This release adds a new exploiter to the Infection Monkey, which exploits the Log4Shell vulnerability (CVE-2021-44228). To start downloading it while you read the release notes, go to the Infection Monkey website.

Changelog

Added

• A new exploiter that allows propagation via the Log4Shell vulnerability (CVE-2021-44228). #1663

Fixed

• Exploiters attempting to start servers listening on privileged ports, resulting in failed propagation. 8f53a5c

Attached binaries and hashes:

Filename | Type | Version | SHA256 Hash -- | -- | -- | -- InfectionMonkey-v1.13.0.AppImage | Island | 1.13.0 | cded4e8394a4d2a809ba9b74b924aea590317515b9b032ba8005a93dfce1c861 monkey-linux-32 | agent | 1.13.0 | 24c5779825f26c76a8910794836647096f4bb4b47cfd6ad213cc48116d140fab monkey-linux-64 | agent | 1.13.0 | f21e709cb7ba8daf90b908af5fe485ba43866c325d3c7ce1eb07e8a2323e07c1 monkey-windows-32 | agent | 1.13.0 | 7497907e3cf4ffeb121a7795bfa16709800e6e0f99770f64af7fff684ecba6d6 monkey-windows-64 | agent | 1.13.0 | 3edd20de2247047c8a822c84145981936ce2fd0bdf843eb5ca777ca4d2478b35 sc_monkey_runner32.so | sambacry | | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 sc_monkey_runner64.so | sambacry | | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18

This release enhances Infection Monkey's ransomware simulation capability by adding the ability to propagate via PowerShell remoting. It also provides numerous bug fixes, as well as UX and security improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

Changelog

Added

• A new exploiter that allows propagation via PowerShell Remoting. #1246
• A warning regarding antivirus when agent binaries are missing. #1450
• A deployment.json file to store the deployment type. #1205

Changed

• The name of the "Communicate as new user" post-breach action to "Communicate as backdoor user". #1410
• Resetting login credentials also cleans the contents of the database. #1495
• ATT&CK report messages (more accurate now). #1483
• T1086 (PowerShell) now also reports if ps1 scripts were run by PBAs. #1513
• ATT&CK report messages to include internal config options as reasons for unscanned attack techniques. #1518

Removed

• Internet access check on agent start. #1402
• The "internal.monkey.internet_services" configuration option that enabled internet access checks. #1402
• Disused traceroute binaries. #1397
• "Back door user" post-breach action. #1410
• Stale code in the Windows system info collector that collected installed packages and WMI info. #1389
• Insecure access feature in the Monkey Island. #1418
• The "deployment" field from the server_config.json. #1205
• The "Execution through module load" ATT&CK technique, since it can no longer be exercise with current code. #1416
• Browser window pop-up when Monkey Island starts on Windows. #1428

Fixed

• Misaligned buttons and input fields on exploiter and network configuration pages. #1353
• Credentials shown in plain text on configuration screens. #1183
• Crash when unexpected character encoding is used by ping command on German language systems. #1175
• Malfunctioning timestomping PBA. #1405
• Malfunctioning shell startup script PBA. #1419
• Trap command produced no output. #1406
• Overlapping Guardicore logo in the landing page. #1441
• PBA table collapse in security report on data change. #1423
• Unsigned Windows agent binaries in Linux packages are now signed. #1444
• Some of the gathered credentials no longer appear in plaintext in the database. #1454
• Encryptor breaking with UTF-8 characters. (Passwords in different languages can be submitted in the config successfully now.) #1490
• Mimikatz collector no longer fails if Azure credential collector is disabled. #1512, #1493
• Unhandled error when "modify shell startup files PBA" is unable to find regular users. #1507
• ATT&CK report bug that showed different techniques' results under a technique if the PBA behind them was the same. #1514
• ATT&CK report bug that said that the technique ".bash_profile and .bashrc" was not attempted when it actually was attempted but failed. #1511
• Bug that periodically cleared the telemetry table's filter. #1392
• Crashes, stack traces, and other malfunctions when data from older versions of Infection Monkey is present in the data directory. #1114
• Broken update links. #1524

