Skip to content

Releases: mitre/caldera

v5.2.0

03 Mar 19:09
@elegantmoose elegantmoose
5.2.0
06e4ded
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.2.0 Latest
Latest

What's Changed

New Contributors

Full Changelog: 5.1.0...5.2.0

Contributors

daw1012345
Assets 2
Loading

v5.1.0

25 Feb 22:56
@elegantmoose elegantmoose
5.1.0
cc4b9cd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.1.0

What's Changed

New Contributors

Full Changelog: 5.0.0...5.1.0

Contributors

rfulwell, elegantmoose, and 13 other contributors
Loading

v5.0.0 "Magma"

14 Feb 14:55
@elegantmoose elegantmoose
5.0.0
9ceb72d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.0.0 "Magma"

What's Changed

Backwards-Breaking Changes

  • Completely refactored UI/UX VueJS front end. #2874
  • Installation/run commands changed! The first time you run Caldera, you must add the --build flag in order to build the VueJS UI. If you restart the server afterwards, the --build flag is not needed.
  • Dropped support for Python 3.7. #2795

UI

  • Summary dashboard landing page with tiles for agents, operations, adversaries, abilities, and server address. #2874
  • New network and table Operation view. #2874
  • Agent hosts displayed on network view with OS platform icon. #2874
  • Agents are denoted by colored rings around hosts they are beaconing from, with multiple agents marked by multiple rings, and the colors denoting the status of agent. #2874
  • Agents with elevated user execution privileges on their host are denoted by red tinted host OS platform icon. #2874
  • Agent side panel (in network view) that shows key agent/host information. Activated when Agent/host node clicked. #2874
  • Agent actions shortcut on agent side panel. #2874
  • Operation action table. #2874
  • Ability commands now have code syntax highlighting. #2776
  • Fact sources can now be downloaded from Fact Sources view. #2874
  • Added option to rename facts #2811

Plugins

Bug Fixes

  • Fixed encryption key mismatch for backups when booting Caldera locally and then with Docker. #2780
  • Removed operation visibility slider as had no effect on underlying operation. #2806
  • HMAC digest comparison in authorization service is now more resistant to timing attacks. #2823
  • Added manually skipped Abilities to Operation report. #2822
  • Fixed bug selecting the wrong executor for potential links. #2843
  • Moved donut-shellcode python package dependency to Stockpile plugin. Dependency was moved as donut-shellcode package cannot (at this time) be installed on MacOS ARM chip architectures and caused install issues for Caldera core. #2874
  • Fixed Ragdoll agent's timestamp format (thanks to @LwsChlds). mitre/stockpile#571

Other

  • Improved checking of reasons why abilities are skipped in operations. #2623

New Contributors

Full Changelog: 4.2.0...5.0.0

Contributors

d3vco, Avlyssna, and 2 other contributors
Loading

4.2.0

19 Jun 21:28
@clenk clenk
4.2.0
bcaac29
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.2.0

What's Changed

Backwards-Breaking Changes

  • Link results now return stdout and stderr separately, as a dictionary. Any non-CALDERA users of APIs/reports or any custom plugins may be effected. #2662
  • Moved Atomic planner into Caldera main repo from stockpile. #2768

Plugins

  • The mock plugin will no longer be officially supported.

Bug Fixes

  • Fixed bug with the /operations API endpoint. #2691
  • Fixed bug where newline was missing at the end of operation logs. #2693
  • Fixed bug causing LDAP integration to fail. #2718
  • Fixed bug with fact sources not being removed correctly. #2732
  • Fixed bug causing Metasploit integration to fail.

UI

  • Fixed bug where plaintext command was not displayed correctly in the UI. #2668
  • Fixed bug freezing UI when deleting an operation. #2671
  • Adversary profile page now displays the Adversary ID for the selected adversary. #2672
  • Tabs are now pinned to the top of the page. #2695
  • Fixed bug preventing manually approving links in UI. #2729
  • Updated moving abilities on adversary page to be more clear. #2770

Planners

  • (New!) Naive Bayes planner: selects next action based on highest probability of success, as determined from historical operation report data.
  • (New!) Universal and Existential requirements: can check facts against the entire knowledge base instead of only using facts used by the command.

