Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate Mimikatz credentials collector to a plugin #3168

Closed
14 tasks done
mssalvatore opened this issue Mar 28, 2023 · 0 comments
Closed
14 tasks done

Migrate Mimikatz credentials collector to a plugin #3168

mssalvatore opened this issue Mar 28, 2023 · 0 comments
Labels
Complexity: Medium Credentials Collector Impact: High Plugins Refactor sp/8
Milestone
v2.2.0

Comments

@mssalvatore
Copy link
Collaborator

mssalvatore commented Mar 28, 2023
edited
Loading

Description

Migrate the Mimikatz credentials collector to a plugin.#3167

Tasks

  • Define config-schema.json, manifest, and options (0d) @ilija-lazoroski @ordabach
  • Create pipfile for dependencies (0d) @ilija-lazoroski @ordabach
  • Add A jenkins job to build the plugin (0d) @ilija-lazoroski @ordabach
    • Update the island build jobs on Jenkins to copy the artifacts from the Mimikatz plugin build job
  • Add a build script for building plugins on Windows. Modify the mimikatz jenkins job as necessary. (0d) @ilija-lazoroski, @shreyamalviya
  • Convert the existing mimikatz collector to a plugin (0d) @mssalvatore
    • Update ETE test configuration
    • Reimplement unit tests
  • Remove the hard-coded mimikatz credentials collector plugin (0d) @mssalvatore
  • Fix wmi_mimikatz and depth_1 smb mimikatz tests (see below) (0d) - @shreyamalviya
    • Remove wmi_mimikatz test
    • Modify depth_1_a to call the stolen credentials endpoint and assert that expected credentials were stolen
  • Remove vulture entries
  • Fix logging (leaking credentials) (0d) @ilija-lazoroski

Broken tests

image

This test is supposed to test that credentials are collected from mimikatz 14 and used to access mimikatz 15. It should be a depth 2 test and shouldn't include valid credentials for mimikatz 15 in the configuration.

Also check the depth_1_a test, as this has comments about mimikatz password stealing. I'm not sure how this can be properly tested with a depth 1 test.
@mssalvatore mssalvatore added this to the v2.2.0 milestone Mar 28, 2023
@ilija-lazoroski ilija-lazoroski mentioned this issue Apr 27, 2023
Merged
10 tasks
mssalvatore added a commit that referenced this issue Apr 27, 2023
@mssalvatore
Merge branch '3168-mimikatz-collector-settings' into develop
5e8988d 
Issue #3168
PR #3267
@ilija-lazoroski ilija-lazoroski mentioned this issue Apr 27, 2023
Merged
10 tasks
mssalvatore added a commit that referenced this issue Apr 27, 2023
@mssalvatore
Merge branch '3168-mimikatz-pipfile' into develop
f246966 
Issue #3168
PR #3268
shreyamalviya added a commit that referenced this issue Apr 28, 2023
@shreyamalviya
BB: Remove wmi_mimikatz test
aaaa0cb 
This test wasn't actually testing the Mimikatz credential
collector due to a misconfiguration on the mimikatz-15 machine.
We decided this test isn't worth keeping since the WMI exploiter
is already tested in depth_3_a and depth_4_a, and Mimikatz is
tested in depth_1_a (with SMB).

Issue #3168
PR #3274
@shreyamalviya shreyamalviya mentioned this issue Apr 28, 2023
Merged
10 tasks
@mssalvatore mssalvatore mentioned this issue Apr 28, 2023
Merged
8 tasks
mssalvatore pushed a commit that referenced this issue Apr 28, 2023
@shreyamalviya @mssalvatore
BB: Remove wmi_mimikatz test
4f70a6e 
This test wasn't actually testing the Mimikatz credential
collector due to a misconfiguration on the mimikatz-15 machine.
We decided this test isn't worth keeping since the WMI exploiter
is already tested in depth_3_a and depth_4_a, and Mimikatz is
tested in depth_1_a (with SMB).

