This release adds a new exploiter to the Infection Monkey, which exploits the Log4Shell vulnerability (CVE-2021-44228). To start downloading it while you read the release notes, go to the Infection Monkey website.
Changelog
Added
- A new exploiter that allows propagation via the Log4Shell vulnerability
(CVE-2021-44228). #1663
Fixed
- Exploiters attempting to start servers listening on privileged ports,
resulting in failed propagation. 8f53a5c
Attached binaries and hashes:
Filename | Type | Version | SHA256 Hash |
---|---|---|---|
InfectionMonkey-v1.12.0.AppImage | Island | 1.13.0 | cded4e8394a4d2a809ba9b74b924aea590317515b9b032ba8005a93dfce1c861 |
monkey-linux-32 | agent | 1.13.0 | 24c5779825f26c76a8910794836647096f4bb4b47cfd6ad213cc48116d140fab |
monkey-linux-64 | agent | 1.13.0 | f21e709cb7ba8daf90b908af5fe485ba43866c325d3c7ce1eb07e8a2323e07c1 |
monkey-windows-32 | agent | 1.13.0 | 7497907e3cf4ffeb121a7795bfa16709800e6e0f99770f64af7fff684ecba6d6 |
monkey-windows-64 | agent | 1.13.0 | 3edd20de2247047c8a822c84145981936ce2fd0bdf843eb5ca777ca4d2478b35 |
sc_monkey_runner32.so | sambacry | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 | |
sc_monkey_runner64.so | sambacry | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18 |
This release enhances Infection Monkey's ransomware simulation capability by adding the ability to propagate via PowerShell remoting. It also provides numerous bug fixes, as well as UX and security improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.
Changelog
Added
- A new exploiter that allows propagation via PowerShell Remoting. #1246
- A warning regarding antivirus when agent binaries are missing. #1450
- A deployment.json file to store the deployment type. #1205
Changed
- The name of the "Communicate as new user" post-breach action to "Communicate
as backdoor user". #1410 - Resetting login credentials also cleans the contents of the database. #1495
- ATT&CK report messages (more accurate now). #1483
- T1086 (PowerShell) now also reports if ps1 scripts were run by PBAs. #1513
- ATT&CK report messages to include internal config options as reasons
for unscanned attack techniques. #1518
Removed
- Internet access check on agent start. #1402
- The "internal.monkey.internet_services" configuration option that enabled
internet access checks. #1402 - Disused traceroute binaries. #1397
- "Back door user" post-breach action. #1410
- Stale code in the Windows system info collector that collected installed
packages and WMI info. #1389 - Insecure access feature in the Monkey Island. #1418
- The "deployment" field from the server_config.json. #1205
- The "Execution through module load" ATT&CK technique,
since it can no longer be exercise with current code. #1416 - Browser window pop-up when Monkey Island starts on Windows. #1428
Fixed
- Misaligned buttons and input fields on exploiter and network configuration
pages. #1353 - Credentials shown in plain text on configuration screens. #1183
- Crash when unexpected character encoding is used by ping command on German
language systems. #1175 - Malfunctioning timestomping PBA. #1405
- Malfunctioning shell startup script PBA. #1419
- Trap command produced no output. #1406
- Overlapping Guardicore logo in the landing page. #1441
- PBA table collapse in security report on data change. #1423
- Unsigned Windows agent binaries in Linux packages are now signed. #1444
- Some of the gathered credentials no longer appear in plaintext in the
database. #1454 - Encryptor breaking with UTF-8 characters. (Passwords in different languages
can be submitted in the config successfully now.) #1490 - Mimikatz collector no longer fails if Azure credential collector is disabled.
