Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requirement for live agent #38

Merged
merged 8 commits into from
Oct 25, 2023
Merged

Requirement for live agent #38

merged 8 commits into from
Oct 25, 2023

Conversation

kaylakraines
Copy link
Contributor

@kaylakraines kaylakraines commented Oct 17, 2023
edited
Loading

Description

This PR provides a new requirement to only run an ability if the agent paw referenced in the ability matches a currently live agent.
This feature was developed to enable the Turla port to only run an ability if the implant that will be tasked in that ability is actively beaconing in to the server.

This PR is associated with center-for-threat-informed-defense/adversary_emulation_library#151

Type of change

  • New feature (non-breaking change which adds functionality)

How Has This Been Tested?

Tested on both the Turla (Snake) & Turla (Carbon) adversaries. Observed abilities running if the required implant/agent was listed as a live agents, and not running if it was not listed as a live agent.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code

@mchan143
Copy link
Contributor

@kaylakraines The linked repo is private - it would be better to link to the PR to CTID's AEL once you've created it.

It also looks like there's still one failing check with python 3.7

@kaylakraines
Copy link
Contributor Author

kaylakraines commented Oct 24, 2023
edited
Loading

The linked repo is private - it would be better to link to the PR to CTID's AEL once you've created it.

Will do @mchan143

It also looks like there's still one failing check with python 3.7

@clenk is working on this because Caldera no longer supports Python 3.7

@kaylakraines kaylakraines mentioned this pull request Oct 24, 2023
Merged
3 tasks
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

mchan143
mchan143 approved these changes Oct 25, 2023
View reviewed changes
Copy link
Contributor

@mchan143 mchan143 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update!

@mchan143 mchan143 merged commit ee8f3c9 into master Oct 25, 2023
6 checks passed
@mchan143 mchan143 deleted the check-implant-registered branch October 25, 2023 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mchan143 mchan143 mchan143 approved these changes

@clenk clenk Awaiting requested review from clenk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kaylakraines @mchan143