guardicore/monkey v1.12.0

Infection Monkey v1.12.0

on GitHub

This release enhances Infection Monkey's ransomware simulation capability by adding the ability to propagate via PowerShell remoting. It also provides numerous bug fixes, as well as UX and security improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

Changelog

Added

• A new exploiter that allows propagation via PowerShell Remoting. #1246
• A warning regarding antivirus when agent binaries are missing. #1450
• A deployment.json file to store the deployment type. #1205

Changed

• The name of the "Communicate as new user" post-breach action to "Communicate
  as backdoor user". #1410
• Resetting login credentials also cleans the contents of the database. #1495
• ATT&CK report messages (more accurate now). #1483
• T1086 (PowerShell) now also reports if ps1 scripts were run by PBAs. #1513
• ATT&CK report messages to include internal config options as reasons
  for unscanned attack techniques. #1518

Removed

• Internet access check on agent start. #1402
• The "internal.monkey.internet_services" configuration option that enabled
  internet access checks. #1402
• Disused traceroute binaries. #1397
• "Back door user" post-breach action. #1410
• Stale code in the Windows system info collector that collected installed
  packages and WMI info. #1389
• Insecure access feature in the Monkey Island. #1418
• The "deployment" field from the server_config.json. #1205
• The "Execution through module load" ATT&CK technique,
  since it can no longer be exercise with current code. #1416
• Browser window pop-up when Monkey Island starts on Windows. #1428

Fixed

• Misaligned buttons and input fields on exploiter and network configuration
  pages. #1353
• Credentials shown in plain text on configuration screens. #1183
• Crash when unexpected character encoding is used by ping command on German
  language systems. #1175
• Malfunctioning timestomping PBA. #1405
• Malfunctioning shell startup script PBA. #1419
• Trap command produced no output. #1406
• Overlapping Guardicore logo in the landing page. #1441
• PBA table collapse in security report on data change. #1423
• Unsigned Windows agent binaries in Linux packages are now signed. #1444
• Some of the gathered credentials no longer appear in plaintext in the
  database. #1454
• Encryptor breaking with UTF-8 characters. (Passwords in different languages
  can be submitted in the config successfully now.) #1490
• Mimikatz collector no longer fails if Azure credential collector is disabled.
  #1512, #1493
• Unhandled error when "modify shell startup files PBA" is unable to find
  regular users. #1507
• ATT&CK report bug that showed different techniques' results under a technique
  if the PBA behind them was the same. #1514
• ATT&CK report bug that said that the technique ".bash_profile and
  .bashrc" was not attempted when it actually was attempted but failed. #1511
• Bug that periodically cleared the telemetry table's filter. #1392
• Crashes, stack traces, and other malfunctions when data from older versions
  of Infection Monkey is present in the data directory. #1114
• Broken update links. #1524

Security

• Generate a random password when creating a new user for CommunicateAsNewUser
  PBA. #1434
• Credentials gathered from victim machines are no longer stored plaintext in
  the database. #1454
• Encrypt the database key with user's credentials. #1463

New contributors 🙌

Welcome and thanks to our new contributors:
@TRGamer-tech

Attached binaries and hashes: