Releases: mitre/caldera
4.1.0
What's Changed
Bug Patches
- Fixed "Save + Add" button on "Add Ability" modal in adversaries page so it doesn't result in an error. #2637
- Fixed a first-time startup error in the Atomic plugin resulting from a loop when parsing atomic abilities. #2657
- Fixed a bug in the Training plugin preventing the first manx flag from completing. #2638
- Fixed "(unexpected keyword argument 'loop')" error from the start_server call. #2625
Security Fixes
- Patched a XSS bug found in the Operations tab and Debrief plugin that took advantage of unsanitized input in an operation's name field. #2644
- Disclosure reports coming soon, stay tuned
- Credit to Jayson Grace from Meta's Purple Team for discovering this vulnerability
Operations Page
- Added "Operations Detail" modal on operation page that shows how the operation was configured at its start. #2558
- Tidied up row of buttons so they align better. #2615
Adversaries
(New!) "Everything Bagel" adversary: A collection of all CALDERA abilities ordered by ATT&CK tactic. Particularly useful when using the new advanced planners (see below) and want all abilities at the disposal of the planner.
(In progress) Added a missing ability to the "Worm" Adversary in the Stockpile plugin.
Planners
(New!) Look-Ahead Planner: A CALDERA planner that decides which abilities to execute based on expected future reward.
(New!) Guided Planner: A CALDERA planner which makes use of "distance to goals" in a dependency graph to select the optimal next action.
New Contributors
- @jt0dd made their first contribution in #2590
- @sgianvecchio made their first contribution in #2563
- @pierregi made their first contribution in #2577
- @djmartin41041 made their first contribution in #2649
- @Morpheme777 made their first contribution in #2642
Full Changelog: 4.0.0...4.1.0
4.0.0
What's Changed
All New User Interface
- Brand new look and feel across the entire platform.
- AlpineJS has replaced JQuery as our front-end framework.
- Bulma is our CSS framework of choice, which makes styling our templates a breeze.
- Core pages like operations, adversaries, and agents have been completely revamped to make them more powerful, insightful, and robust.
Operations Page
- Made more use of screen real estate.
- Adding a potential link now gives you the ability to edit the command before it's added.
- You can select fact values for all fact templates in a potential link, either ones from a fact source or ones collected from the operation.
Training Plugin
- UI has been refreshed to match the new UI in core CALDERA.
- Gameboard badge has been removed.
- Solution guides have been updated to reflect the changes in the new interface.
Sandcat
- Can update executors mid-operation
- New "proc" executor that directly spawns desired processes
- New "native" executor that performs various TTPs through pure Golang.
- Now provides command output for timed-out links
- New C2 channels and capabilities: SSH tunneling, FTP, Slack
Other
- REST API v2 with associated API Swagger Docs
- New open-source abilities and adversary profiles, including new collection and exfiltration capabilities.
- Timestamps in sandcat are now UTC instead of local time
- Automatic deletion of payloads is now optional
- Better storage of exfiltrated files to prevent overwriting
- More back end tests have been added
- General bug squashing and improvements
v5.0
We've begun working on v5 and are excited to bring capabilities not currently seen by automated cyber operation platforms
New Contributors
- @emmanvg made their first contribution in #2157
- @dependabot made their first contribution in #2179
- @bleepbop made their first contribution in #2188
- @neptunia made their first contribution in #2224
- @Sloane4 made their first contribution in #2211
- @CDJellen made their first contribution in #2321
- @cyber-arsenull made their first contribution in #2346
- @heatonk made their first contribution in #2373
- @bernsteinj made their first contribution in #2411
- @aapplebaum made their first contribution in #2412
- @BCHarrell made their first contribution in #2415
- @yee-jonathan made their first contribution in #2398
- @djlawren made their first contribution in #2404
- @damionmounts made their first contribution in #2424
- @zacharylc-mitre made their first contribution in #2418
- @cmagone made their first contribution in #2440
- @mshkolnik22 made their first contribution in #2536
- @ZacharyLPalmer made their first contribution in #2574
Full Changelog: 3.1.0...4.0.0
4.0.0 Beta
What's Changed
Operations Page
- Made more use of screen space at top of page
- Adding a potential link now gives you the ability to edit the command before it's added
- You can select fact values for all fact templates in a potential link, either ones from a fact source or ones collected from the operation.
Training Plugin
- UI has been refreshed to match the new UI in core CALDERA
- Gameboard badge has been removed
- New users should be able to complete User certificate in its entirety without issue
Other
- API Docs are better documented
- Timestamps in sandcat are now UTC instead of local time
- More back end tests have been added
- General bug squashing and improvements
Full Changelog: 3.1.0...4.0.0-beta
Contributors (since last release)
@ArtificialErmine, @clenk, @argaudreau, @iguannalin, @heatonk, @bleepbop, @mchan143, @christophert, @yee-jonathan, @blackwidow0616, @djlawren, @ddavila54, @CDJellen, @wbooth, @bernsteinj, @emmanvg, @cyber-arsenull, @uruwhy, @elegantmoose, @damionmounts, @zacharylc-mitre, @cmagone, @alexanderkent, ... and more!
New Contributors
- @emmanvg made their first contribution in #2157
- @bleepbop made their first contribution in #2188
- @neptunia made their first contribution in #2224
- @Sloane4 made their first contribution in #2211
- @CDJellen made their first contribution in #2321
- @cyber-arsenull made their first contribution in #2346
- @heatonk made their first contribution in #2373
- @bernsteinj made their first contribution in #2411
- @BCHarrell made their first contribution in #2415
- @yee-jonathan made their first contribution in #2398
- @djlawren made their first contribution in #2404
- @damionmounts made their first contribution in #2424
- @zacharylc-mitre made their first contribution in #2418
- @cmagone made their first contribution in #2440
Thank you to all of the MANY builders of CALDERA, both in and out of GitHub!
4.0.0 Alpha2
Bugfixes and enhancements to the 4.0.0-alpha release
What's Changed
- [VIRTS-2881] Health API v2 Pytests by @bleepbop in #2305
- virts-2891 - Planner parsing error checking by @ArtificialErmine in #2275
- [VIRTS-2877] Objectives api v2 Pytests by @bleepbop in #2283
- [VIRTS-2878] Planners v2 API Pytests by @bleepbop in #2299
- [VIRTS-2880] Sources v2 API Pytests by @bleepbop in #2307
- [VIRTS-2879] Plugins v2 API Pytests by @bleepbop in #2300
- Origin link ID storage fix by @uruwhy in #2187
- added pyminizip dependency from emu plugin by @mchan143 in #2322
- [VIRTS-3040] Fix Timestamp Error in Sources API Tests by @bleepbop in #2328
- [VIRTS-2887] Update Swagger Docs by @bleepbop in #2324
- Ops source fix by @iguannalin in #2323
- Bug fix for source-originated facts in relationships by @ArtificialErmine in #2338
- virts-2979 - Learning Service Fact Creation bugfix by @ArtificialErmine in #2340
- Fix Copy button for agent commands by @clenk in #2336
- Possible fix to Issue #2315 (affects
templates/abilities.html) by @CDJellen in #2321 - Change addPotentialLink to have ability: link in response. by @cyber-arsenull in #2346
- [VIRTS-3047] Update Config api docs by @bleepbop in #2353
- Revert profiles.html and rename showAbilityModal. by @cyber-arsenull in #2351
- Operations select dead agent bug in add potential link menu by @iguannalin in #2344
- Moved confetti.min.js to core library, updated training plugin with completed certificate message by @iguannalin in #2342
- Utc time by @uruwhy in #2355
- Change global styles to accomodate changes in debrief by @argaudreau in #2341
- Update README.md by @wbooth in #2375
- Resolve flake8 errors by @argaudreau in #2376
- Add plugin field to adversaries, abilities, and planners by @argaudreau in #2345
- [VIRTS-3255] Fix timestamp bug in v2 API Pytests by @bleepbop in #2356
- Ops UI fix by @iguannalin in #2368
- Add plugin apidocs details by @argaudreau in #2371
- Update aiohttp to 3.8.1 by @wbooth in #2382
- Bug fixes to agents page, add deadman abilities by @argaudreau in #2354
- Repin sandcat by @uruwhy in #2366
- Fix event_logs download functionality by @heatonk in #2373
New Contributors
- @iguannalin made their first contribution in #2150
- @emmanvg made their first contribution in #2157
- @dependabot made their first contribution in #2179
- @bleepbop made their first contribution in #2188
- @neptunia made their first contribution in #2224
- @Sloane4 made their first contribution in #2211
- @argaudreau made their first contribution in #2260
- @CDJellen made their first contribution in #2321
- @cyber-arsenull made their first contribution in #2346
- @heatonk made their first contribution in #2373
Thank you to the MANY builders of CALDERA on and off Github!
