Comments (8)
I have been using facts and requirements as a way to set the order of abilities with the batch planner. For instance, I may want a specific ability that downloads a tool to be run before an ability that uses the tool, even if the first one does not create any information to be used by the second one.
Wait, so an ability is not picking up a requirement that is listed? You should be able to have a Fact like that which can control execution through a corresponding requirement. Something like this: https://github.com/mitre/stockpile/blob/bac8177b6146bbe0f760e973428710d77e0081f2/app/requirements/existential.py
I re-checked my notes, I had forgotten the specifics.
This issue only occurs with paw_provenance
(or to be more correct, it doesn't happen with existential
) because this parser uses link.used
, thus any fact that is not in the command is "not compliant" because it won't ever be found by the parser.
The reason I need to use paw_provenance
instead of just existential
for the batch optimization is for operations that use more than 1 host, as the installation of a tool does not take the same time on each host. So each host generates its own I'm done!
fact, which is then used to start the next ability. That's the most logical way I found.
from caldera.
Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/
from caldera.
Hey @jeyam93, so it actually is used in the adversary, but in a sort of sly (non obvious) way. In short, when this adversary was prototyped, it had issues with repeatedly compromising the same hosts, which was not desired. So, the authors, working with Caldera's limited pre/post condition fact system did what they could to put some guardrails to make it work. In effect, this fact is one of the facts the adversary and fact source will use to try to prevent repeat spawning of the agent on the same host.
The fact (variable) is in the command so that it gets passed to the post action parsers. An implementation detail in Caldera, existing facts accessed in the parsers must be used in the action. Thus you get this (not ideal) hack of putting the fact in the command, even though not used by the command itself.
The fact/variable itself will actually get set in the parser if certain logic is hit (https://github.com/mitre/stockpile/blob/fe0c5b7bbd5dcdde4f90b5b6e493c2b0459d03e8/app/parsers/netlocalgroup.py#L71) and then be passed in to every follow on execution of the action (as the action will potentially fire on every new agent that is spawned).
Clear as mud?
from caldera.
An implementation detail in Caldera, existing facts accessed in the parsers must be used in the action
That's exactly the issue I ran into last week.
I have been using facts and requirements as a way to set the order of abilities with the batch planner. For instance, I may want a specific ability that downloads a tool to be run before an ability that uses the tool, even if the first one does not create any information to be used by the second one.
So what I did was create a random fact in the first, and use it as a requirement to the second, but I couldn't figure out for the life of me why the requirement didn't work... Took me a few days to understand that the fact needs to be in the actual command, so I now have a very ugly $whatever = #{the.requirement}
at the beginning of my command.
Two follow-up questions:
- Is this behavior (requirements need to be in the command or they will always fail) documented? I found the solution by debugging, might have missed it in the doc.
- If not, it could be useful to document it explicitly and possibly to add a warning when a user creates a requirement for a fact that is not incuded in the command?
Also, what you explained in your 3rd paragraph isn't clear to me, but it might be a more elegant solution than just setting a useless variable as I do. I'm not sure how the parser (which operates after an ability) is able to influence the requirement check (before the ability) though, I'll try and understand that.
from caldera.
I have been using facts and requirements as a way to set the order of abilities with the batch planner. For instance, I may want a specific ability that downloads a tool to be run before an ability that uses the tool, even if the first one does not create any information to be used by the second one.
Wait, so an ability is not picking up a requirement that is listed? You should be able to have a Fact like that which can control execution through a corresponding requirement. Something like this: https://github.com/mitre/stockpile/blob/bac8177b6146bbe0f760e973428710d77e0081f2/app/requirements/existential.py
from caldera.
Is this behavior (requirements need to be in the command or they will always fail) documented?
Its implied, not explicit. We should detail explicitly.
from caldera.
Also, what you explained in your 3rd paragraph isn't clear to me, but it might be a more elegant solution than just setting a useless variable as I do. I'm not sure how the parser (which operates after an ability) is able to influence the requirement check (before the ability) though, I'll try and understand that.
Its the same approach you are doing, its just the same ability/parser will create the requirement/dummy fact. Its useful because the same ability will be hit many times in same operation because new agents are spawned start from first ability in adversary profile.
from caldera.
@jeyam93 Im going to close this one. Please reopen if need to.
from caldera.
Related Issues (20)
- Attempting to achieve lateral movement using sandcat agent and metasploit HOT 3
- No review command button during empty operation Training Module HOT 5
- Wrong time format in event logs of operations HOT 1
- caldera-ot plugins apear on dashboard but when start operation don't work or apeare on operation or they don't execute? HOT 2
- Encoding error when approving link during manual operation HOT 1
- Confusion between obfuscated command and edited command in manual operations HOT 1
- fact_store's lifecycle? HOT 3
- Custom abilities do not support requirement definitions using stockpile basic parser HOT 14
- Agent communicates with base64 obfuscation despites different operation settings HOT 6
- install v5.0.0 error HOT 7
- Caldera and engage HOT 1
- Grap SVG error and extreme network utilization from console HOT 3
- Can not login to caldera 5.0 HOT 10
- Abilities' changes in adversaries' views are not updated consistlently, leading to potential loss HOT 1
- Atomic Red Team plug-in failing to load when starting Caldera HOT 3
- Facts created in "fact sources" do not support relationships? HOT 11
- getting npm ERR! Failed at the [email protected] build script error while installing caldera HOT 2
- Installation Issues HOT 2
- 'Exfilled Files' zip files are returning inaccurate files HOT 1
- The ability to deploy version 5.0 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caldera.