Security

• Generate a random password when creating a new user for CommunicateAsNewUser PBA. #1434
• Credentials gathered from victim machines are no longer stored plaintext in the database. #1454
• Encrypt the database key with user's credentials. #1463

New contributors 🙌

Welcome and thanks to our new contributors: @TRGamer-tech

Attached binaries and hashes:

Filename | Type | Version | SHA256 Hash -- | -- | -- | -- InfectionMonkey-v1.12.0.AppImage | island | 1.12.0 | 1325f2aa1d0c27aec2e2f9864ed53c53c524bd208313f87ea6606f59c90ff310 monkey-linux-32 | agent | 1.12.0 | d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3 monkey-linux-64 | agent | 1.12.0 | 1ad52eabd704a9b0fbf642fa552629f30d3c5c27e431a687bd4cba4e0104d3f7 monkey-windows-32 | agent | 1.12.0 | 3c10f610f47c4fd227cf85f6bf800d66ed31fe37dc2e2ed408860483685ba504 monkey-windows-64 | agent | 1.12.0 | 02e5e051a96e2ca61ae8e661b3a5828ee53a0fc00aca6502d5c73a46754f0d07 sc_monkey_runner32.so | sambacry | | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 sc_monkey_runner64.so | sambacry | | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18

This release introduces Infection Monkey's ransomware simulation capability. It also adds a number of security enhancements and configuration options. To start downloading it while you read the release notes, go to the Infection Monkey website.

Changelog

Added

• A runtime-configurable option to specify a data directory where runtime configuration and other artifacts can be stored. #994
• Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
• log_level option to server config. #1151
• A ransomware simulation payload. #1238
• The capability for a user to specify their own SSL certificate. #1208
• API endpoint for ransomware report. #1297
• A ransomware report. #1240
• A script to build a docker image locally. #1140

Changed

• Select server_config.json at runtime. #963
• Select Logger configuration at runtime. #971
• Select mongo_key.bin file location at runtime. #994
• Store Monkey agents in the configurable data_dir when monkey is "run from the island". #997
• Reformat all code using black. #1070
• Sort all imports using isort. #1081
• Address all flake8 issues. #1071
• Use pipenv for python dependency management. #1091
• Move unit tests to a dedicated tests/ directory to improve pytest collection time. #1102
• Skip BB performance tests by default. Run them if --run-performance-tests flag is specified.
• Write Zerologon exploiter's runtime artifacts to a secure temporary directory instead of $HOME. #1143
• Put environment config options in server_config.json into a separate section named "environment". #1161
• Automatically register if BlackBox tests are run on a fresh installation. #1180
• Limit the ports used for scanning in blackbox tests. #1368
• Limit the propagation depth of most blackbox tests. #1400
• Wait less time for monkeys to die when running BlackBox tests. #1400
• Improve the structure of unit tests by scoping fixtures only to relevant modules instead of having a one huge fixture file. #1178
• Improve and rename the directory structure of unit tests and unit test infrastructure. #1178
• Launch MongoDB when the Island starts via python. #1148
• Create/check data directory on Island initialization. #1170
• Format some log messages to make them more readable. #1283
• Improve runtime of some unit tests. #1125
• Run curl OR wget (not both) when attempting to communicate as a new user on Linux. #1407

Removed

• Relevant dead code as reported by Vulture. #1149
• Island logger config and --logger-config CLI option. #1151

Fixed

• Attempt to delete a directory when monkey config reset was called. #1054
• An errant space in the windows commands to run monkey manually. #1153
• Gevent tracebacks in console output. #859
• Crash and failure to run PBAs if max depth reached. #1374

Security

• Address minor issues discovered by Dlint. #1075
• Hash passwords on server-side instead of client side. #1139
• Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174
• Implemented configuration encryption/decryption. #1189, #1204
• Create local custom PBA directory with secure permissions. #1270
• Create encryption key file for MongoDB with secure permissions. #1232

New contributors 🙌

Welcome and thanks to our new contributors: @ilija-lazoroski @kur1mi @Vertrauensstellung

Attached binaries and hashes:

Filename | Type | Version | SHA256 Hash -- | -- | -- | -- Infection_Monkey-1.11.0-x86_64.AppImage|island|1.11.0|6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2 monkey-linux-32 | agent | 1.11.0 | b0615fc0369bf6f0900e89acbc300cfe63bc754e4e3d50c2cba2dbdb2de8e511 monkey-linux-64 | agent | 1.11.0 | fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462 monkey-windows-32 | agent | 1.11.0 | e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849 monkey-windows-64 | agent | 1.11.0 | 12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a sc_monkey_runner32.so | sambacry | | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 sc_monkey_runner64.so | sambacry | | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18 tracerouter32 | traceroute | | c15a8a7612af31ff973d424c6473eb34e2ca66dddc6aef3067a1e9927e368f23 traceroute64 | sambacry | | 64d5c9c9b7c0aaf6447bd6fd439b87052fe72bba769c4de454bc1f817cffcad4

This release introduces exciting new features, performance improvements, and lots of bug fixes. To start downloading it while you read the release notes, go to the Infection Monkey website.

New Features 🆕

New exploits 💣

Infection Monkey can now exploit two new remote code execution vulnerabilities:

• Exploit CVE-2019-6340 in Drupal #669
• Exploit Zerologon CVE-2020-1472 in Windows domain controllers #846, #868, #998, #1004

AWS Zero Trust security scans with ScoutSuite 🔍

Scout Suite is an open-source cloud security-auditing tool. It queries the cloud API to gather configuration data. Based on the configuration data gathered, ScoutSuite shows security issues and risks present in your cloud infrastructure. Infection Monkey will run a ScoutSuite scan against your AWS environment and categorize any alerts according to the Zero Trust framework. #519

New MITRE ATT&CK techniques 💥

We're continuing to improve our MITRE ATT&CK capabilities. We've added four new ATT&CK techniques to Infection Monkey, for a total of 36!

• Signed script proxy execution (T1216) #776
• Account discovery(T1087) #793
• Indicator removal on host: timestomp (T1099) #796
• Clear command history (T1146) #799

Improvements ⤴

Secured dependencies using snyk.io

• #740
• #763
• #773
• #778
• #781
• #788
• #790
• #791
• #797
• #803
• #810
• #811
• #814
• #815
• #816
• #821
• #826

Performance improvements 🚤

• Use multithreading to run PBAs #696
• Refactor tornado WSGE container into gevent WSGI container #858 #862
• Add sane timeouts to reduce excessive blocking #885

Documentation improvements 📖

We've updated our documentation for readability and consistency, as well as added swimm tutorials for developers.

• Improve report documentation #887
• Updates to monkey zoo docs #927
• Copyediting #909 #932 #933 #934 #935 #936 #937 #965
• Swimm tutorials #766 #837 #850 #904
• Add high-level architecture explanation #1047

Miscellaneous

• Add Windows XP support to MS08_067 exploit #809
• Reintroduce AWS run option #865
• Update Linux deployment scripts #900

UI

• Specify a user that will run the infection monkey agent #792 #830 #838 #840
• Clarified cross-segment issue reporting #819
• Improve ATT&CK UI #820
• Modify master checkboxes to conform to human interface guidelines #920
• Provide warning icon and language for unsafe options #920
• Show "None" in zero trust report sections with zero findings #947
• Show confirmation dialog when unsafe config is submitted or imported #1000
• Show warning dialog when unsafe ATT&CK config is submitted #1006
• Clarify custom PBA field descriptions in configuration menu #1027

Bug fixes 🐛

• Scale Monkey Island map component to window size #150
• Center Guardicore logo on smaller screens #612
• Fix typo that caused missing telemetry type on Log page #689
• Redirect to login page when JWT expires #739
• Link related ATT&CK techniques of the same PBA #761
• Fix rendering in security report generation #762
• Fix PBA file upload failure #784
• Evade detection by Windows defender #801, #929
• Fix hang on update check #857
• Fix creation of scheduled jobs (PBA) #861
• Fix wrong initial state in plugin selector control #891
• Fix failing SMB exploiter #895
• Catch exceptions thrown by fingerprinters #897
• Fix logic used to detect AWS, GCP, and Azure cloud instances #902
• Fix uncaught error in ATT&CK report #948
• Fix failure to scan configured TCP ports #956
• Add missing authentication check to local_run endpoint #981
• Do not automatically execute custom PBA script #1020 #1027
• Fix pyjwt dependency at version 1.7 #1042
• Properly handle unicode decode errors #798