#1512, #1493 - Unhandled error when "modify shell startup files PBA" is unable to find
regular users. #1507 - ATT&CK report bug that showed different techniques' results under a technique
if the PBA behind them was the same. #1514 - ATT&CK report bug that said that the technique "
.bash_profile
and
.bashrc
" was not attempted when it actually was attempted but failed. #1511 - Bug that periodically cleared the telemetry table's filter. #1392
- Crashes, stack traces, and other malfunctions when data from older versions
of Infection Monkey is present in the data directory. #1114 - Broken update links. #1524
Security
- Generate a random password when creating a new user for CommunicateAsNewUser
PBA. #1434 - Credentials gathered from victim machines are no longer stored plaintext in
the database. #1454 - Encrypt the database key with user's credentials. #1463
New contributors 🙌
Welcome and thanks to our new contributors:
@TRGamer-tech
Attached binaries and hashes:
Filename | Type | Version | SHA256 Hash |
---|---|---|---|
InfectionMonkey-v1.12.0.AppImage | island | 1.12.0 | 1325f2aa1d0c27aec2e2f9864ed53c53c524bd208313f87ea6606f59c90ff310 |
monkey-linux-32 | agent | 1.12.0 | d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3 |
monkey-linux-64 | agent | 1.12.0 | 1ad52eabd704a9b0fbf642fa552629f30d3c5c27e431a687bd4cba4e0104d3f7 |
monkey-windows-32 | agent | 1.12.0 | 3c10f610f47c4fd227cf85f6bf800d66ed31fe37dc2e2ed408860483685ba504 |
monkey-windows-64 | agent | 1.12.0 | 02e5e051a96e2ca61ae8e661b3a5828ee53a0fc00aca6502d5c73a46754f0d07 |
sc_monkey_runner32.so | sambacry | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 | |
sc_monkey_runner64.so | sambacry | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18 |
This release introduces Infection Monkey's ransomware simulation capability. It also adds a number of security enhancements and configuration options. To start downloading it while you read the release notes, go to the Infection Monkey website.
Changelog
Added
- A runtime-configurable option to specify a data directory where runtime configuration and other artifacts can be stored. #994
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
log_level
option to server config. #1151- A ransomware simulation payload. #1238
- The capability for a user to specify their own SSL certificate. #1208
- API endpoint for ransomware report. #1297
- A ransomware report. #1240
- A script to build a docker image locally. #1140
Changed
- Select server_config.json at runtime. #963
- Select Logger configuration at runtime. #971
- Select
mongo_key.bin
file location at runtime. #994 - Store Monkey agents in the configurable data_dir when monkey is "run from the island". #997
- Reformat all code using black. #1070
- Sort all imports using isort. #1081
- Address all flake8 issues. #1071
- Use pipenv for python dependency management. #1091
- Move unit tests to a dedicated
tests/
directory to improve pytest collection time. #1102 - Skip BB performance tests by default. Run them if
--run-performance-tests
flag is specified. - Write Zerologon exploiter's runtime artifacts to a secure temporary directory instead of $HOME. #1143
- Put environment config options in
server_config.json
into a separate section named "environment". #1161 - Automatically register if BlackBox tests are run on a fresh installation. #1180
- Limit the ports used for scanning in blackbox tests. #1368
- Limit the propagation depth of most blackbox tests. #1400
- Wait less time for monkeys to die when running BlackBox tests. #1400
- Improve the structure of unit tests by scoping fixtures only to relevant modules instead of having a one huge fixture file. #1178
- Improve and rename the directory structure of unit tests and unit test infrastructure. #1178
- Launch MongoDB when the Island starts via python. #1148
- Create/check data directory on Island initialization. #1170
- Format some log messages to make them more readable. #1283
- Improve runtime of some unit tests. #1125
- Run curl OR wget (not both) when attempting to communicate as a new user on Linux. #1407
Removed
- Relevant dead code as reported by Vulture. #1149
- Island logger config and --logger-config CLI option. #1151
Fixed
- Attempt to delete a directory when monkey config reset was called. #1054
- An errant space in the windows commands to run monkey manually. #1153
- Gevent tracebacks in console output. #859
- Crash and failure to run PBAs if max depth reached. #1374
Security
- Address minor issues discovered by Dlint. #1075
- Hash passwords on server-side instead of client side. #1139
- Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174
- Implemented configuration encryption/decryption. #1189, #1204
- Create local custom PBA directory with secure permissions. #1270
- Create encryption key file for MongoDB with secure permissions. #1232
New contributors 🙌
Welcome and thanks to our new contributors:
@ilija-lazoroski
@kur1mi
@Vertrauensstellung
Attached binaries and hashes:
Filename | Type | Version | SHA256 Hash |
---|---|---|---|
Infection_Monkey-1.11.0-x86_64.AppImage | island | 1.11.0 | 6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2 |
monkey-linux-32 | agent | 1.11.0 | b0615fc0369bf6f0900e89acbc300cfe63bc754e4e3d50c2cba2dbdb2de8e511 |
monkey-linux-64 | agent | 1.11.0 | fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462 |
monkey-windows-32 | agent | 1.11.0 | e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849 |
monkey-windows-64 | agent | 1.11.0 | 12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a |
sc_monkey_runner32.so | sambacry | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 | |
sc_monkey_runner64.so | sambacry | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18 | |
tracerouter32 | traceroute | c15a8a7612af31ff973d424c6473eb34e2ca66dddc6aef3067a1e9927e368f23 | |
traceroute64 | sambacry | 64d5c9c9b7c0aaf6447bd6fd439b87052fe72bba769c4de454bc1f817cffcad4 |
This release introduces exciting new features, performance improvements, and lots of bug fixes. To start downloading it while you read the release notes, go to the Infection Monkey website.
