences if a user has a
different service running on 192.0.2.0:5000.
2022-03-24 11:10:22 -04:00
Mike Salvatore
996f2b3c7a
Agent: Fix unnecessary waiting in MonkeyTunnel
...
The monkey tunnel only needs to wait before closing if propagation was
successful. Previously, it waited before closing if any exploiter was
run.
PR: #1811
2022-03-24 11:05:05 -04:00
Mike Salvatore
2471eb6762
Merge pull request #1810 from guardicore/1782-log4shell
...
1782 log4shell
2022-03-24 10:50:46 -04:00
vakaris_zilius
25c7696300
Agent: Change typehints of agent destination path to PurePath
2022-03-24 14:47:07 +00:00
vakaris_zilius
49d3433ade
Agent: Change to more specific typehint in helpers.py
2022-03-24 14:36:20 +00:00
Shreya Malviya
cb51394439
BB: Add relevant TCP ports to PowerShell config template
2022-03-24 18:43:52 +05:30
Mike Salvatore
707c79ab21
Agent: Reduce proxy timeouts from 30 to 10 seconds
...
Stopping the agent is delayed by these timeouts. Reducing them allows
the agent to stop more rapidly on average.
Fixes #1372
2022-03-24 08:37:03 -04:00
vakaris_zilius
087027b20c
Agent: Change WMI exploiter to use random agent name
2022-03-24 07:25:46 -04:00
vakaris_zilius
1436be6428
Agent: Fix propagation success toggle in log4shell
...
Propagation will only be marked successful if the agent got downloaded, not if the java class got downloaded
2022-03-24 10:39:41 +00:00
vakaris_zilius
90b4038c14
Agent: Use random agent name in log4shell exploiter
2022-03-24 10:37:57 +00:00
vakaris_zilius
dc2a63475b
Agent: Fix incorrect monkey destination path bug
...
This bug happened because Path will always cast path to current OS path and if target OS is different the path won't work. By explicitly casting the path to target OS type we get a path for target OS
2022-03-24 10:31:41 +00:00
Shreya Malviya
8ad31593b1
Merge pull request #1803 from guardicore/1788-powershell-ssl-detection
...
PowerShell SSL detection
2022-03-24 13:28:10 +05:30