New contributors 🙌

Welcome and thanks to our new contributors:

• @MarketingYeti
• @mssalvatore
• @OmerRosenbaum
• @withshubh

Attached binaries and hashes:

Filename | Type | Version | SHA256 Hash -- | -- | -- | -- monkey-linux-32 | agent | 1.10.0 | a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5 monkey-linux-64 | agent | 1.10.0 | 932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93 monkey-windows-32 | agent | 1.10.0 | 8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f monkey-windows-64 | agent | 1.10.0 | 3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1 sc_monkey_runner32.so | sambacry | | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 sc_monkey_runner64.so | sambacry | | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18 tracerouter32 | traceroute | | c15a8a7612af31ff973d424c6473eb34e2ca66dddc6aef3067a1e9927e368f23 traceroute64 | sambacry | | 64d5c9c9b7c0aaf6447bd6fd439b87052fe72bba769c4de454bc1f817cffcad4

Infection Monkey 1.9.0

This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

New Features 🆕

Improved MITRE ATT&CK coverage and reporting

We're continuing to improve our MITRE ATT&CK capabilities, with many new techniques added and a new report with more information.

New ATT&CK techniques 💥

We've added 8 new ATT&CK techniques to the Monkey, which brings our total coverage to 32!

• setuid and setgid" attack technique (T1166) #702
• "Trap" attack technique (T1154) #697
• "PowerShell Profile" attack technique (T1504) #686
• "Scheduled Task" attack technique (T1053) #685
• "Local Job Scheduling" attack technique (T1168) #683
• ".bash_profile and .bashrc" attack technique (T1156) #682
• "Hidden Files and Directories" attack technique (T1158) #672
• User creation and impersonation attack technique (T1136) #579

New ATT&CK report 📊

The new report added a new status to help you discern WHY a technique was or was not attempted, so you can optimise future Monkey executions. Here's how it looks:

Improved configuration (#637) ⚙

In our effort to improve the user experience and make Monkey more accessible and useable we've revamped our entire Configuration screen! Easily control the credentials used in simulations, the target list the Monkey will scan, and which exploits the Monkey will attempt to use.

Replaced mimikatz DLL with pypykatz for better defence evasion (#471, #583) 💂‍♂️

Most AVs recognize and delete the Mimikatz DLL or even disrupt the entire Monkey installation process on Windows. We've replaced Mimikatz with pypykatz and for now, it'll be much harder for endpoint protection software to stop the Monkey.

New Documentation site and framework (#602) 📖

Due to the limited control and ease of use of the GitHub wiki, we've decided to move our documentation to a self-hosted solution based on Hugo.

See it in action here.

Monkey Island is secure by default (#596) 🔐

The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.

If you want Island to be accessible without credentials press I want anyone to access the island. Please note that this option is insecure: you should only pick this for use in development environments.

Read related documentation here.

Improvements ⤴

Secured dependencies using snyk.io

We have a new integration with snyk.io, a service which checks our dependencies for vulnerabilities! So we've locked all our dependencies (#627) and updated lots of them as well:

• #719
• #721
• #722
• #723
• #724
• #728
• #729
• #730

Improvements to our CI process

• Python import linting #727
• Added Snyk.io to our PRs to test if new vulns are added through dependencies

Other improvements

• Edge refactoring to DAL #671
• Revamps UI to bootstrap v4 #688
• Updated MongoDB version #692
• Various Typos fixed #726

Bug fixes 🐛

Everything that was fixed in 1.8.2 and:

• Reset env UI bug #666
• Handle missing binaries #485
• Fixes SMB exploiter not passing vulnerable port (thus causing redundant exploitation) #664
• Removed PTH map #691

New contributors 🙌

Welcome and thanks to our new contributors:

• @ophirharpazg
• @shreyamalviya

Attached binaries and hashes:

Filename | Type | Version | Hash -- | -- | -- | -- monkey-linux-32 | agent | 1.9.0 | 4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380 monkey-linux-64 | agent | 1.9.0 | aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956 monkey-windows-32 | agent | 1.9.0 | 67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8 monkey-windows-64 | agent | 1.9.0 | 24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068

Infection Monkey 1.8.2

This is a small maintenance release. It includes some bug fixes, some performance improvements, and some new features. To start downloading it while you read the release notes, go to the Infection Monkey website.

New Features 🆕

Summary section in Security Report (#635)

Now you can easily see the number of open ports/services and number of servers scanned in the Security Report after a monkey run. Here's how it looks:

Improvements ⤴

Performance improvements 🚤

• Stop exploiting machines that have already been exploited in the exact same manner #650
• UI size improvements and performance improvements #634 #654
• Performance testing infrastructure #632
• Zero Trust report performance improvements #645

Misc.

• PEP issues #636
• Remove WMI from non-windows deployments #644

Bug fixes 🐛

• Fixed monkey ignoring depth restrictions #642
• Fixed UI build issues #643
• Smallfixes on persistance/create user attack technique #647

Attached binaries and hashes:

• [x] @ShayNehmad

Filename | Type | Version | Hash -- | -- | -- | -- monkey-linux-32 | agent | 1.8.2 | 39D3FE1C7B33482A8CB9288D323DDE17B539825AB2D736BE66A9582764185478 monkey-linux-64 | agent | 1.8.2 | 4DCE4A115D41B43ADFFC11672FAE2164265F8902267F1355D02BEBB802BD45C5 monkey-windows-32 | agent | 1.8.2 | 86A7D7065E73B795E38F2033BE0C53F3AC808CC67478AED794A7A6C89123979F monkey-windows-64 | agent | 1.8.2 | 2E6A1CB5523D87DDFD48F75B10114617343FBAC8125FA950BA7F00289B38B550

Infection Monkey 1.8.0

This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

New Features 🆕

MITRE ATT&CK report (#491, #496, #575, #577)

In the previous version, Infection Monkey started mapping its abilities to the MITRE ATT&CK matrix. We now present these results, alongside the relevant data and mitigations, in a new report that will enable you to understand and mitigate security issues in your network in the vernacular of MITRE.

Here's how it looks:

For more details, read our blog post or watch the overview video.

OS Compatibility (#507, #527, #528, #479, #506)

Since we decided to migrate the Monkey to Python 3.7 🐍, we wanted to make sure that it will still be able to give accurate results on a myriad of operating systems, even old ones that don't support Python 3 at all.

Check out the list of supported operating systems!

This included changes to the Monkey itself and also to us forking our own version of PyInstaller with a custom bootloader.

New Zero Trust People test (#515, #517, #518)

We added another Zero Trust test to the Monkey's arsenal: the Monkey tries to create a new user that communicates with the internet. If it succeeds, this means that the network’s policies were too permissive.

See it in action in this blog post called "How to Assess Your Zero Trust Status: Monkey See, Centra Do".

Improvements ⤴

Python 3 migration (#393, #394, #469, #475, #393, #532, #486, #494)

The Monkey is now Python 3.7! 🐍 🎉 Until the next print VS print() debate creates Python 4, the Monkey is not deprecated.

Improvements to our CI process

• JS linting #482
• Automatic Unit Test coverage reports #567 #573 #576

Performance testing infrastructure #548 #547

We hope to continue improving our performance as time goes on - this infrastructure will enable automatic testing of performance using Blackbox testing.

Better versioning (#545, #543, #559)

The Monkey version string now has the specific build ID that created it as well. Both the Monkey and the Island log that version string right when booting.

Refactor exploiters, fingerprinters system information collectors (#478, #499, #521, #522, #535)

Now these subsystems are modular and easy to expand using plugins, like PBAs before them (#397).

