Skip to content

1695 parsing mimikatz #1731

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Feb 23, 2022
Merged

1695 parsing mimikatz #1731

merged 18 commits into from
Feb 23, 2022

Conversation

VakarisZ
Copy link
Contributor

@VakarisZ VakarisZ commented Feb 22, 2022
edited
Loading

What does this PR do?

Fixes part of #1695.

Add any further explanations here.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running unit tests

Explain Changes

Are the commit messages enough? If not, elaborate.

@VakarisZ VakarisZ requested a review from mssalvatore February 22, 2022 15:15
VakarisZ and others added 11 commits February 22, 2022 17:18
@VakarisZ VakarisZ force-pushed the 1695-parsing-mimikatz branch from b9cbfde to 40fe08b Compare February 22, 2022 15:22
@VakarisZ VakarisZ force-pushed the 1695-parsing-mimikatz branch from 40fe08b to 8c90a98 Compare February 22, 2022 15:43
mssalvatore
mssalvatore approved these changes Feb 22, 2022
View reviewed changes
Copy link
Collaborator

@mssalvatore mssalvatore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with minor comments.

monkey/monkey_island/cc/services/telemetry/processing/credentials/credentials_parser.py
Comment on lines +27 to +29
IDENTITY_PROCESSORS[identity["credential_type"]](identity)
for secret in credential["secrets"]:
SECRET_PROCESSORS[secret["credential_type"]](secret)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we don't make any distinction between secrets and identities in CredentialComponentType, I'm not sure if there's value in making that distinction here. Similarly, I'm not sure we need to separate the processors into identities/ and secrets/ directories.

monkey/monkey_island/cc/services/telemetry/processing/processing.py
Comment on lines +16 to 22
TelemCategoryEnum.CREDENTIALS: parse_credentials,
TelemCategoryEnum.TUNNEL: process_tunnel_telemetry,
TelemCategoryEnum.STATE: process_state_telemetry,
TelemCategoryEnum.EXPLOIT: process_exploit_telemetry,
TelemCategoryEnum.SCAN: process_scan_telemetry,
TelemCategoryEnum.SYSTEM_INFO: process_system_info_telemetry,
TelemCategoryEnum.POST_BREACH: process_post_breach_telemetry,
TelemCategoryEnum.AWS_INFO: process_aws_telemetry,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While we're here, can we put these in alphabetical order as per the boy scout rule?

@VakarisZ VakarisZ merged commit 3fee7de into agent-refactor Feb 23, 2022
@VakarisZ VakarisZ deleted the 1695-parsing-mimikatz branch February 23, 2022 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@VakarisZ @mssalvatore @ilija-lazoroski