Skip to content

Add T1099 attack technique (timestomping) #796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 31, 2020
Merged

Add T1099 attack technique (timestomping) #796

merged 4 commits into from
Aug 31, 2020

Conversation

shreyamalviya
Copy link
Contributor

Fixes #795

@codecov
Copy link

codecov bot commented Aug 20, 2020
edited
Loading

Codecov Report

Merging #796 into develop will increase coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff            @@
##           develop     #796   +/-   ##
========================================
  Coverage    60.46%   60.47%           
========================================
  Files          165      165           
  Lines         4940     4941    +1     
========================================
+ Hits          2987     2988    +1     
  Misses        1953     1953
Impacted Files Coverage Δ
...s/config_schema/definitions/post_breach_actions.py 100.00% <ø> (ø)
.../monkey_island/cc/services/config_schema/monkey.py 100.00% <ø> (ø)
monkey/common/data/post_breach_consts.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update db46134...fc7d5bf. Read the comment docs.

ShayNehmad
ShayNehmad reviewed Aug 23, 2020
View reviewed changes
Copy link
Contributor

@ShayNehmad ShayNehmad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Questions about testing

monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py


def get_windows_timestomping_commands():
return 'powershell.exe infection_monkey/post_breach/timestomping/windows/timestomping.ps1'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Tested on compiled Monkey? Not sure the ps1 script file will be packaged unless you add it to the pyinstaller config
  2. Any guarantees about working directory? Are you sure this works from different exploits etc?

@shreyamalviya shreyamalviya merged commit 836647e into guardicore:develop Aug 31, 2020
@shreyamalviya shreyamalviya deleted the T1099 branch September 2, 2020 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VakarisZ VakarisZ Awaiting requested review from VakarisZ

1 more reviewer

@ShayNehmad ShayNehmad ShayNehmad left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add "Timestomping" attack technique (T1099)
2 participants
@shreyamalviya @ShayNehmad