Full Changelog: 3.1.0...4.0.0-alpha2
4.0.0 Alpha
** Plugin UIs are still being updated so this will remain a pre-release until then
New UI
We are re-imagining the way end users interact with CALDERA. This includes large updates to the UI.
Included is a new abilities screen to easily manage your extensive library.
API v2
Calling all builders! For all those who build on the CALDERA platform we have a whole new API with full documentation. Currently docs are available once you start up the server. Look for a link at the bottom of the navigation menu "api docs"
C2 Channels
We've introduced some new C2 channels, including:
- Slack
- SSH tunneling
- FTP
Agent Updates
- Sandcat agent support for new C2 channels (Slack, FTP, SSH tunneling)
- New “proc” executor for Sandcat that will directly spawn processes using a provided executable path and arguments, rather than calling via PowerShell, sh, or cmd.
- Sandcat agents can remove executors or update executor binary paths
- Manx agents can properly run commands of longer durations.
Knowledge Service
New service created to better manage facts and information during an operation or when performing analysis
File upload/download encoding
Supports basic file encoding (plaintext and base64) for payload downloads and file uploads. To encode a downloaded payload or uploaded file, set the “x-file-encoding" HTTP header accordingly when making the download/upload request. Available data encoders are defined as Python modules in app/data_encoders. Currently supported encoders are “plain-text” and “base64”
Auth service
Add support for custom login handlers, as well as a new SAML authentication plugin.
Other Changes
- Dropped python 3.6 support and now testing for 3.7, 3.8, and 3.9
- We now support all browsers, Google Chrome is no longer the only supported browser
New CALDERA Contributors
- @iguannalin made their first contribution in #2150
- @emmanvg made their first contribution in #2157
- @bleepbop made their first contribution in #2188
- @neptunia made their first contribution in #2224
- @Sloane4 made their first contribution in #2211
- @argaudreau made their first contribution in #2260
Thank you to the MANY builders of CALDERA on and off Github!
Full Changelog: 3.1.0...4.0.0-alpha
3.1.0
Overview
Improvements to the training plugin, C2 Channels, and some core feature improvements
Core Features
- #2101 Server
--freshargument now backs up data todata/backupsbefore deleting data files. - #2037 Ip rule matching fix
- #2032 new DNS contact
- #2045 new operation log reporting style (events)
- #2055 fixed issue with deletion of sessions during refresh
- #2056 Sandcat agents now display all IP addresses associated with the host they are running on
- #2060 Files exfiltrated by abilities can now be downloaded through the UI
- #2088 new capability to automatically generate event logs on operation completion
New C2 Channel
- #2032 new DNS contact
Plugin Updates
Training
- A solution guide has been provided to ensure that learning caldera is even easier.
Sandcat
- Fixed bug with agents not sleeping after receiving commands, leading to extraneous c2 traffic
Stockpile
- Fixed base64 jumble and b64 no padding obfuscators
Debrief
- Fixed various bugs with the display (missing links, text overflowing)
3.0.0
Overview
Big improvements to usability, a new plugin called Emu that imports adversary emulation plans from CTID, P2P agent
communication, lateral movement tracking, and more!
Plugin Updates
NEW PLUGIN: Emu
This plugin imports adversary emulation plans from the Center for Threat Informed Defense
Learn more about the support emulation plans here:
https://github.com/center-for-threat-informed-defense/adversary_emulation_library
Debrief
Debrief is now tracking lateral movement through the new attack path graph in addition to some changes made to sandcat and core!
