Skip to content

Payload obfuscation #964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 11, 2021
Merged

Payload obfuscation #964

merged 3 commits into from
Feb 11, 2021

Conversation

VakarisZ
Copy link
Contributor

@VakarisZ VakarisZ commented Feb 10, 2021
edited
Loading

What does this PR do?

Fixes #929

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running clarify on ms08_670 payload and getting the same payload as before

@VakarisZ VakarisZ requested a review from mssalvatore February 10, 2021 07:22
@VakarisZ VakarisZ force-pushed the payload_obfuscation branch from 298befa to 28e4a0f Compare February 10, 2021 08:34
@codecov
Copy link

codecov bot commented Feb 10, 2021
edited
Loading

Codecov Report

Merging #964 (f11736d) into develop (c8c763d) will increase coverage by 0.81%.
The diff coverage is 78.57%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #964      +/-   ##
===========================================
+ Coverage    19.07%   19.89%   +0.81%     
===========================================
  Files          338      338              
  Lines        11482    11603     +121     
===========================================
+ Hits          2190     2308     +118     
- Misses        9292     9295       +3
Impacted Files Coverage Δ
monkey/infection_monkey/exploit/win_ms08_067.py 0.00% <0.00%> (ø)
monkey/common/utils/shellcode_obfuscator.py 92.85% <91.66%> (+5.35%) ⬆️
monkey/infection_monkey/network/ping_scanner.py 0.00% <0.00%> (ø)
...nkey/monkey_island/cc/services/reporting/report.py 0.00% <0.00%> (ø)
monkey/infection_monkey/model/host.py 53.19% <0.00%> (+7.24%) ⬆️
monkey/monkey_island/cc/encryptor.py 76.00% <0.00%> (+9.33%) ⬆️
monkey/common/cloud/aws/aws_instance.py 90.90% <0.00%> (+43.18%) ⬆️
monkey/common/cloud/azure/azure_instance.py 76.59% <0.00%> (+76.59%) ⬆️
monkey/common/cloud/gcp/gcp_instance.py 92.59% <0.00%> (+92.59%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c8c763d...f11736d. Read the comment docs.

mssalvatore
mssalvatore requested changes Feb 10, 2021
View reviewed changes
@mssalvatore mssalvatore self-requested a review February 11, 2021 12:38
mssalvatore
mssalvatore approved these changes Feb 11, 2021
View reviewed changes
Copy link
Collaborator

@mssalvatore mssalvatore left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add nosec to the crypto line to disable the bandit warning, since we use pycryptodome, not pycrypto.

mssalvatore
mssalvatore requested changes Feb 11, 2021
View reviewed changes
monkey/common/utils/shellcode_obfuscator.py Outdated

import sys

from Crypto.Cipher import AES
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
from Crypto.Cipher import AES
from Crypto.Cipher import AES # nosec: B413

@mssalvatore mssalvatore merged commit de3adfd into develop Feb 11, 2021
@mssalvatore mssalvatore deleted the payload_obfuscation branch February 11, 2021 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AV detection avoidance
2 participants
@VakarisZ @mssalvatore