Commit Graph

5664 Commits

Author SHA1 Message Date
Mike Salvatore af5fd8ac9d Docs: Minor wording change to ransomware description 2021-06-30 06:47:09 -04:00
Shreya aecb80566b cc: Reword ransomware configuration fields' descriptions 2021-06-30 13:43:06 +05:30
Shreya 619695d5bc agent: Rename `self.should_encrypt` to `self.encryption_enabled` in ransomware payload 2021-06-30 13:34:38 +05:30
Shreya 560cfb5948 docs: Do slight rewording in ransomware's README section 2021-06-30 12:36:35 +05:30
Shreya Malviya 8a902cd2b6
docs: Modify README portion of ransomware docs
Give more context. Explain how a ransomware attack usually does this.

Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-06-30 12:26:55 +05:30
Shreya 392ece29a0 tests: Modify/add tests for ransomware payload as per ransomware config schema changes 2021-06-29 14:02:02 -04:00
Shreya a1efd915b1 cc: Fix grammar in ransomware config schema 2021-06-29 13:52:37 -04:00
Shreya 4035d9d213 agent: Modify ransomware payload to work with modified ransomware config schema 2021-06-29 13:52:26 -04:00
Shreya 13a94804b4 cc: Add checkbox for ransomware encryption 2021-06-29 13:51:29 -04:00
Mike Salvatore 6301ec9d14 agent: Add a log message when ransomware leaves a README.txt 2021-06-29 13:39:00 -04:00
Ilija Lazoroski 96cf8fc052 agent: Add missing space in build_monkey_commandline 2021-06-29 18:03:23 +02:00
Mike Salvatore d87b8ae4a7 agent: Fix typo RansomewarePayload -> RansomwarePayload 2021-06-29 12:00:49 -04:00
Mike Salvatore 32a0a41c21 Agent: Add content to ransomware README.txt file 2021-06-29 11:51:23 -04:00
Mike Salvatore f027ad6d1b Agg ransomware simulation to CHANGELOG 2021-06-29 11:48:07 -04:00
Mike Salvatore 355136ae35 Merge branch 'add-fields-to-file-encryption-telemetry' into develop 2021-06-29 11:44:09 -04:00
Mike Salvatore 8ad822397c Merge branch 'rename-ransomware-telem' into develop 2021-06-29 11:40:19 -04:00
Mike Salvatore 6a67626bc3 Merge branch 'ransomware-readme-behavior' into develop 2021-06-29 11:31:57 -04:00
Mike Salvatore 92be6e72c2 Island: Fix casing on README.TXT 2021-06-29 11:03:55 -04:00
Mike Salvatore b312c11f44 Agent: Leave a README.txt in ransomware target dir if it's configured 2021-06-29 11:03:55 -04:00
Mike Salvatore 23b85acdfc Agent: Add placeholder README file for ransomware simulation 2021-06-29 11:03:48 -04:00
Mike Salvatore d9366a599b
Merge pull request #1272 from guardicore/batchable-telemetry
Batchable telemetry
2021-06-29 10:35:23 -04:00
Mike Salvatore 8281a9d738 agent: Add docstring to IBatchableTelem 2021-06-29 10:34:43 -04:00
Mike Salvatore f8579300b3 Revert "Add keywords to arguments that create RansomwarePayload in monkey.py"
This reverts commit e34599779b.
2021-06-29 09:55:29 -04:00
Mike Salvatore 7e7d46d4e7 agent: Improve description in BatchableTelemMixin docstring 2021-06-29 09:53:32 -04:00
Mike Salvatore 444a18d57a agent: Fix parameter descriptions in FileEncryptionTelem docstring 2021-06-29 08:15:39 -04:00
Mike Salvatore d5a26ca6eb agent: Refactor BatchingTelemetryMessenger tests to destroy threads 2021-06-29 07:48:18 -04:00
Mike Salvatore 8cf316b64a agent: Refactor telemetry processing in BatchingTelemetryMessenger
We need to ensure when a BatchingTelemetryMessenger stops, all remaining
telemetries in its queue are sent. The existing logic does this, but
this commit improves the readability and intent of the code, as well as
adds a test for this condition.
2021-06-29 07:36:49 -04:00
Mike Salvatore 9d3d4611dc agent: Define _manage_telemetry_batches_thread in __init_() 2021-06-29 06:38:56 -04:00
Mike Salvatore 60c12127e3
Merge pull request #1271 from guardicore/ransomware-logging
Ransomware logging
2021-06-29 06:19:49 -04:00
VakarisZ a454449cca Do small readability changes in batching_telemetry_messenger.py 2021-06-29 12:09:26 +03:00
Shreya 949a52741b docs: Add link to ransomware simulations's README.txt file 2021-06-29 13:58:01 +05:30
Shreya 5b05e6224d docs: Modify ransomware page to include info about README.txt file 2021-06-29 13:58:02 +05:30
VakarisZ e34599779b Add keywords to arguments that create RansomwarePayload in monkey.py 2021-06-29 09:14:43 +03:00
Mike Salvatore 04b2ac6bd9 Don't normalize line endings in ransomware_targets test data
On Windows, git will normalize the line endings of .txt (and other)
files to crlf instead of lf. This is useful for many files, but the
ransomware_target files need unmodified when they are checked out.