Other

  • Link commands are now unencoded by default, but are still sent encoded if any obfuscation is used for an operation. #2698
  • Added several event types to the eventing system: agent/added, fact/added, fact/updated, system/ready. #2692
  • Sandcat agents now include return the "exit_code" field in results. #2713
  • Sandcat agents now close out their sessions properly, preventing large sessions potentially showing up in logs.

New Contributors

Full Changelog: 4.1.0...4.2.0

Contributors

JamieScottC, pirxthepilot, and 3 other contributors
Loading

4.1.0

19 Sep 20:20
@argaudreau argaudreau
4.1.0
a1f6a91
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.1.0

What's Changed

Bug Patches

  • Fixed "Save + Add" button on "Add Ability" modal in adversaries page so it doesn't result in an error. #2637
  • Fixed a first-time startup error in the Atomic plugin resulting from a loop when parsing atomic abilities. #2657
  • Fixed a bug in the Training plugin preventing the first manx flag from completing. #2638
  • Fixed "(unexpected keyword argument 'loop')" error from the start_server call. #2625

Security Fixes

  • Patched a XSS bug found in the Operations tab and Debrief plugin that took advantage of unsanitized input in an operation's name field. #2644
    • Disclosure reports coming soon, stay tuned
    • Credit to Jayson Grace from Meta's Purple Team for discovering this vulnerability

Operations Page

  • Added "Operations Detail" modal on operation page that shows how the operation was configured at its start. #2558
  • Tidied up row of buttons so they align better. #2615

Adversaries

(New!) "Everything Bagel" adversary: A collection of all CALDERA abilities ordered by ATT&CK tactic. Particularly useful when using the new advanced planners (see below) and want all abilities at the disposal of the planner.

(In progress) Added a missing ability to the "Worm" Adversary in the Stockpile plugin.

Planners

(New!) Look-Ahead Planner: A CALDERA planner that decides which abilities to execute based on expected future reward.
(New!) Guided Planner: A CALDERA planner which makes use of "distance to goals" in a dependency graph to select the optimal next action.

New Contributors

Full Changelog: 4.0.0...4.1.0

Contributors

pierregi, jt0dd, and 3 other contributors
Loading

4.0.0

14 Jun 15:14
@wbooth wbooth
4.0.0
4fe71ac
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.0.0

What's Changed

All New User Interface

  • Brand new look and feel across the entire platform.
  • AlpineJS has replaced JQuery as our front-end framework.
  • Bulma is our CSS framework of choice, which makes styling our templates a breeze.
  • Core pages like operations, adversaries, and agents have been completely revamped to make them more powerful, insightful, and robust.

Operations Page

  • Made more use of screen real estate.
  • Adding a potential link now gives you the ability to edit the command before it's added.
  • You can select fact values for all fact templates in a potential link, either ones from a fact source or ones collected from the operation.

Training Plugin

  • UI has been refreshed to match the new UI in core CALDERA.
  • Gameboard badge has been removed.
  • Solution guides have been updated to reflect the changes in the new interface.

Sandcat

  • Can update executors mid-operation
  • New "proc" executor that directly spawns desired processes
  • New "native" executor that performs various TTPs through pure Golang.
  • Now provides command output for timed-out links
  • New C2 channels and capabilities: SSH tunneling, FTP, Slack

Other

  • REST API v2 with associated API Swagger Docs
  • New open-source abilities and adversary profiles, including new collection and exfiltration capabilities.
  • Timestamps in sandcat are now UTC instead of local time
  • Automatic deletion of payloads is now optional
  • Better storage of exfiltrated files to prevent overwriting
  • More back end tests have been added
  • General bug squashing and improvements

v5.0

We've begun working on v5 and are excited to bring capabilities not currently seen by automated cyber operation platforms

New Contributors

Full Changelog: 3.1.0...4.0.0

Contributors

cyber-arsenull, cmagone, and 16 other contributors
Loading
0 Join discussion

4.0.0 Beta

31 Jan 23:17
@argaudreau argaudreau
4.0.0-beta
261cb55
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.0.0 Beta

What's Changed

Operations Page

  • Made more use of screen space at top of page
  • Adding a potential link now gives you the ability to edit the command before it's added
  • You can select fact values for all fact templates in a potential link, either ones from a fact source or ones collected from the operation.

Training Plugin

  • UI has been refreshed to match the new UI in core CALDERA
  • Gameboard badge has been removed
  • New users should be able to complete User certificate in its entirety without issue

Other

  • API Docs are better documented
  • Timestamps in sandcat are now UTC instead of local time
  • More back end tests have been added
  • General bug squashing and improvements

Full Changelog: 3.1.0...4.0.0-beta

Contributors (since last release)

@ArtificialErmine, @clenk, @argaudreau, @iguannalin, @heatonk, @bleepbop, @mchan143, @christophert, @yee-jonathan, @blackwidow0616, @djlawren, @ddavila54, @CDJellen, @wbooth, @bernsteinj, @emmanvg, @cyber-arsenull, @uruwhy, @elegantmoose, @damionmounts, @zacharylc-mitre, @cmagone, @alexanderkent, ... and more!

New Contributors

Thank you to all of the MANY builders of CALDERA, both in and out of GitHub! 🚀

Contributors

christophert, clenk, and 24 other contributors
Loading
2 Join discussion

4.0.0 Alpha2

02 Dec 18:16
@wbooth wbooth
4.0.0-alpha.2
b8b033d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.0.0 Alpha2 Pre-release
Pre-release

Bugfixes and enhancements to the 4.0.0-alpha release

What's Changed

New Contributors

Thank you to the MANY builders of CALDERA on and off Github!

Full Changelog: 3.1.0...4.0.0-alpha2

Contributors

clenk, cyber-arsenull, and 13 other contributors
Loading

4.0.0 Alpha

06 Oct 17:21
@wbooth wbooth
4.0.0-alpha
d742b2b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.0.0 Alpha Pre-release
Pre-release

** Plugin UIs are still being updated so this will remain a pre-release until then

New UI

We are re-imagining the way end users interact with CALDERA. This includes large updates to the UI.
Included is a new abilities screen to easily manage your extensive library.

API v2

Calling all builders! For all those who build on the CALDERA platform we have a whole new API with full documentation. Currently docs are available once you start up the server. Look for a link at the bottom of the navigation menu "api docs"

C2 Channels

We've introduced some new C2 channels, including:

  • Slack
  • SSH tunneling
  • FTP

Agent Updates

  • Sandcat agent support for new C2 channels (Slack, FTP, SSH tunneling)
  • New “proc” executor for Sandcat that will directly spawn processes using a provided executable path and arguments, rather than calling via PowerShell, sh, or cmd.
  • Sandcat agents can remove executors or update executor binary paths
  • Manx agents can properly run commands of longer durations.

Knowledge Service

New service created to better manage facts and information during an operation or when performing analysis

File upload/download encoding

Supports basic file encoding (plaintext and base64) for payload downloads and file uploads. To encode a downloaded payload or uploaded file, set the “x-file-encoding" HTTP header accordingly when making the download/upload request. Available data encoders are defined as Python modules in app/data_encoders. Currently supported encoders are “plain-text” and “base64”

Auth service

Add support for custom login handlers, as well as a new SAML authentication plugin.

Other Changes

  • Dropped python 3.6 support and now testing for 3.7, 3.8, and 3.9
  • We now support all browsers, Google Chrome is no longer the only supported browser

New CALDERA Contributors

Thank you to the MANY builders of CALDERA on and off Github!

Full Changelog: 3.1.0...4.0.0-alpha

Contributors

argaudreau, emmanvg, and 4 other contributors
Loading
3 Join discussion

3.1.0

13 Apr 12:21
@wbooth wbooth
3.1.0
1c8abd3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.1.0

Overview

Improvements to the training plugin, C2 Channels, and some core feature improvements

Core Features

  • #2101 Server --fresh argument now backs up data to data/backups before deleting data files.
  • #2037 Ip rule matching fix
  • #2032 new DNS contact
  • #2045 new operation log reporting style (events)
  • #2055 fixed issue with deletion of sessions during refresh
  • #2056 Sandcat agents now display all IP addresses associated with the host they are running on
  • #2060 Files exfiltrated by abilities can now be downloaded through the UI
  • #2088 new capability to automatically generate event logs on operation completion

New C2 Channel

Plugin Updates

Training

  • A solution guide has been provided to ensure that learning caldera is even easier.

Sandcat

  • Fixed bug with agents not sleeping after receiving commands, leading to extraneous c2 traffic

Stockpile

  • Fixed base64 jumble and b64 no padding obfuscators

Debrief

  • Fixed various bugs with the display (missing links, text overflowing)
Loading
0 Join discussion