Telemetry box UI improvements (#538, #565)

The telemetry box in the Map now shows line count and auto-scrolls to the bottom 📜

Small UX QoL improvements

• Config page label explaining that existing monkeys don't get new configuration #525
• "Start over" page now waits for a response from the server #512

Merge Infection Monkey requirements files (#500)

Simplifies our development setup by using only a single requirements file for both Infection Monkey platforms. Thanks pip 🙏

JS File Saver (#473)

Small UI code improvement, less dependencies 👍

New map icons

Bug fixes 🐛

• Blank Screen after inactivity fixed #472
• Added 404 page #501
• Prevention of circular imports #477
• Auto update copyright year #481, #468
• Various fixes to .deb deployment #533, #544, #503, #524
• Disable none from the list of networks to scan #550
• Notification wrong route #541
• Improved deploy scripts #549, #562, #564, #546
• Encrypt SSH keys in logs #523, #458
• MSSQL compatibility #492, #493
• ring bugfixes #484
• Telemetries that don't require briefs no longer throws errors in island #466

New contributors 🙌

Welcome and thanks to our new contributors:

• @shivank1234
• @PrajwalM2212
• @shreyamalviya
• @youknowone

Attached binaries and hashes:

Filename | Type | Version | Hash -- | -- | -- | -- monkey-windows-64.exe | Windows Agent | 1.8.0 | f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7 monkey-linux-64 | Linux Agent | 1.8.0 | d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6 monkey-windows-32.exe | Windows Agent | 1.8.0 | 1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08 monkey-linux-32 | Linux Agent | 1.8.0 | 217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2

Infection Monkey 1.7.0

This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website..

New Features 🆕

Zero Trust (#400)

The Monkey now tests your network against the Forrester Zero Trust eXtended framework and provides a report with actionable data and recommendations.

Read more about it in the Infection Monkey for Zero Trust product page or watch a demo video.

MITRE ATT&CK

Adds the ability to configure monkey using the MITRE ATT&CK matrix and allows to view which ATT&CK techniques were used and how in the report.

Improvements ⤴

Scanning Performance boost (#436)

The monkey now scans its target subnets in parallel, which improves runtime by 4.

Island performance boosts (#441 + #358)

The island now generates reports faster for larger amounts of network nodes by 2 orders of magnitude, which helps when dealing with larger-scale networks. Also, the report is cached if no Monkey has communicated since the last report has been generated.

Hashing all sensitive data in all logs (#438 + #444)

All potentially sensitive data is now logged hashed so no sensitive data is plain-text.

Notification when infection is done (#326)

The Island website will now send you a notification when the infection is done, so you don't need to busy wait on it.

Bug fixes 🐛

Various other bug fixes, such as:

• Vulnerability stability and success rate improvements.
• Monkey has TTL before it automatically marked as dead so report finishes in case of lost communication after network changes, shutdowns or crashes. (#313)
• Automatic black-box testing suite. (#420)
• Monkey will work on Windows machines that aren't installed on C:\. (#349)
• Not showing Linux machines in PTH credentials map. (#338)

Attached binaries and hashes:

| File | Hash (SHA256) | |----------------------- |------------------------------------------------------------------ | | monkey-linux-32 | EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D | | monkey-linux-64 | 333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA | | monkey-windows-32.exe | 603D982D4A3D8459573D016E36BCFC0AD776CE2CB7DFF965954C688AB17E1727 | | monkey-windows-64.exe | E400F0D56570215C458D6EDED63E72AC6E82819EFF2FC5969A73883261B5976E |

This is a small bugfix release, mostly around integration and packaging.

Two user facing changes.

First, we now do not request AWS access keys for different features like AWS security hub integration and remote commands on EC2 instances. We now require an IAM role to be applied to the EC2 instance where the monkey is running. For more details, check here and here

Second, the Monkey Island now checks for updates against a centralized server. At startup, a single message containing the current version is sent to a dedicated machine, and returns whether there is a new version available and a download link in case there is one.

Feature - Version checking #309 Feature - AWS integration through IAM roles #281 Bugfix - Deb does not rely on package manager mongo #301 Bugfix - ElasticGroovy exploitation now gracefully timeouts in case of errors #289 Bugfix - Struts2 attack script does not check for certificate errors #318 Bugfix - Domain related recommendations do not show up if no such recommendations exist. #278 and #304 fixes #213 Bugfix - Update Bootstrap to 3.4.1 #311

Also, the Island may now also run as a single PyInstaller packed executable, solving some deployment issues on Windows.

