Big features
- A new plugin, Training, has been added. This plugin allows a user to gain a "User Certificate" which proves their ability to use CALDERA. This is the first of several certificates planned in the future. The plugin takes you through a capture-the-flag style certification course, covering all parts CALDERA.
Small features
- You can now delete adversaries from the GUI, through a new 'delete adversary' button
- You can now create mini-ability YML files called "extensions". An extension is simply the ID + platforms sections of a given ability and can be stored as a separate file from the full ability file (which contain names, descriptions, ATT&CK info, etc). Extensions are helpful because they allow you to store custom platforms/executors in a separate plugin then the normal ones.
UI changes
N/A
Rest API changes:
N/A
Contact changes
N/A
Plugin changes:
Stockpile
- We added two new obfuscators, base64_no_padding.py and caeser cipher. The former obfuscates commands by base64 encoding them and removing any padding. The latter obfuscates commands by applying a cipher which uses a shift key to change the ordinal char of each byte.
Breaking changes:
We expect plugin developers to only interact with the core system (and other plugins) through the list of services passed to their plugin and through importing the c_[object] modules in the core code. As such, each release we will highlight the changes in these two areas, as they could introduce breaking changes to a plugin.
Services
auth_svc
- A bug was fixed where we were using a convenience "bypass" of authentication for localhost.
Objects
c_agent
- a new function (privileged_to_run) was added, which accepts a given ability and returns whether the agent is privileged to run it or not.