Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3168 mimikatz collector settings #3267

Merged
merged 5 commits into from
Apr 27, 2023
Merged

3168 mimikatz collector settings #3267

merged 5 commits into from
Apr 27, 2023

Conversation

ilija-lazoroski
Copy link
Contributor

What does this PR do?

Fixes part of #3168 .

Add any further explanations here.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Do all unit tests pass?
  • Do all end-to-end tests pass?
  • Any other testing performed?

    Tested by {Running the Monkey locally with relevant config/running Island/...}

  • If applicable, add screenshots or log transcripts of the feature working

@ilija-lazoroski ilija-lazoroski force-pushed the 3168-mimikatz-collector-settings branch from 2d27089 to e6308fe Compare April 27, 2023 13:52
mssalvatore
mssalvatore reviewed Apr 27, 2023
View reviewed changes
monkey/agent_plugins/credentials_collectors/mimikatz/config-schema.json Outdated Show resolved Hide resolved
monkey/agent_plugins/credentials_collectors/mimikatz/config-schema.json
@@ -0,0 +1,11 @@
{
"required": ["exclude_username_prefix"],
"properties": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We decided not to allow the user to select credential types?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, but we a tightly coupled to how Pypykatz is naming the credential types. See this

@codecov
Copy link

codecov bot commented Apr 27, 2023
edited
Loading

Codecov Report

Patch and project coverage have no change.

Comparison is base (5411112) 73.39% compared to head (e6308fe) 73.39%.

❗ Current head e6308fe differs from pull request most recent head bb1b9cd. Consider uploading reports for the commit bb1b9cd to get more accurate results

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #3267   +/-   ##
========================================
  Coverage    73.39%   73.39%           
========================================
  Files          482      482           
  Lines        13882    13882           
========================================
  Hits         10189    10189           
  Misses        3693     3693

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@mssalvatore mssalvatore force-pushed the 3168-mimikatz-collector-settings branch from bb1b9cd to 6761eab Compare April 27, 2023 14:02
@mssalvatore mssalvatore merged commit 5e8988d into develop Apr 27, 2023
@mssalvatore mssalvatore deleted the 3168-mimikatz-collector-settings branch April 27, 2023 14:03
shreyamalviya
shreyamalviya reviewed Apr 27, 2023
View reviewed changes
monkey/agent_plugins/credentials_collectors/mimikatz/config-schema.json
"title": "Excluded username prefix",
"description": "A username prefix for which Mimikatz will not collect credentials.",
"type": "string",
"default": "somenewuser"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should have a default for this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have it hardcoded in the monkey model.

monkey/monkey/infection_monkey/model/__init__.py

Line 6 in 5e8988d

USERNAME_PREFIX = "somenewuser"

monkey/agent_plugins/credentials_collectors/mimikatz/manifest.yaml
- windows
title: Mimikatz Credentials Collector
version: 1.0.0
description: Collects credentials from Windows credential manager.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
description: Collects credentials from Windows credential manager.
description: Collects credentials from Windows Credential Manager using Mimikatz.

shreyamalviya
shreyamalviya reviewed Apr 27, 2023
View reviewed changes
monkey/agent_plugins/credentials_collectors/mimikatz/src/mimikatz_options.py
class MimikatzOptions(InfectionMonkeyBaseModel):
excluded_username_prefix: str = Field(
default="somenewuser",
description="Mimikatz will not collect credentials for any user whos username"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
description="Mimikatz will not collect credentials for any user whos username"
description="Mimikatz will not collect credentials for any user whose username"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shreyamalviya shreyamalviya shreyamalviya left review comments

@mssalvatore mssalvatore mssalvatore approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ilija-lazoroski @mssalvatore @shreyamalviya