This is a release with plenty of cool features.

Take the Infection Monkey for a spin inside your network and let us know how it was!

New Features

• The UI can now optionally be password protected. For more information check our wiki and #260
• The Monkey can now run actions after breaching the machine. For now, we've only implemented the option to create a disabled backdoor user. #242
• Export to AWS security hub. The monkey now knows to export security findings to the AWS security hub. #221
• We can now remotely run commands on AWS EC2 instances, giving you more methods to start a simulating breach. #259
• Attack according to host names rather than IPs #189
• We can now carry our own version of traceroute for linux machines #229
• Add option to sleep between scans #240
• The monkey now also pings machines to check if they're alive, possibly bypassing some segmentation rules #243
• We have an experimental new attack. An MS-SQL exploiter that brute forces authentication and uses xp_cmdshell to attack. #147 

We also improved our deployment, making it easier for developers to set up their own instance of the Monkey (#225 and #227 )

Fixes

• Moved to wget instead of curl #238
• Make Mongo URL easy to redirect (using env variable) #197
• UI improvements #211
• Improvements to exploiters #212, #224, #249, #269,#207,#224
• Handle timeout when communicating with Island #202 And many more small bug fixes :)

A whole bunch of new features. Take the Infection Monkey for a spin inside your network and let us know how it was!

New Features:

Detect cross segment traffic! The Monkey can now easily test whether two network segments are properly separated. PR #120. The Monkey can analyse your domain for possible Pass the Hash attacks. By cross referencing information collected by Mimikatz, the Monkey can now detect usage of identical passwords, cached logins with access to critical servers and more. #170 SSH key stealing. The monkey will now steal accessible SSH keys and use them when connecting to SSH servers, PR #138. Implement a cross platform attack for Struts2 Multi-part file upload vulnerability, PR #179. Implement a cross platform attack for Oracle Web Logic CVE-2017-10271, PR #180. ElasticGroovy attack now supports Windows victims, PR #181. Hadoop cluster RCE - Abuse unauthenticated access to YARN resource manager, PR #182.

Code improvements

-- We've refactored the codebase, so now it's easier to share code between the Monkey and the Monkey Island components. PR #145. -- Mimikatz is now bundled into a password protected ZIP file and extracted only if required. Makes deployment easier with AV software. PR #169. -- Monkey Island now properly logs itself to a file and console. So if you got bugs, it'll now be easier to figure them out. PR #139. -- Systemd permissions are now properly locked down -- Fixed a situation where a successful shellshock attack could freeze the attacking Monkey. #200

We also now have a basic dockerfile available if you want to wrap up the Monkey into a container straight from Github

This is another incremental release, with the following changelist

New feature - Azure password harvesting. Detect Azure credentials at risk and the test the impact of harvesting these passwords. See #110 New feature - Improved UI for listing IPs to attack, now supports listing subnets in CIDR format or 192.168.1.30-192.168.1.40 . See #94 Bugfixes -- Fixed spurious victim discovery. Issue #108 -- 32bit Monkey installed on a 64bit windows machine will now upgrade itself itself to a 64-bit monkey version. See #104 -- Fixed encoding issues when handling unicode password credentials. See #112 -- Fixed incorrect deployment documentation -- Fixed edge cases in ElasticGroovy attack module

This is a small release, one new feature and a few bugfixes.

• New feature - Azure password harvesting. If running on an Azure VM, the Monkey will attempt to harvest password credentials used the VM Access plugin.
• Bugfixes -- Fixed spurious victim discovery -- Fix a missing python dependency in the Infection Monkey itself -- Fixed edge case in the ElasticSearch attack -- Fixed bugs in handling configuration variables in the Monkey

Thanks to everyone who reported bugs.

This version of the Infection Monkey contains

• New UI with a better map display and easier configuration
• A reporting feature with analysis of the Monkey run
• New exploits such as Sambacry and ElasticSearch pre-auth vulnerability
• Pass the Hash attacks when attacking Windows machines
• Bundled Mimikatz

You can read more in our release post https://groups.google.com/forum/#!topic/infection-monkey/xnzvtxCknt4