Ilija Lazoroski
4de90584c9
Agent: Add Credentials intercepting telemetry messenger
2022-03-29 17:36:48 +02:00
Mike Salvatore
eb6342e2f8
Agent: Add public credentials property to CredentialsTelem
2022-03-29 17:36:48 +02:00
Ilija Lazoroski
5060ddb5d1
Agent: Fix logic in concrete Credentials Store
2022-03-29 17:36:48 +02:00
Ilija Lazoroski
162dd0a920
UT: Add Credentials Store tests
2022-03-29 17:36:48 +02:00
Ilija Lazoroski
b5d2d1d641
Agent: Implement concrete Credentials Store
2022-03-29 17:36:48 +02:00
Ilija Lazoroski
cafbe97880
Agent: Add interface for Credentials Store
2022-03-29 17:36:48 +02:00
Mike Salvatore
cf211bc46f
Merge pull request #1824 from guardicore/1604-itelemetrymessenger-in-pbas
...
Telemetry messenger in PBAs
2022-03-29 11:31:42 -04:00
vakarisz
dbbdb508e3
Agent: Change PBA constructor to accept telemetry messenger
...
This change allows to run different PBA's with different telemetry messengers
2022-03-29 17:04:48 +03:00
Mike Salvatore
6937b1a5c5
Merge pull request #1825 from guardicore/check-supported-os-for-exploiters
...
Check supported os for exploiters
2022-03-29 09:57:24 -04:00
Mike Salvatore
a2e283e824
UT: Update automated_master_config.json
2022-03-29 09:49:43 -04:00
Mike Salvatore
8737a3df89
Agent: Remove disused HostExploiter._TARGET_OS_TYPE
2022-03-29 09:49:43 -04:00
Mike Salvatore
ddbe5b463f
Agent: Skip exploiter if victim OS is not supported
2022-03-29 09:49:41 -04:00
Shreya Malviya
1c24411b26
Agent: Pass telemetry messenger to PBAs for sending ATT&CK telem
2022-03-29 16:29:24 +03:00
Shreya Malviya
8d4c29fc06
Agent: Fix return types for run_pba in puppets and master
2022-03-29 18:38:25 +05:30
Shreya Malviya
314bc49d1c
Merge pull request #1822 from guardicore/1604-modify-pbas-to-return-postbreachdata
...
Modify PBAs to return PostBreachData
2022-03-29 18:23:50 +05:30
Shreya Malviya
246a72c940
Agent: Modify comment in shell startup PBA to make more sense
2022-03-29 17:16:17 +05:30
Shreya Malviya
70186a40f6
Agent: Remove comment from function in backdoor user PBA since the code is self-explanatory
2022-03-29 17:13:44 +05:30
vakarisz
ba49e4d23e
Agent: Small style improvements in PBA code
2022-03-29 14:20:29 +03:00
Shreya Malviya
1f2867a70a
Project: Add ProcessListCollection to Vulture's allowlist
2022-03-29 14:20:29 +03:00
Shreya Malviya
61ff95b568
Agent: Modify PBAs to return Iterable[PostBreachData]
2022-03-29 14:20:29 +03:00
Shreya Malviya
778f230589
Agent: Modify remaining PBAs to yield PostBreachData
2022-03-29 14:20:29 +03:00
Shreya Malviya
ec2b2beca5
Agent: Modify PBAs to yield PostBreachData instead of returning it
...
This is done mainly because of the hide files PBA which needs to send
telemetry two times. It also makes more sense to do it this way so that
it's easier to send telemetry multiple times in any PBA.
2022-03-29 14:20:28 +03:00
Shreya Malviya
28ff112872
Agent: Modify hide files PBA to return PostBreachData
2022-03-29 14:20:25 +03:00
Shreya Malviya
8418a5ce77
Agent: Modify modify shell startup files PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
29d40f8e9d
Agent: Modify communicates as backdoor user PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
0b2ac96dee
Agent: Modify use signed scripts PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
5a8e8850a5
Agent: Modify schedule jobs PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
24ba5e37da
Agent: Modify collect running processes PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
ee24538407
Agent: Modify clear command history PBA to return PostBreachData
2022-03-29 14:18:22 +03:00
Shreya Malviya
2e48d9ead9
Agent: Return PostBreachData in PBA's run() instead of sending PostBreachTelem
2022-03-29 14:18:22 +03:00
vakarisz
936b9ead05
Agent: Change post breach telem to use name from data argument
2022-03-29 10:26:00 +00:00
vakarisz
3c853b6625
Agent: Change PostBreachTelemetry to accept post breach data
2022-03-29 10:26:00 +00:00
vakarisz
299a261387
Agent: Refactor puppet and tools to use CONNECTION_TIMEOUT
2022-03-29 06:28:45 +00:00
Mike Salvatore
b73c3d10e1
Island: Add a list of supported OSs to exploiters
2022-03-28 20:08:08 -04:00
Mike Salvatore
1ec5be908d
Merge pull request #1819 from guardicore/1612-interruptible-ransomware
...
1612 interruptible ransomware
2022-03-28 09:15:30 -04:00
vakarisz
0877b0a885
Agent: Load PBA's into puppet
2022-03-28 09:29:31 +00:00
Mike Salvatore
f67a455868
Agent: Add comment to Ransomware.encrypt_files()
2022-03-25 13:33:16 -04:00
Mike Salvatore
593095cdcf
Agent: Reword a log message in ransomware payload
2022-03-25 13:33:16 -04:00
Mike Salvatore
7047fa0cd0
Agent: Use interruptible_function decorator in ransomware payload
2022-03-25 13:33:16 -04:00
Mike Salvatore
20e3b20cb5
Agent: Add interruptible_function decorator
2022-03-25 13:33:16 -04:00
Mike Salvatore
7c6ba2e276
Agent: Use iterators instead of lists for ransomware file filtering
2022-03-25 13:33:15 -04:00
Mike Salvatore
703dc315bc
Agent: Remove disused Plugin abstract class
2022-03-25 08:34:45 -04:00
Mike Salvatore
4316329384
Project: Add strict_slashes to vulture_allowlist
2022-03-25 07:57:54 -04:00
Mike Salvatore
f3773ddbaa
Agent: Remove disused list_object() function
2022-03-25 07:57:54 -04:00
Mike Salvatore
344530281a
Common: Remove disused function get_value_from_dict()
2022-03-25 07:57:54 -04:00
Mike Salvatore
bb854d2daf
Island: Remove disused GROUPTYPE constant
2022-03-25 07:57:54 -04:00
Mike Salvatore
a1d08abe19
Project: Rename EXPLOITED_* to PROPAGATED_*
...
These states were renamed in 5e3829aab
and 2c8aef6d8
2022-03-25 07:57:54 -04:00
Mike Salvatore
9c64ee592f
Island: Remove disused NodeCreationException
2022-03-25 07:57:54 -04:00
Mike Salvatore
4e489ad62b
Merge pull request #1814 from guardicore/1801-fix-blackbox-tests
...
1801 fix blackbox tests
2022-03-25 07:18:22 -04:00
Shreya Malviya
5bc961d715
Merge pull request #1815 from guardicore/1604-remove-pba-plugin-dependency
...
Remove PBA's Plugin dependency + add display_name to PostBreachData
2022-03-25 14:29:51 +05:30