8000 Add T1158 attack technique by shreyamalviya · Pull Request #674 · guardicore/monkey · GitHub

More Web Proxy on the site http://driver.im/

Add T1158 attack technique #674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

shreyamalviya merged 19 commits into guardicore:develop from shreyamalviya:T1158

Jun 24, 2020

Contributor

shreyamalviya commented

What is this?
Fixes #672

shreyamalviya force-pushed the T1158 branch 2 times, most recently from cce131d to 1c1a27a Compare

June 4, 2020 19:08

codecov bot commented

•

Codecov Report

Merging #674 into develop will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop     #674   +/-   ##
========================================
  Coverage    58.06%   58.06%           
========================================
  Files          139      139           
  Lines         4483     4483           
========================================
  Hits          2603     2603           
  Misses        1880     1880

Impacted Files	Coverage Δ
monkey/monkey_island/cc/services/config_schema.py	`100.00% <ø> (ø)`

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0872730...a11852c. Read the comment docs.

shreyamalviya force-pushed the T1158 branch from 1c1a27a to 78fceca Compare

June 5, 2020 16:45

ShayNehmad reviewed

View reviewed changes

monkey/monkey_island/cc/ui/src/components/attack/techniques/T1158.js Show resolved Hide resolved

ShayNehmad reviewed

View reviewed changes

monkey/infection_monkey/utils/linux/hidden_files.py Outdated Show resolved Hide resolved

ShayNehmad reviewed

View reviewed changes

monkey/infection_monkey/utils/windows/hidden_files.py Outdated Show resolved Hide resolved

ShayNehmad reviewed

View reviewed changes

monkey/infection_monkey/utils/windows/hidden_files.py Outdated Show resolved Hide resolved

ShayNehmad reviewed

View reviewed changes

monkey/infection_monkey/post_breach/actions/hide_files.py Outdated Show resolved Hide resolved

ShayNehmad suggested changes

View reviewed changes

Contributor

ShayNehmad left a comment •

Looks really good for a first version! I've left some comments.
Please also note that the Travis CI build is failing because of too many JavaScript warnings. https://travis-ci.com/github/guardicore/monkey/builds/169926081#L1228

shreyamalviya force-pushed the T1158 branch from 6cf4b7a to 3fc20c0 Compare

June 7, 2020 15:00

shreyamalviya marked this pull request as ready for review

June 7, 2020 18:47

shreyamalviya changed the title ~~[WIP] Add T1158 attack technique~~ Add T1158 attack technique

shreyamalviya force-pushed the T1158 branch from 63d8715 to 072014c Compare

June 8, 2020 18:06

Contributor

acepace commented

Late to the game but why shell commands rather than calling APIs directly?

acepace reviewed

View reviewed changes

8000 monkey/infection_monkey/utils/linux/hidden_files.py Outdated Show resolved Hide resolved

acepace reviewed

View reviewed changes

monkey/infection_monkey/utils/windows/hidden_files.py Outdated Show resolved Hide resolved

acepace reviewed

View reviewed changes

monkey/infection_monkey/utils/windows/hidden_files.py Outdated Show resolved Hide resolved

shreyamalviya force-pushed the T1158 branch 2 times, most recently from 1abbdc5 to 67fc9f9 Compare

June 22, 2020 09:33

shreyamalviya requested review from ShayNehmad and VakarisZ

June 22, 2020 16:09

ShayNehmad approved these changes

View reviewed changes

Contributor Author

shreyamalviya commented Jun 23, 2020

Late to the game but why shell commands rather than calling APIs directly?

@acepace, just that it's easier to fit it into the existing framework we have right now

shreyamalviya added 6 commits June 24, 2020 14:33

Add "Hidden files" PBA feature

45c5546

TODO: winAPI

PBA stuff

1d952a4

Tweak PBA logic

2b9d544

Don't need to use winAPI to delete file

PBA changes: Linux

15ac770

PBA changes: Windows

49350aa

Add report components, link to matrix

0f6fcc7

shreyamalviya added 12 commits June 24, 2020 14:36

Mentioning 'type' doesn't seem necessary

80c8a42

PBA tweaks: Windows

6b4e90e

Little changes based on review

eea5352

Linux: change location of hidden file/folder

87bfe41

Windows: change location of hidden file/folder + add system attribute

a98f321

Remove detection time for AV software

d0dc305

Linux: fix hidden file/folder deletion issue

2dbf798

PBA command modifications

3819041

Fix status being sent in report data

37d37b6

Use mongo search for report data

a91e65e

Small fixes after rebasing

6b75092

Change order of techniques in ATT&CK matrix

971a102

T1158: Hidden files before T1504: Powershell profile

shreyamalviya force-pushed the T1158 branch 2 times, most recently from ab15bb6 to 7ba7b62 Compare June 24, 2020 10:51

Pass build

a11852c

Pass build

shreyamalviya force-pushed the T1158 branch from 7ba7b62 to a11852c Compare June 24, 2020 11:18

shreyamalviya merged commit b0a5c9e into guardicore:develop Jun 24, 2020

shreyamalviya deleted the T1158 branch August 3, 2020 04:57

snyk-bot mentioned this pull request May 23, 2021

[Snyk] Upgrade react-json-tree from 0.12.1 to 0.15.0 csmagee99/monkey#4

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

acepace acepace left review comments

ShayNehmad ShayNehmad approved these changes

VakarisZ Awaiting requested review from VakarisZ

Assignees
No one assigned

Labels

None yet

Projects

None yet

Milestone
No milestone

Development

Successfully merging this pull request may close these issues.
Add "Hidden Files and Directories" attack technique (T1158)

3 participants

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms

Privacy

Security

Status

Docs

Contact

0