Issue #3168
PR #3274
mssalvatore added a commit that referenced this issue Apr 28, 2023
@mssalvatore
Merge branch '3168-verify-supported-operating-system' into develop
42b8149 
Issue #3168
PR #3275
@shreyamalviya shreyamalviya mentioned this issue Apr 28, 2023
Merged
10 tasks
@mssalvatore mssalvatore mentioned this issue Apr 28, 2023
Merged
8 tasks
mssalvatore added a commit that referenced this issue Apr 28, 2023
@mssalvatore
Merge branch '3168-generalize-plugin-compatibility-verifier' into dev…
a73181f 
…elop

Issue #3168
PR #3277
@mssalvatore mssalvatore mentioned this issue Apr 28, 2023
Merged
10 tasks
mssalvatore added a commit that referenced this issue Apr 28, 2023
@mssalvatore
Merge branch '3168-modify-depth_1_a-test' into tmp
4b70dc7 
Issue #3168
mssalvatore added a commit that referenced this issue Apr 28, 2023
@mssalvatore
Merge branch '3168-verify-credentials-collectors-os-compatibility' in…
8f5b02a 
…to develop

Issue #3168
PR #3278
@ilija-lazoroski ilija-lazoroski mentioned this issue May 2, 2023
Merged
10 tasks
mssalvatore added a commit that referenced this issue May 2, 2023
@mssalvatore
Merge branch '3168-modify-depth_1_a-test' into develop
529fbd4 
Issue #3168
PR #3276
ordabach added a commit that referenced this issue May 3, 2023
@ordabach
BB: Fix logs logic in stolen credentials analyzer
54064aa 
Issue: #3168
PR: #3291
ilija-lazoroski added a commit that referenced this issue May 3, 2023
@ilija-lazoroski
Mimikatz: Fix duplication of mimikatz credentials
45a61be 
Issue: #3168
PR:
@ilija-lazoroski ilija-lazoroski mentioned this issue May 3, 2023
Merged
10 tasks
ilija-lazoroski added a commit that referenced this issue May 3, 2023
@ilija-lazoroski
Mimikatz: Fix duplication of mimikatz credentials
a8ff2af 
Issue: #3168
PR: #3292
ilija-lazoroski added a commit that referenced this issue May 3, 2023
@ilija-lazoroski
Mimikatz: Fix duplication of mimikatz credentials
fd7405c 
Issue: #3168
PR: #3292
ilija-lazoroski added a commit that referenced this issue May 3, 2023
@ilija-lazoroski
Merge branch '3168-mimikatz-credentials-duplication' into 3168-vendor…
e3bc143 
…-windows-directory

Issue #3168
PR #3292
mssalvatore pushed a commit that referenced this issue May 3, 2023
@ilija-lazoroski @mssalvatore
Mimikatz: Fix duplication of mimikatz credentials
5e00b5b 
Issue: #3168
PR: #3292
mssalvatore added a commit that referenced this issue May 3, 2023
@mssalvatore
Merge branch '3168-vendor-windows-directory' into develop
ad09d9f 
Issue #3168
PR #3288
mssalvatore pushed a commit that referenced this issue May 3, 2023
@ilija-lazoroski @mssalvatore
Mimikatz: Fix duplication of mimikatz credentials
658629e 
Issue: #3168
PR: #3292
mssalvatore added a commit that referenced this issue May 3, 2023
@mssalvatore
Merge branch '3168-remove-hardcoded-mimikatz' into 3168-mimikatz-plugin
952a129 
Issue #3168
mssalvatore added a commit that referenced this issue May 3, 2023
@mssalvatore
Merge branch '3168-mimikatz-plugin' into develop
8444123 
Issue #3168
ilija-lazoroski added a commit that referenced this issue May 3, 2023
@ilija-lazoroski
Mimikatz: Set logging level to DEBUG on pypykatz
8a3611e 
Issue: #3168
PR: #3293
ilija-lazoroski added a commit that referenced this issue May 3, 2023
@ilija-lazoroski
Merge branch '3168-mimikatz-leak-logs' into develop
b7a3cd6 
Issue #3168
PR #3293
@mssalvatore mssalvatore mentioned this issue May 3, 2023
Merged
8 tasks
mssalvatore added a commit that referenced this issue May 3, 2023
@mssalvatore
Merge branch '3168-exclude-usernames' into develop
727d07c 
Issue #3168
PR #3294
mssalvatore added a commit that referenced this issue May 3, 2023
@mssalvatore
Merge branch '3168-add-missing-stolen-credentials-depth-1' into develop
c5d58a3 
Issue #3168
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity: Medium Credentials Collector Impact: High Plugins Refactor sp/8
Projects
None yet
Milestone
v2.2.0
Development

No branches or pull requests
1 participant
@mssalvatore