Spike

Objective

The goal and purpose of SystemInfoCollector's is not clearly defined enough to allow it to be used for plugins. Additionally, the majority of SystemInfoCollectors have been removed since the info they collected was never used (#1535) or because they don't fit Monkey's mission (#1669). The remaining info collectors are SSH, Mimikatz, AWS, and Process List Collector.

The proposed solution is to change the SystemInfoCollector interface to be CredentialsCollector and refactor the ProcessListCollector to be a PostBreachAction. Further investigation is needed to determine whether or not the AWS collector is actually required. If it is, it can be moved to the Agent as part of the agent refactor project.

Consider the architectural implications of making this change. Create a PDR that describes these changes or proposes an alternative.

Scope

Time boxed to 3 days.

Output

A PDR.

Tasks

• Create a PDR for these changes (0.75d) - @VakarisZ