Skip to content

ATT&CK Report: Pass The Hash (T1075) reports wrong info #1518

New issue
New issue
Closed
#1525
Closed
ATT&CK Report: Pass The Hash (T1075) reports wrong info#1518
#1525
Assignees
shreyamalviya
Labels
BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: LowImpact: LowMITRE ATT&CKReported by user
@shreyamalviya

Description

@shreyamalviya
shreyamalviya
opened on Oct 7, 2021

Describe the bug

In the ATT&CK report, technique T1075, i.e. Pass The Hash, reports that it wasn't attempted (exact message below) even though Monkey ran on Windows machines and the SMB Exploiter was enabled.

Monkey didn't try to use pass the hash attack due to one of the following reasons:

Monkey did not run on any Windows systems.
The following configuration options were disabled:
- Exploiters — SMB Exploiter

Expected behavior

It should display the correct message, that it was attempted and failed.

Findings

The technique was not used since no hashes were specified in the internal configuration. While generating the ATT&CK report, we should also go through the internal config and specify that no values for certain config options would cause the technique to be unscanned.

Tasks

  • Fix the mongo query for T1075 (and check others?). Go through the internal config as well when generating the reverse config schema in monkey\monkey_island\cc\services\config_schema\config_schema_per_attack_technique.py.

Metadata

Metadata

Assignees

Labels

BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: LowImpact: LowMITRE ATT&CKReported by user

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions