Skip to content

Fix incorrect ATT&CK report messages #1483

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
Sep 28, 2021
Merged

Fix incorrect ATT&CK report messages #1483

merged 26 commits into from
Sep 28, 2021

Conversation

shreyamalviya
Copy link
Contributor

@shreyamalviya shreyamalviya commented Sep 23, 2021
edited
Loading

What does this PR do?

Fixes #919.
See commit messages for details.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running the Island

  • If applicable, add screenshots or log transcripts of the feature working

image

@shreyamalviya
island: Add code to create reverse schema i.e. each attack technique
26b0793 
mapped to its config fields
@shreyamalviya
island: Change config schema definitions' titles to title case and so
836069a 
they make more sense
@shreyamalviya
island: Update doc link for PowerShell exploiter
f9e994d
@shreyamalviya
island: Remove unneeded function to get reverse schema
ba2207b
@shreyamalviya
island: Move T1216's details from T1216.py to attack_schema.py so tha…
9564fb1 
…t it's

shown in the config instead of the ATT&CK report
@shreyamalviya
island: Add relevant_systems property to attack techniques that run on
8e733a8 
specific systems

And remove hardcoded "since it didn't run on any ... systems" from the unscanned
message for those techniques
@shreyamalviya
island: Add abstract property relevant_systems to AttackTechnique a…
b0b0f51 
…nd declare it for all techniques left
@shreyamalviya
island: Change pass to ... for abstract properties in
f730e75 
cc/services/attack/technique_reports/

See https://stackoverflow.com/a/58321197/10629482.
@shreyamalviya
island: Modify ATT&CK report messages to mention reasons
2cc0020 
1. not run on relevant system
2. relevant config options were disabled
mssalvatore
mssalvatore requested changes Sep 23, 2021
View reviewed changes
Copy link
Collaborator

@mssalvatore mssalvatore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this provides a lot of good, useful information to the user. Good job!

We're missing some unit tests and I think a lot of the new logic can be simplified. Any time your checking if key in dict:, you can probably simplify by using dict.get() or dict.setdefault().

ilija-lazoroski
ilija-lazoroski reviewed Sep 23, 2021
View reviewed changes
Copy link
Contributor

@ilija-lazoroski ilija-lazoroski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two of the swimm units are outdated. Needs to be changed.

  • Add details about your new PBA (JFXftJml8DpmuCPBA9rL) .

  • Add a new System Info Collector (OwcKMnALpn7tuBaJY1US) .

Otherwise, good job!!

@mssalvatore
Copy link
Collaborator

This should also get a changelog entry.

@shreyamalviya
island: Use dict's get() method to shorten
4a65ac3 
`get_config_schema_per_attack_technique()` in
config_schema_per_attack_technique.py
@shreyamalviya
island: Use dict's setdefault() to shorten
f3da34e 
`_add_config_field_to_reverse_schema()` in
config_schema_per_attack_technique.py
@shreyamalviya
tests: Add unit test for get_config_schema_per_attack_technique() in
f2470bb 
config_schema_per_attack_technique.py
@shreyamalviya
tests: Add unit tests for get_message_by_status() in
90f3cff 
monkey_island\cc\services\attack\technique_reports\__init__.py
@shreyamalviya
tests: Move some code around in test_technique_reports.py so it's easier
aff2bad 
to read
@shreyamalviya
tests: Use enums for expected msgs for better readibility in
6f903bd 
test_technique_reports.py
@shreyamalviya
tests: Extract mocking to an autouse, function-scoped fixture to reduce
85e5441 
code in test_technique_reports.py
@shreyamalviya
CHANGELOG: Add entry for modifying ATT&CK report messages
a857d29
@shreyamalviya
swimm: update exercise Add details about your new PBA JFXftJml8DpmuCP…
d6f91e4 
…BA9rL
@shreyamalviya
swimm: update exercise Add a new System Info Collector OwcKMnALpn7tuB…
1807bfc 
…aJY1US
@shreyamalviya
swimm: update exercise Add details about your new PBA JFXftJml8DpmuCP…
c2c5710 
…BA9rL
@shreyamalviya shreyamalviya assigned VakarisZ and unassigned VakarisZ Sep 24, 2021
@codecov
Copy link

codecov bot commented Sep 24, 2021
edited
Loading

Codecov Report

Merging #1483 (cb4b845) into develop (4afeba6) will increase coverage by 1.24%.
The diff coverage is 93.45%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1483      +/-   ##
===========================================
+ Coverage    41.59%   42.83%   +1.24%     
===========================================
  Files          461      471      +10     
  Lines        13953    14354     +401     
===========================================
+ Hits          5804     6149     +345     
- Misses        8149     8205      +56
Impacted Files Coverage Δ
.../monkey_island/cc/services/attack/attack_schema.py 100.00% <ø> (ø)
...services/attack/technique_reports/pba_technique.py 44.00% <0.00%> (ø)
...ces/config_schema/definitions/exploiter_classes.py 100.00% <ø> (ø)
...rvices/config_schema/definitions/finger_classes.py 100.00% <ø> (ø)
...s/config_schema/definitions/post_breach_actions.py 100.00% <ø> (ø)
...chema/definitions/system_info_collector_classes.py 100.00% <ø> (ø)
...d/cc/services/attack/technique_reports/__init__.py 66.32% <81.81%> (+21.25%) ⬆️
...land/cc/services/attack/technique_reports/T1003.py 50.00% <100.00%> (+2.17%) ⬆️
...land/cc/services/attack/technique_reports/T1005.py 76.92% <100.00%> (+1.92%) ⬆️
...land/cc/services/attack/technique_reports/T1016.py 57.89% <100.00%> (+2.33%) ⬆️
... and 50 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4afeba6...cb4b845. Read the comment docs.

mssalvatore
mssalvatore requested changes Sep 27, 2021
View reviewed changes
shreyamalviya and others added 3 commits September 27, 2021 20:20
@shreyamalviya
island, tests: Pass schema as arg to generate reverse schema instead …
afedde8 
…of generating reverse schema at runtime
@shreyamalviya
island, tests: Make config_schema_per_attack_technique a class variab…
0804cec 
…le instead of generating it every time
@shreyamalviya @mssalvatore
island: Simplify logic when creating reverse schema
72caf5a 
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
mssalvatore
mssalvatore requested changes Sep 27, 2021
View reviewed changes
@ilija-lazoroski ilija-lazoroski mentioned this pull request Sep 28, 2021
Closed
@mssalvatore mssalvatore merged commit 0839f04 into develop Sep 28, 2021
@mssalvatore mssalvatore deleted the incorrect-attack-report-msgs branch September 28, 2021 11:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

@ilija-lazoroski ilija-lazoroski Awaiting requested review from ilija-lazoroski

@VakarisZ VakarisZ Awaiting requested review from VakarisZ

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Incorrect ATT&CK report messages
4 participants
@shreyamalviya @mssalvatore @ilija-lazoroski @VakarisZ