New Features 🆕
New exploits 💣
Infection Monkey can now exploit two new remote code execution vulnerabilities:
- Exploit CVE-2019-6340 in Drupal #669
- Exploit Zerologon CVE-2020-1472 in Windows domain controllers #846, #868, #998, #1004
AWS Zero Trust security scans with ScoutSuite 🔍
Scout Suite is an open-source cloud security-auditing tool. It queries the cloud API to gather configuration data. Based on the configuration data gathered, ScoutSuite shows security issues and risks present in your cloud infrastructure. Infection Monkey will run a ScoutSuite scan against your AWS environment and categorize any alerts according to the Zero Trust framework. #519
New MITRE ATT&CK techniques 💥
We're continuing to improve our MITRE ATT&CK capabilities. We've added four new ATT&CK techniques to Infection Monkey, for a total of 36!
- Signed script proxy execution (T1216) #776
- Account discovery(T1087) #793
- Indicator removal on host: timestomp (T1099) #796
- Clear command history (T1146) #799
Improvements ⤴
Secured dependencies using snyk.io
Performance improvements 🚤
- Use multithreading to run PBAs #696
- Refactor tornado WSGE container into gevent WSGI container #858 #862
- Add sane timeouts to reduce excessive blocking #885
Documentation improvements 📖
We've updated our documentation for readability and consistency, as well as added swimm tutorials for developers.
- Improve report documentation #887
- Updates to monkey zoo docs #927
- Copyediting #909 #932 #933 #934 #935 #936 #937 #965
- Swimm tutorials #766 #837 #850 #904
- Add high-level architecture explanation #1047
Miscellaneous
- Add Windows XP support to MS08_067 exploit #809
- Reintroduce AWS run option #865
- Update Linux deployment scripts #900
UI
- Specify a user that will run the infection monkey agent #792 #830 #838 #840
- Clarified cross-segment issue reporting #819
- Improve ATT&CK UI #820
- Modify master checkboxes to conform to human interface guidelines #920
- Provide warning icon and language for unsafe options #920
- Show "None" in zero trust report sections with zero findings #947
- Show confirmation dialog when unsafe config is submitted or imported #1000
- Show warning dialog when unsafe ATT&CK config is submitted #1006
- Clarify custom PBA field descriptions in configuration menu #1027
Bug fixes 🐛
- Scale Monkey Island map component to window size #150
- Center Guardicore logo on smaller screens #612
- Fix typo that caused missing telemetry type on Log page #689
- Redirect to login page when JWT expires #739
- Link related ATT&CK techniques of the same PBA #761
- Fix rendering in security report generation #762
- Fix PBA file upload failure #784
- Evade detection by Windows defender #801, #929
- Fix hang on update check #857
- Fix creation of scheduled jobs (PBA) #861
- Fix wrong initial state in plugin selector control #891
- Fix failing SMB exploiter #895
- Catch exceptions thrown by fingerprinters #897
- Fix logic used to detect AWS, GCP, and Azure cloud instances #902
- Fix uncaught error in ATT&CK report #948
- Fix failure to scan configured TCP ports #956
- Add missing authentication check to
local_run
endpoint #981 - Do not automatically execute custom PBA script #1020 #1027
- Fix pyjwt dependency at version 1.7 #1042
- Properly handle unicode decode errors #798
New contributors 🙌
Welcome and thanks to our new contributors:
Attached binaries and hashes:
Filename | Type | Version | SHA256 Hash |
---|---|---|---|
monkey-linux-32 | agent | 1.10.0 | a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5 |
monkey-linux-64 | agent | 1.10.0 | 932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93 |
monkey-windows-32 | agent | 1.10.0 | 8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f |
monkey-windows-64 | agent | 1.10.0 | 3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1 |
sc_monkey_runner32.so | sambacry | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 | |
sc_monkey_runner64.so | sambacry | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18 | |
tracerouter32 | traceroute | c15a8a7612af31ff973d424c6473eb34e2ca66dddc6aef3067a1e9927e368f23 | |
traceroute64 | sambacry | 64d5c9c9b7c0aaf6447bd6fd439b87052fe72bba769c4de454bc1f817cffcad4 |
Infection Monkey 1.9.0
This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.
New Features 🆕
Improved MITRE ATT&CK coverage and reporting
We're continuing to improve our MITRE ATT&CK capabilities, with many new techniques added and a new report with more information.
New ATT&CK techniques 💥
We've added 8 new ATT&CK techniques to the Monkey, which brings our total coverage to 32!
setuid
andsetgid
" attack technique (T1166) #702- "Trap" attack technique (T1154) #697
- "PowerShell Profile" attack technique (T1504) #686
- "Scheduled Task" attack technique (T1053) #685
- "Local Job Scheduling" attack technique (T1168) #683
- "
.bash_profile
and.bashrc
" attack technique (T1156) #682 - "Hidden Files and Directories" attack technique (T1158) #672
- User creation and impersonation attack technique (T1136) #579
New ATT&CK report 📊
The new report added a new status to help you discern WHY a technique was or was not attempted, so you can optimise future Monkey executions. Here's how it looks:
Improved configuration (#637) ⚙
In our effort to improve the user experience and make Monkey more accessible and useable we've revamped our entire Configuration screen! Easily control the credentials used in simulations, the target list the Monkey will scan, and which exploits the Monkey will attempt to use.
Replaced mimikatz
DLL with pypykatz
for better defence evasion (#471, #583) 💂♂️
Most AVs recognize and delete the Mimikatz
DLL or even disrupt the entire Monkey installation process on Windows. We've replaced Mimikatz
with pypykatz
and for now, it'll be much harder for endpoint protection software to stop the Monkey.
New Documentation site and framework (#602) 📖
Due to the limited control and ease of use of the GitHub wiki, we've decided to move our documentation to a self-hosted solution based on Hugo.
Monkey Island is secure by default (#596) 🔐
The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.
If you want Island to be accessible without credentials press I want anyone to access the island. Please note that this option is insecure: you should only pick this for use in development environments.
Read related documentation here.
Improvements ⤴
Secured dependencies using snyk.io
We have a new integration with snyk.io, a service which checks our dependencies for vulnerabilities! So we've locked all our dependencies (#627) and updated lots of them as well:
Improvements to our CI process
- Python import linting #727
- Added Snyk.io to our PRs to test if new vulns are added through dependencies
Other improvements
- Edge refactoring to DAL #671
- Revamps UI to bootstrap v4 #688
- Updated MongoDB version #692
- Various Typos fixed #726
Bug fixes 🐛
Everything that was fixed in 1.8.2 and:
- Reset env UI bug #666
- Handle missing binaries #485
- Fixes SMB exploiter not passing vulnerable port (thus causing redundant exploitation) #664
- Removed PTH map #691
New contributors 🙌
Welcome and thanks to our new contributors:
Attached binaries and hashes:
Filename | Type | Version | Hash |
---|---|---|---|
monkey-linux-32 | agent | 1.9.0 | 4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380 |
monkey-linux-64 | agent | 1.9.0 | aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956 |
monkey-windows-32 | agent | 1.9.0 | 67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8 |
monkey-windows-64 | agent | 1.9.0 | 24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068 |
Infection Monkey 1.8.2
This is a small maintenance release. It includes some bug fixes, some performance improvements, and some new features. To start downloading it while you read the release notes, go to the Infection Monkey website.
New Features 🆕
Summary section in Security Report (#635)
Now you can easily see the number of open ports/services and number of servers scanned in the Security Report after a monkey run. Here's how it looks:
Improvements ⤴
Performance improvements 🚤
- Stop exploiting machines that have already been exploited in the exact same manner #650
- UI size improvements and performance improvements #634 #654
- Performance testing infrastructure #632
- Zero Trust report performance improvements #645
Misc.
Bug fixes 🐛
- Fixed monkey ignoring depth restrictions #642
- Fixed UI build issues #643
- Smallfixes on persistance/create user attack technique #647
Attached binaries and hashes:
Filename | Type | Version | Hash |
---|---|---|---|
monkey-linux-32 | agent | 1.8.2 | 39D3FE1C7B33482A8CB9288D323DDE17B539825AB2D736BE66A9582764185478 |
monkey-linux-64 | agent | 1.8.2 | 4DCE4A115D41B43ADFFC11672FAE2164265F8902267F1355D02BEBB802BD45C5 |
monkey-windows-32 | agent | 1.8.2 | 86A7D7065E73B795E38F2033BE0C53F3AC808CC67478AED794A7A6C89123979F |
monkey-windows-64 | agent | 1.8.2 | 2E6A1CB5523D87DDFD48F75B10114617343FBAC8125FA950BA7F00289B38B550 |
Infection Monkey 1.8.0
This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.
New Features 🆕
MITRE ATT&CK report (#491, #496, #575, #577)
In the previous version, Infection Monkey started mapping its abilities to the MITRE ATT&CK matrix. We now present these results, alongside the relevant data and mitigations, in a new report that will enable you to understand and mitigate security issues in your network in the vernacular of MITRE.
Here's how it looks:
For more details, read our blog post or watch the overview video.
OS Compatibility (#507, #527, #528, #479, #506)
Since we decided to migrate the Monkey to Python 3.7
Check out the list of supported operating systems!
This included changes to the Monkey itself and also to us forking our own version of PyInstaller with a custom bootloader.
New Zero Trust People test (#515, #517, #518)
We added another Zero Trust test to the Monkey's arsenal: the Monkey tries to create a new user that communicates with the internet. If it succeeds, this means that the network’s policies were too permissive.
See it in action in this blog post called "How to Assess Your Zero Trust Status: Monkey See, Centra Do".
Improvements ⤴
Python 3 migration (#393, #394, #469, #475, #393, #532, #486, #494)
The Monkey is now Python 3.7! print
VS print()
debate creates Python 4, the Monkey is not deprecated.
Improvements to our CI process
Performance testing infrastructure #548 #547
We hope to continue improving our performance as time goes on - this infrastructure will enable automatic testing of performance using Blackbox testing.
Better versioning (#545, #543, #559)
The Monkey version string now has the specific build ID that created it as well. Both the Monkey and the Island log that version string right when booting.
Refactor exploiters, fingerprinters system information collectors (#478, #499, #521, #522, #535)
Now these subsystems are modular and easy to expand using plugins, like PBAs before them (#397).
Telemetry box UI improvements (#538, #565)
The telemetry box in the Map now shows line count and auto-scrolls to the bottom
Small UX QoL improvements
- Config page label explaining that existing monkeys don't get new configuration #525
- "Start over" page now waits for a response from the server #512
Merge Infection Monkey requirements files (#500)
Simplifies our development setup by using only a single requirements file for both Infection Monkey platforms. Thanks pip
JS File Saver (#473)
Small UI code improvement, less dependencies
New map icons
Bug fixes 🐛
- Blank Screen after inactivity fixed #472
- Added 404 page #501
- Prevention of circular imports #477
- Auto update copyright year #481, #468
- Various fixes to
.deb
deployment #533, #544, #503, #524 - Disable
none
from the list of networks to scan #550 - Notification wrong route #541
- Improved deploy scripts #549, #562, #564, #546
- Encrypt SSH keys in logs #523, #458
- MSSQL compatibility #492, #493
ring
bugfixes #484- Telemetries that don't require briefs no longer throws errors in island #466
New contributors 🙌
Welcome and thanks to our new contributors:
Attached binaries and hashes:
Filename | Type | Version | Hash |
---|---|---|---|
monkey-windows-64.exe | Windows Agent | 1.8.0 | f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7 |
monkey-linux-64 | Linux Agent | 1.8.0 | d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6 |
monkey-windows-32.exe | Windows Agent | 1.8.0 | 1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08 |
monkey-linux-32 | Linux Agent | 1.8.0 | 217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2 |
Infection Monkey 1.7.0
This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website..
