Skip to content

Commit

Permalink
Merge branch 'release/1.12.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
mssalvatore committed Oct 29, 2021
2 parents 0773016 + 230ca3f commit 67c87e0
Show file tree
Hide file tree
Showing 358 changed files with 15,144 additions and 21,285 deletions.
1 change: 1 addition & 0 deletions .flake8
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ exclude = monkey/monkey_island/cc/ui,vulture_allowlist.py
show-source = True
max-complexity = 10
max-line-length = 100
per-file-ignores = __init__.py:F401

### ignore "whitespace before ':'", "line break before binary operator" for
### compatibility with black, and cyclomatic complexity (for now).
Expand Down
3 changes: 0 additions & 3 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
path = monkey/monkey_island/cc/services/attack/attack_data
url = https://github.com/guardicore/cti
[submodule "docs/themes/learn"]
path = docs/themes/learn
url = https://github.com/guardicode/hugo-theme-learn.git
4 changes: 0 additions & 4 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,6 @@ repos:
files: "monkey/"
exclude: "monkey/monkey_island/cc/ui"
stages: [push]
- repo: https://github.com/swimmio/pre-commit
rev: v0.2
hooks:
- id: swimm-verify
- repo: https://github.com/jendrikseipp/vulture
rev: v2.3
hooks:
Expand Down
16 changes: 8 additions & 8 deletions .swm/JFXftJml8DpmuCPBA9rL.swm
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,6 @@
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"comments": [],
"firstLineNumber": 56,
"lines": [
" \"Removes the file afterwards.\",",
" \"attack_techniques\": [\"T1166\"],",
Expand All @@ -26,27 +23,30 @@
"+ # Swimmer: ADD DETAILS HERE!",
"* \"type\": \"string\",",
"* \"enum\": [\"ScheduleJobs\"],",
"* \"title\": \"Job scheduling\",",
"* \"title\": \"Job Scheduling\",",
"* \"safe\": True,",
"* \"info\": \"Attempts to create a scheduled job on the system and remove it.\",",
"* \"attack_techniques\": [\"T1168\", \"T1053\"],",
"* },",
" {",
" \"type\": \"string\",",
" \"enum\": [\"Timestomping\"],"
]
],
"firstLineNumber": 52,
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"comments": []
},
{
"type": "text",
"text": "- The PBA details in this file are reflected on the Monkey Island in the PBA configuration.\n- PBAs are also linked to the relevant MITRE techniques in this file, whose results can then be seen in the MITRE ATT&CK report on the Monkey Island."
}
],
"symbols": {},
"file_version": "2.0.1",
"file_version": "2.0.3",
"meta": {
"app_version": "0.4.1-1",
"app_version": "0.5.7-0",
"file_blobs": {
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "ea9b18aba7f71da12c9c82ac39d8a0cf2c472a9c"
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "7d62ac36e875ca3c249d808250cb3268e4d3d68d"
}
}
}
13 changes: 6 additions & 7 deletions .swm/OwcKMnALpn7tuBaJY1US.swm
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,9 @@
" \"attack_techniques\": [\"T1082\"],",
" },",
"* {",
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
"* \"type\": \"string\",",
"* \"enum\": [HOSTNAME_COLLECTOR],",
"* \"title\": \"Hostname collector\",",
"* \"title\": \"Hostname Collector\",",
"* \"safe\": True,",
"* \"info\": \"Collects machine's hostname.\",",
"* \"attack_techniques\": [\"T1082\", \"T1016\"],",
Expand Down Expand Up @@ -110,7 +109,7 @@
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
"comments": [],
"firstLineNumber": 92,
"firstLineNumber": 91,
"lines": [
" \"default\": [",
" ENVIRONMENT_COLLECTOR,",
Expand Down Expand Up @@ -195,14 +194,14 @@
}
],
"symbols": {},
"file_version": "2.0.1",
"file_version": "2.0.3",
"meta": {
"app_version": "0.4.4-0",
"app_version": "0.5.7-0",
"file_blobs": {
"monkey/common/common_consts/system_info_collectors_names.py": "175a054e1408805a4cebbe27e2f9616db40988cf",
"monkey/infection_monkey/system_info/collectors/hostname_collector.py": "0aeecd9fb7bde83cccd4501ec03e0da199ec5fc3",
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": "9a4a39050eb088876df4fa629e14faf820e714a0",
"monkey/monkey_island/cc/services/config_schema/monkey.py": "e745da5828c63e975625ac2e9b80ce9626324970",
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": "072640352fc9d50fe09752cfc951dab7d99271af",
"monkey/monkey_island/cc/services/config_schema/monkey.py": "da06123a95eebf7f0a68861815ee644bb37c8db6",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py": "e2de4519cbd71bba70e81cf3ff61817437d95a21",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py": "7ce4b6fcfbce0d6cd8a60297213c5be1699b22df"
}
Expand Down
87 changes: 87 additions & 0 deletions .swm/afMu3y3ny5lnrYFWl3EI.swm
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
{
"id": "afMu3y3ny5lnrYFWl3EI",
"name": "Add a new Post Breach Action (PBA)",
