Commit Graph

6417 Commits

Author SHA1 Message Date
Shreya Malviya d6f91e45f7 swimm: update exercise Add details about your new PBA JFXftJml8DpmuCPBA9rL 2021-09-24 17:35:36 +05:30
Shreya Malviya a857d291d8 CHANGELOG: Add entry for modifying ATT&CK report messages 2021-09-24 17:32:17 +05:30
Shreya Malviya 85e54419f3 tests: Extract mocking to an autouse, function-scoped fixture to reduce
code in test_technique_reports.py
2021-09-24 17:23:59 +05:30
Shreya Malviya 6f903bd8f1 tests: Use enums for expected msgs for better readibility in
test_technique_reports.py
2021-09-24 17:12:03 +05:30
Shreya Malviya aff2bad777 tests: Move some code around in test_technique_reports.py so it's easier
to read
2021-09-24 16:42:04 +05:30
Shreya Malviya 90f3cff3cd tests: Add unit tests for `get_message_by_status()` in
monkey_island\cc\services\attack\technique_reports\__init__.py
2021-09-24 16:33:57 +05:30
VakarisZ ace60052da Alter usages of telemetry collection in report to store/fetch system info telemetry using the Telemetry model
This is required to automatically encrypt/decrypt the telemetries and it's a good practice to have a DAL for telemetries
2021-09-24 13:31:26 +03:00
VakarisZ e6ad125be9 Change the telemetry model to have a method for fetching the telemetries based on queries.
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
VakarisZ 3781095f25 Change the mock database name to "db", because all of the codebase is using this database.
This change enables us to write unit tests without the need to patch the the database name in all of the mongo queries that look like "mongo.db.collection"
2021-09-24 13:31:26 +03:00
VakarisZ 1ab0fe7b13 Add Telemetry model 2021-09-24 13:31:26 +03:00
VakarisZ 989d0ffd84 Add unit tests for telemetry model 2021-09-24 13:31:26 +03:00
VakarisZ b2db5e77c4 Change test_string_list_encryptor.py to re-use fixture "uses_encryptor" rather than implementing the same fixture locally 2021-09-24 13:31:23 +03:00
VakarisZ 854ce4e1e1 Refactor DocumentEncryptor class into a series of methods.
DocumentEncryptor class serves no purpose because it holds no state, sensitive_fields can be passed as a parameter to methods
2021-09-24 13:30:28 +03:00
VakarisZ f3865d022b Change mongomock_fixtures.py to drop the whole database instead of specified collections.
This makes it easier to add new database related tests, because we no longer need to modify the mongomock_fixtures.py to also drop a particular collection we are testing.
2021-09-24 13:30:27 +03:00
VakarisZ f1c7cf4047 Generalize report_encryptor.py into document_encryptor.py and extract the sensitive fields to report_encryptor.py 2021-09-24 13:30:27 +03:00
Shreya Malviya f2470bb0e9 tests: Add unit test for `get_config_schema_per_attack_technique()` in
config_schema_per_attack_technique.py
2021-09-24 15:52:34 +05:30
Shreya Malviya f3da34e969 island: Use dict's `setdefault()` to shorten
`_add_config_field_to_reverse_schema()` in
config_schema_per_attack_technique.py
2021-09-24 15:24:58 +05:30
Shreya Malviya 4a65ac37ef island: Use dict's `get()` method to shorten
`get_config_schema_per_attack_technique()` in
config_schema_per_attack_technique.py
2021-09-24 12:30:11 +05:30
Mike Salvatore 089158a976 Agent: Remove editable pyspnego degendency
pyspnego v0.2.0 has been released, so we no longer need to specify a git
commit hash in order to get the correct version.
2021-09-23 14:14:32 -04:00
Mike Salvatore 1996387cc5 Remove unnecessary # noqa: E402 from __init__.py files 2021-09-23 13:39:48 -04:00
Mike Salvatore f0a2a43d51 Remove unnecessary # noqa: F401 from __init__.py files 2021-09-23 13:38:47 -04:00
Mike Salvatore 8b7cb9c0b1
Merge pull request #1481 from guardicore/1471/merge-encryptions
Refactor encryptors
2021-09-23 13:38:00 -04:00
Ilija Lazoroski e2ede28967 Island: Rename get_encryptor and initialize_encryptor
Renamed to get_datastore_encryptor and
initialize_datastore_encryptor
2021-09-23 19:04:22 +02:00
Ilija Lazoroski e0779347b2 Island: Add all imports from encryption to __init__
Now the imports are shorter by one directory.
Check the __init__ in encryption.
2021-09-23 19:00:13 +02:00
Ilija Lazoroski 071a4eb1a7 Island: Add IEncryptor to __init__
Dnt abbrev in PassworBasedEncryptor and KeyBasedEncryptor
Add comment for review and evaluate the padding function
2021-09-23 17:52:15 +02:00
Shreya Malviya 2cc00205f1 island: Modify ATT&CK report messages to mention reasons
1. not run on relevant system
2. relevant config options were disabled
2021-09-23 16:39:05 +05:30
Ilija Lazoroski 1b91616778 Island: Add explanation for KBE and PBE
KeyBasedEncryptor and PasswordBasedEncryptor
2021-09-23 12:44:05 +02:00
Ilija Lazoroski a661dc4fe6 Island: Refactor encryptors
All encryptors are moved to server_utils/encryption.
They were renamed according to the class name.
Everywhere that we had use the encryptors I have updated the names.
Unit tests are also moved to UTs server_utils/encryption.
2021-09-22 22:48:13 +02:00
Ilija Lazoroski 803d1c910f Island: Separate password and key encryption 2021-09-22 18:10:16 +02:00
Shreya Malviya f730e75cc8 island: Change `pass` to `...` for abstract properties in
cc/services/attack/technique_reports/