New Features 🆕
Zero Trust (#400)
The Monkey now tests your network against the Forrester Zero Trust eXtended framework and provides a report with actionable data and recommendations.
Read more about it in the Infection Monkey for Zero Trust product page or watch a demo video.
MITRE ATT&CK
Adds the ability to configure monkey using the MITRE ATT&CK matrix and allows to view which ATT&CK techniques were used and how in the report.
Improvements ⤴
Scanning Performance boost (#436)
The monkey now scans its target subnets in parallel, which improves runtime by 4.
Island performance boosts (#441 + #358)
The island now generates reports faster for larger amounts of network nodes by 2 orders of magnitude, which helps when dealing with larger-scale networks. Also, the report is cached if no Monkey has communicated since the last report has been generated.
Hashing all sensitive data in all logs (#438 + #444)
All potentially sensitive data is now logged hashed so no sensitive data is plain-text.
Notification when infection is done (#326)
The Island website will now send you a notification when the infection is done, so you don't need to busy wait on it.
Bug fixes 🐛
Various other bug fixes, such as:
- Vulnerability stability and success rate improvements.
- Monkey has TTL before it automatically marked as dead so report finishes in case of lost communication after network changes, shutdowns or crashes. (#313)
- Automatic black-box testing suite. (#420)
- Monkey will work on Windows machines that aren't installed on
C:\
. (#349) - Not showing Linux machines in PTH credentials map. (#338)
Attached binaries and hashes:
File | Hash (SHA256) |
---|---|
monkey-linux-32 | EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D |
monkey-linux-64 | 333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA |
monkey-windows-32.exe | 603D982D4A3D8459573D016E36BCFC0AD776CE2CB7DFF965954C688AB17E1727 |
monkey-windows-64.exe | E400F0D56570215C458D6EDED63E72AC6E82819EFF2FC5969A73883261B5976E |
This is a small bugfix release, mostly around integration and packaging.
Two user facing changes.
First, we now do not request AWS access keys for different features like AWS security hub integration and remote commands on EC2 instances. We now require an IAM role to be applied to the EC2 instance where the monkey is running. For more details, check here and here
Second, the Monkey Island now checks for updates against a centralized server. At startup, a single message containing the current version is sent to a dedicated machine, and returns whether there is a new version available and a download link in case there is one.
Feature - Version checking #309
Feature - AWS integration through IAM roles #281
Bugfix - Deb does not rely on package manager mongo #301
Bugfix - ElasticGroovy exploitation now gracefully timeouts in case of errors #289
Bugfix - Struts2 attack script does not check for certificate errors #318
Bugfix - Domain related recommendations do not show up if no such recommendations exist. #278 and #304 fixes #213
Bugfix - Update Bootstrap to 3.4.1 #311
Also, the Island may now also run as a single PyInstaller packed executable, solving some deployment issues on Windows.
This is a release with plenty of cool features.
Take the Infection Monkey for a spin inside your network and let us know how it was!
New Features
- The UI can now optionally be password protected. For more information check our wiki and #260
- The Monkey can now run actions after breaching the machine. For now, we've only implemented the option to create a disabled backdoor user. #242
- Export to AWS security hub. The monkey now knows to export security findings to the AWS security hub. #221
- We can now remotely run commands on AWS EC2 instances, giving you more methods to start a simulating breach. #259
- Attack according to host names rather than IPs #189
- We can now carry our own version of traceroute for linux machines #229
- Add option to sleep between scans #240
- The monkey now also pings machines to check if they're alive, possibly bypassing some segmentation rules #243
- We have an experimental new attack. An MS-SQL exploiter that brute forces authentication and uses xp_cmdshell to attack. #147
We also improved our deployment, making it easier for developers to set up their own instance of the Monkey (#225 and #227 )