Commit Graph

171 Commits

Author SHA1 Message Date
VakarisZ f5c8db979f Project: remove remaining sambacry exploiter references in performance.py config template, vulture_allowlist.py and monkey_config_standard.json unit test data file 2021-11-10 15:44:05 +02:00
Shreya Malviya ee79ea0a9d Project: Remove variable 'VSFTPD' from Vulture's allowlist 2021-10-29 18:15:38 +05:30
VakarisZ 8b9ddb0c4b Removed unnecessary vulture ignores from whitelist 2021-09-28 11:04:42 +03:00
VakarisZ e6ad125be9 Change the telemetry model to have a method for fetching the telemetries based on queries.
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
VakarisZ c7e91c5784 Add report model and a unit test for it's encryption 2021-09-21 10:39:39 +03:00
Mike Salvatore 805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Mike Salvatore 8aedc2c391 Agent: Add pyinstaller hooks for pypsrp 2021-08-25 14:44:31 -04:00
Ilija Lazoroski 5cee9443ff Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00
Shreya Malviya b6c3623e74 agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting') 2021-08-24 13:15:47 +05:30
VakarisZ 2b71fb80c7 Fixed missing powershell exploiter report components. 2021-08-24 11:40:39 +05:30
VakarisZ 9966c54fe2 Added powershell remoting exploiter. 2021-08-24 11:40:39 +05:30
VakarisZ 91ca828c72 Monkey: add launch time to the monkey collection
Launch time is needed if we want to tell the user when exactly the exploit occurred/monkey got run
2021-07-26 11:28:40 +03:00
Ilija Lazoroski 81a8ccf673 Island: Return empty post status for island mode 2021-07-13 10:25:48 -04:00
Mike Salvatore 96fc33025e Island: Redirect gevent tracebacks to file and log exceptions
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.

Fixes #859
2021-07-06 08:39:30 -04:00
Mike Salvatore 01b9c41c6e Remove mock_home_env() from vulture_allowlist.py 2021-07-02 18:59:24 -04:00
Mike Salvatore 6307606010 Remove get_files_to_encrypt from Vulture's allow list 2021-06-23 07:14:57 -04:00
Shreya 5b64ea5151 agent: ransomware: Iterate through files in directory and get list of files to encrypt 2021-06-22 19:30:44 +05:30
VakarisZ fc1f12c24d Implemented safety check on import. 2021-06-03 17:02:12 +03:00
VakarisZ 9fcfaac781 Improved exceptions thrown in configuration decryption and unit tests. 2021-06-03 17:01:56 +03:00
Shreya 52b57a7166 Have Vulture skip tests/ instead of tests/unit_tests/ 2021-06-03 11:57:44 +05:30
Shreya b69c1c531a Rename vulture_whitelist.py -> vultue_allowlist.py 2021-06-02 13:08:37 +05:30