By adding an exception in .gitattributes, the files in
monkey/tests/data_for_tests/ransomware_targets are not modified on
windows.
2021-06-28 20:52:42 -04:00
Mike Salvatore f7f60be632 Merge branch 'ransomware_readme_config_option' into develop 2021-06-28 14:57:18 -04:00
Mike Salvatore f8411d3c92 Island: Rename ransomware config "notifications" section 2021-06-28 13:50:45 -04:00
Mike Salvatore d7991eb06b
Merge pull request #1270 from guardicore/secure-custom-pba-dir
Create secure custom PBA directory on Windows
2021-06-28 13:48:17 -04:00
Mike Salvatore dbd6dedb95 agent: Add explicit "success" field to FileEncryptionTelem 2021-06-28 13:37:00 -04:00
Mike Salvatore c1af3f8165 agent: Fix failing ransomware test on Windows 2021-06-28 13:31:28 -04:00
Mike Salvatore df1f3cda78 agent: Add explicit fields to FileEncryptionTelem 2021-06-28 13:30:53 -04:00
Mike Salvatore 49eb1cd996 agent: Rename RansomwareTelem -> FileEncryptionTelem
Ransomware will soon do more than just encrypt files. We should give the
telemetry that's related to encrypting files a more descriptive name
that better describes what it is reporting.
2021-06-28 13:20:30 -04:00
shreyamalviya 37a73440af tests: Add extra line in tests/monkey_island/utils.py to pass formatting checks 2021-06-28 22:43:25 +05:30
Mike Salvatore 543f0031a2 agent: Fully flush BatchingTelemetryMessenger queue before stopping 2021-06-28 12:34:24 -04:00
Mike Salvatore 7e3eef90cb agent: Rename get_telemetry_entries() -> get_telemetry_batch() 2021-06-28 12:27:32 -04:00
Mike Salvatore 2f62a14fbf agent: Remove start/stop from BatchingTelemetryMessenger
My original plan was to start a thread in __init__() and stop the thread
when __del__() was called. Since the running thread (object) contains a
reference to the BatchingTelemetryMessenger object that launched it, the
destructor will not be called until the thread is stopped. This
resulted in adding a stop() method (fadd978) followed by adding a
start() method (1d066c8e).

By using an inner class to run the thread, we enable the class to be
used as originally intended, reducing the burden on the user of this
class. The thread is now started on construction and stopped on
destruction. The user can remain blissfully unaware that anything
resembling threading is going in, and can use the
BatchingTelemetryMessenger just like any other ITelemetryMessenger.
2021-06-28 12:21:57 -04:00
Mike Salvatore 1d066c8e6d agent: Add explicit start to BatchingTelemetryMessenger
My original plan was to start a thread in __init__() and stop the thread
when __del__() was called. Since the running thread (object) contains a
reference to the BatchingTelemetryMessenger object that launched it, the
destructor will not be called until the thread is stopped. Therefore, a
stop() was added to allow the BatchingTelemetryMessenger to be stopped.
Since it has an explicit stop, it should also have an explicit start,
rather than starting the thread in the constructor.
2021-06-28 12:05:57 -04:00
Mike Salvatore 0a9c98f061 agent: Rename _run_batch_thread -> _should_run_batch_thread 2021-06-28 11:33:06 -04:00
Mike Salvatore be6e76757d agent: Move telemetry messenger construction out of "try" 2021-06-28 11:25:13 -04:00
Mike Salvatore 13c9e41a4c agent: Extract default period to constant 2021-06-28 11:15:46 -04:00
shreyamalviya 3bea4bb86f tests: Refactor duplicate code for checking secure Windows permissions 2021-06-28 20:23:03 +05:30