Commit Graph

7923 Commits

Author SHA1 Message Date
Ilija Lazoroski 4de90584c9 Agent: Add Credentials intercepting telemetry messenger 2022-03-29 17:36:48 +02:00
Mike Salvatore eb6342e2f8 Agent: Add public credentials property to CredentialsTelem 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 5060ddb5d1 Agent: Fix logic in concrete Credentials Store 2022-03-29 17:36:48 +02:00
Ilija Lazoroski 162dd0a920 UT: Add Credentials Store tests 2022-03-29 17:36:48 +02:00
Ilija Lazoroski b5d2d1d641 Agent: Implement concrete Credentials Store 2022-03-29 17:36:48 +02:00
Ilija Lazoroski cafbe97880 Agent: Add interface for Credentials Store 2022-03-29 17:36:48 +02:00
Mike Salvatore cf211bc46f
Merge pull request #1824 from guardicore/1604-itelemetrymessenger-in-pbas
Telemetry messenger in PBAs
2022-03-29 11:31:42 -04:00
vakarisz dbbdb508e3 Agent: Change PBA constructor to accept telemetry messenger
This change allows to run different PBA's with different telemetry messengers
2022-03-29 17:04:48 +03:00
Mike Salvatore 6937b1a5c5
Merge pull request #1825 from guardicore/check-supported-os-for-exploiters
Check supported os for exploiters
2022-03-29 09:57:24 -04:00
Mike Salvatore a2e283e824 UT: Update automated_master_config.json 2022-03-29 09:49:43 -04:00
Mike Salvatore 8737a3df89 Agent: Remove disused HostExploiter._TARGET_OS_TYPE 2022-03-29 09:49:43 -04:00
Mike Salvatore ddbe5b463f Agent: Skip exploiter if victim OS is not supported 2022-03-29 09:49:41 -04:00
Shreya Malviya 1c24411b26 Agent: Pass telemetry messenger to PBAs for sending ATT&CK telem 2022-03-29 16:29:24 +03:00
Shreya Malviya 8d4c29fc06 Agent: Fix return types for run_pba in puppets and master 2022-03-29 18:38:25 +05:30
Shreya Malviya 314bc49d1c
Merge pull request #1822 from guardicore/1604-modify-pbas-to-return-postbreachdata
Modify PBAs to return PostBreachData
2022-03-29 18:23:50 +05:30
Shreya Malviya 246a72c940 Agent: Modify comment in shell startup PBA to make more sense 2022-03-29 17:16:17 +05:30
Shreya Malviya 70186a40f6 Agent: Remove comment from function in backdoor user PBA since the code is self-explanatory 2022-03-29 17:13:44 +05:30
vakarisz ba49e4d23e Agent: Small style improvements in PBA code 2022-03-29 14:20:29 +03:00
Shreya Malviya 1f2867a70a Project: Add ProcessListCollection to Vulture's allowlist 2022-03-29 14:20:29 +03:00
Shreya Malviya 61ff95b568 Agent: Modify PBAs to return Iterable[PostBreachData] 2022-03-29 14:20:29 +03:00
Shreya Malviya 778f230589 Agent: Modify remaining PBAs to yield PostBreachData 2022-03-29 14:20:29 +03:00
Shreya Malviya ec2b2beca5 Agent: Modify PBAs to yield PostBreachData instead of returning it
This is done mainly because of the hide files PBA which needs to send
telemetry two times. It also makes more sense to do it this way so that
it's easier to send telemetry multiple times in any PBA.
2022-03-29 14:20:28 +03:00
Shreya Malviya 28ff112872 Agent: Modify hide files PBA to return PostBreachData 2022-03-29 14:20:25 +03:00
Shreya Malviya 8418a5ce77 Agent: Modify modify shell startup files PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 29d40f8e9d Agent: Modify communicates as backdoor user PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 0b2ac96dee Agent: Modify use signed scripts PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 5a8e8850a5 Agent: Modify schedule jobs PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 24ba5e37da Agent: Modify collect running processes PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya ee24538407 Agent: Modify clear command history PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 2e48d9ead9 Agent: Return PostBreachData in PBA's run() instead of sending PostBreachTelem 2022-03-29 14:18:22 +03:00
vakarisz 936b9ead05 Agent: Change post breach telem to use name from data argument 2022-03-29 10:26:00 +00:00
vakarisz 3c853b6625 Agent: Change PostBreachTelemetry to accept post breach data 2022-03-29 10:26:00 +00:00
vakarisz 299a261387 Agent: Refactor puppet and tools to use CONNECTION_TIMEOUT 2022-03-29 06:28:45 +00:00
Mike Salvatore b73c3d10e1 Island: Add a list of supported OSs to exploiters 2022-03-28 20:08:08 -04:00
Mike Salvatore 1ec5be908d
Merge pull request #1819 from guardicore/1612-interruptible-ransomware
1612 interruptible ransomware
2022-03-28 09:15:30 -04:00
vakarisz 0877b0a885 Agent: Load PBA's into puppet 2022-03-28 09:29:31 +00:00
Mike Salvatore f67a455868 Agent: Add comment to Ransomware.encrypt_files() 2022-03-25 13:33:16 -04:00
Mike Salvatore 593095cdcf Agent: Reword a log message in ransomware payload 2022-03-25 13:33:16 -04:00
Mike Salvatore 7047fa0cd0 Agent: Use interruptible_function decorator in ransomware payload 2022-03-25 13:33:16 -04:00
Mike Salvatore 20e3b20cb5 Agent: Add interruptible_function decorator 2022-03-25 13:33:16 -04:00
Mike Salvatore 7c6ba2e276 Agent: Use iterators instead of lists for ransomware file filtering 2022-03-25 13:33:15 -04:00
Mike Salvatore 703dc315bc Agent: Remove disused Plugin abstract class 2022-03-25 08:34:45 -04:00
Mike Salvatore 4316329384 Project: Add strict_slashes to vulture_allowlist 2022-03-25 07:57:54 -04:00
Mike Salvatore f3773ddbaa Agent: Remove disused list_object() function 2022-03-25 07:57:54 -04:00
Mike Salvatore 344530281a Common: Remove disused function get_value_from_dict() 2022-03-25 07:57:54 -04:00
Mike Salvatore bb854d2daf Island: Remove disused GROUPTYPE constant 2022-03-25 07:57:54 -04:00
Mike Salvatore a1d08abe19 Project: Rename EXPLOITED_* to PROPAGATED_*
These states were renamed in 5e3829aab and 2c8aef6d8
2022-03-25 07:57:54 -04:00
Mike Salvatore 9c64ee592f Island: Remove disused NodeCreationException 2022-03-25 07:57:54 -04:00
Mike Salvatore 4e489ad62b
Merge pull request #1814 from guardicore/1801-fix-blackbox-tests
1801 fix blackbox tests
2022-03-25 07:18:22 -04:00
Shreya Malviya 5bc961d715
Merge pull request #1815 from guardicore/1604-remove-pba-plugin-dependency
Remove PBA's Plugin dependency + add display_name to PostBreachData
2022-03-25 14:29:51 +05:30