Learn more about the feature here:
https://caldera.readthedocs.io/en/latest/Lateral-Movement-Guide.html#displaying-lateral-movement-in-debrief
Builder
Allow for dynamic compilation of C#, C, C++, and Go binaries. Code will be built in Docker containers, requiring additional setup when CALDERA starts, but reducing dependencies on the server. Both C# and Go binaries can be built with libraries/modules.
New Features
Peer-to-Peer Communication
Peer to Peer functionality allows agents within internal networks to chain together to enable beaconing and communications where a direct connection is not possible. The implementation in sandcat allows for varied channels of communication as well, so that an agent can be configured for the environment is is being deployed in. Also present in caldera is functionality for discovery of peers, so that an agent can be deployed from a generic binary and discover if there are any available peers to connect out through if direct connection to the C2 server is not possible. The CALDERA server will display the proxy chain and protocols used to facilitate the communications in the agents page.
Lateral Movement Tracking
adds in the capability for caldera to track lateral movement via the originLinkID. This is passed in as an optional command line argument when executing an agent.
Learn more about the feature here:
https://caldera.readthedocs.io/en/latest/Lateral-Movement-Guide.html#displaying-lateral-movement-in-debrief
Manual Links
Allow users to run arbitrary commands on agents. Previously, only commands in abilities could be run. Add manual links from the operation screen.
Uploads
Similar to payload downloads in abilities, you can now specify file uploads in an ability YAML file. Supporting agents will upload the specified file(s) after completing an ability. File paths can be local or absolute.
Before, file uploads and exfiltration were performed using hardcoded commands (curl, powershell webclient, etc) that required HTTP(s) connection to the C2. In cases where the agent is using peer-to-peer and cannot directly access the server, old file upload commands wouldn’t work as intended. By adding in the upload capability as a separate ability and instruction component, supporting agents will use their contact method’s built-in upload functionality to send file bytes upstream, whether it is directly to the C2 server or to another agent proxy peer who will forward the bytes on their behalf.
Deadman Abilities
Users can now specify deadman abilities in the agents.yml config or via the agent GUI modal to have supporting agents run them prior to termination. Whereas all agents will receive bootstrap abilities for immediate execution upon their first successful beacon, the CALDERA server will only send deadman abilities to agents who have indicated through their beacons that they support deadman abilities. An example use case for this functionality is to specify an ability that will remove the agent executable once the agent terminates, or other defense evasion abilities like clearing logs.
Other Updates
- Many various bugfixes and usability improvements
2.9.0
2.8.1
Overview
This release features a new plugin Debrief and numerous stability fixes.
NEW Plugin: Debrief
Get operation analytics and insights with Debrief. Export JSON and PDF operation reports straight from the UI.
Features
CALDERA Core Features
- Global event execution: trigger actions off any event in the system
- Planner Objectives configuration pane. Set objectives for operations and stop when they're achieved
- Stream notifications when no abilities execute in an operation
- Configurable C2 address in agent command windows makes it easier to launch agents with the right address
Plugin Features
- ACCESS: import Metasploit exploits into abilities
- COMPASS: support latest version of navigator
- RESPONSE: ingest elasticsearch output into CALDERA as facts or steps
- STOCKPILE: new cleanup commands
- TRAINING: new question types (multiple-choice, fill in the blank, and navigator layer)
Fixes
CALDERA Core Fixes
- Bucket Planner functionality is restored (with tests)
- Align white and gold stars in operation output
- Sources table is fixed width, all values wrap
- Prevent adding duplicate agent groups
- Rule removal was not functioning under certain circumstances
- Fix bug that had operation hang when abilities were skipped during manual mode
- update ldap3 to 2.8.1 which pins pyasn1 greater than 0.4.6
- removed status variable and updated logic to only stream one msg if the chain is empty
- Tux is used instead of ubuntu icon for *nix commands (maybe the most important fix?)
Plugin Fixes
- ATOMIC: ignore use of reserved ability variables
- SANDCAT: fix donut hanging issue
- STOCKPILE: technique name fixes
...and many more