"task": {
"dod": "You should add a new PBA to the Monkey which discovers all user accounts on the machine.",
"tests": [],
"hints": [
"See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.",
"Make sure to add the PBA to the configuration as well.",
"MITRE ATT&CK technique T1087 articulates that adversaries may attempt to get a listing of accounts on a system or within an environment which can help them determine which accounts can aid in follow-on behavior. Therefore, the AccountDiscovery PBA is relevant to it. Make sure to map this PBA to the MITRE ATT&CK configuration and report."
]
},
"content": [
{
"type": "text",
"text": "Read our [documentation](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/) about adding a new PBA.\n\nAfter that we want you to add the AccountDiscovery PBA. The commands that add users for Windows and Linux can be retrieved from \\`get\\_commands\\_to\\_discover\\_accounts\\` — make sure you see how to use this function correctly.\n\nNote that the PBA should impact the T1087 MITRE technique as well.\n\n**Manual test to confirm**\n--------------------------\n\n1. Run the Monkey Island.\n \n2. Make sure your new PBA is enabled by default in the config. For this test, disable network scanning, exploiting, and all other PBAs.\n \n3. Run the Monkey Agent.\n \n4. See the PBA in the security report and in the MITRE report under the relevant technique."
},
{
"type": "snippet",
"lines": [
" POST_BREACH_JOB_SCHEDULING = \"Schedule jobs\"",
" POST_BREACH_TIMESTOMPING = \"Modify files' timestamps\"",
" POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC = \"Signed script proxy execution\"",
"*POST_BREACH_ACCOUNT_DISCOVERY = \"Account discovery\"",
"+# SWIMMER: Put the new const here!",
" POST_BREACH_CLEAR_CMD_HISTORY = \"Clear command history\""
],
"firstLineNumber": 7,
"path": "monkey/common/common_consts/post_breach_consts.py",
"comments": []
},
{
"type": "snippet",
"lines": [
" ",
" class AccountDiscovery(PBA):",
" def __init__(self):",
"* linux_cmds, windows_cmds = get_commands_to_discover_accounts()",
"+ # SWIMMER: Implement here!",
"* super().__init__(",
"+ pass",
"* POST_BREACH_ACCOUNT_DISCOVERY, linux_cmd=\" \".join(linux_cmds), windows_cmd=windows_cmds",
"* )"
],
"firstLineNumber": 7,
"path": "monkey/infection_monkey/post_breach/actions/discover_accounts.py",
"comments": []
},
{
"type": "snippet",
"lines": [
" \"with the help of a pre-existing signed script.\",",
" \"attack_techniques\": [\"T1216\"],",
" },",
"* {",
"+ # SWIMMER: Add details here!",
"* \"type\": \"string\",",
"* \"enum\": [\"AccountDiscovery\"],",
"* \"title\": \"Account Discovery\",",
"* \"safe\": True,",
"* \"info\": \"Attempts to get a listing of user accounts on the system.\",",
"* \"attack_techniques\": [\"T1087\"],",
"* },",
" {",
" \"type\": \"string\",",
" \"enum\": [\"ClearCommandHistory\"],"
],
"firstLineNumber": 80,
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"comments": []
},
{
"type": "text",
"text": "Many PBAs use shell commands or scripts — see `Timestomping` and `AccountDiscovery`.\n\nOn the other hand, some are less straightforward. You can override functions and implement new classes depending on what is required, to implement complicated PBAs — see `SignedScriptProxyExecution` and `ModifyShellStartupFiles`. \n \n\nThis PBA, along with the others, will run on a system after it has been breached. The purpose of this code is to test whether target systems allow attackers to gather details about all the user accounts that are present on a system or in an environment."
}
],
"symbols": {},
"file_version": "2.0.3",
"meta": {
"app_version": "0.5.7-0",
"file_blobs": {
"monkey/common/common_consts/post_breach_consts.py": "01d31448269e5581dbe0176c289f7dd36cc5854f",
"monkey/infection_monkey/post_breach/actions/discover_accounts.py": "8fdebd0df97655e4cba3aebcdcf3c5ed1d1b6cbd",
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "88a3e8cb59fb0d1c07c9487bcb4eaab7b8087d84"
}
}
}
122 changes: 0 additions & 122 deletions .swm/tbxb2cGgUiJQ8Btma0fp.swm

This file was deleted.

7 changes: 4 additions & 3 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,9 +80,10 @@ script:

# verify swimm
- cd $TRAVIS_BUILD_DIR
- curl -L https://github.com/swimmio/SwimmReleases/releases/download/v0.5.0-0/swimm-cli.js --output swimm_cli
- node swimm_cli --version
- node swimm_cli verify
- curl -L https://github.com/swimmio/SwimmReleases/releases/latest/download/packed-swimm-linux-cli --output swimm-cli
- chmod u+x swimm-cli
- ./swimm-cli --version
- ./swimm-cli verify

after_success:
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
Expand Down
Loading

0 comments on commit 67c87e0

Please sign in to comment.