See https://stackoverflow.com/a/58321197/10629482.
2021-09-22 19:21:20 +05:30
Shreya Malviya b0b0f515d0 island: Add abstract property `relevant_systems` to AttackTechnique and declare it for all techniques left 2021-09-22 19:15:06 +05:30
Shreya Malviya 8e733a8440 island: Add `relevant_systems` property to attack techniques that run on
specific systems

And remove hardcoded "since it didn't run on any ... systems" from the unscanned
message for those techniques
2021-09-22 18:30:35 +05:30
Shreya Malviya 9564fb1aaa island: Move T1216's details from T1216.py to attack_schema.py so that it's
shown in the config instead of the ATT&CK report
2021-09-22 18:23:17 +05:30
Mike Salvatore 380d0ee74f
Merge pull request #1479 from guardicore/1476/upgrade-python-deps
Update Python dependencies
2021-09-22 08:30:13 -04:00
Mike Salvatore 67b23c42bf Tests: Simplify test names in test_string_list_encryptor.py 2021-09-22 07:44:54 -04:00
Shreya Malviya ba2207b21d island: Remove unneeded function to get reverse schema 2021-09-22 16:16:46 +05:30
Shreya Malviya f9e994d8f8 island: Update doc link for PowerShell exploiter 2021-09-22 16:13:34 +05:30
Shreya Malviya 836069ab11 island: Change config schema definitions' titles to title case and so
they make more sense
2021-09-22 16:10:13 +05:30
Shreya Malviya 26b0793331 island: Add code to create reverse schema i.e. each attack technique
mapped to its config fields
2021-09-22 15:53:52 +05:30
Ilija Lazoroski 71d0cccdba Island: Update boto3, botocore and awscli
botocore is dependency of boto3 which is
then dependency of awscli.
2021-09-22 11:26:47 +02:00
Ilija Lazoroski 57bce38661 Agent: Upgrade urllib3 to 1.26.5
It should work because all the deps are
there.
2021-09-22 11:23:07 +02:00
VakarisZ ba4aabb67f
Merge pull request #1477 from guardicore/report_encryption
Report encryption
2021-09-22 11:48:22 +03:00
VakarisZ 88f3a2b9ca Add unit tests for string list encryptor 2021-09-22 10:23:41 +03:00
VakarisZ a1c0af4257 Improve readability and test empty list in test_report_model.py 2021-09-22 10:21:48 +03:00
Mike Salvatore 627a31c902 Island: Remove string_encryptor.py 2021-09-21 13:58:16 -04:00
Mike Salvatore 2ddd369afd Island: Move encode/decode dot mongo functions to Report model 2021-09-21 13:58:14 -04:00
Mike Salvatore f662369a07 Tests: Decouple test_report_model.py from StringListEncryptor 2021-09-21 12:51:55 -04:00
Mike Salvatore 13ba0b9091 Island: Rename FieldType to FieldEncryptor
* Switch FieldTypeABC from abstract class to interface, since there's no
  intention of ever implementing FieldTypeABC's methods.

* Rename FieldTypeABC to IFieldEncryptor and rename StringList to
  StringListEncryptor.
2021-09-21 12:30:35 -04:00
Mike Salvatore 96ac13c579
Merge pull request #1478 from guardicore/powershell-pth-on-windows
Powershell pth on windows
2021-09-21 08:14:45 -04:00
VakarisZ 5077d84269 Change report service to use report model.
Because report saving/fetching happens through model, model can encrypt/decrypt sensitive data
2021-09-21 10:45:39 +03:00