Ejemplo n.º 1
0
def test_pathEvaluation(render=True):
    # TODO: Make this test more useful
    root = Root("Root")
    goal = Goal("Goal")
    brain = Brain()

    # One path to vicotry (Start->a->b>c->goal)
    a = root.add(Action("A", pSuccess=100, cost=500))
    b = a.add(Action("B", pSuccess=50, cost=500))
    c = b.add(Action("C", pSuccess=50, cost=500))
    _ = c.add(goal)

    # Update model with a second path to victory (Start->a->bb->goal)
    bb = a.add(Action("BB", pSuccess=100, cost=20000))
    bb.connectTo(goal)

    paths = []
    _ = Brain().pathsToVictory(root, paths)
    print(paths)
    assert len(paths) == 2

    res = brain.evaluatePath(paths[1])  # a -> bb -> goal
    assert res["attackCost"] == 20500
    assert res["pSuccess"] == 100  # a * bb

    if render:
        Renderer().render(root=root,
                          fname=inspect.currentframe().f_code.co_name)
Ejemplo n.º 2
0
def test_insertBlockBetween_100perecent(render=False):
    # Prep
    root = Root("Start")
    goal = Goal("Finish")

    a = root.action("A")
    b = a.action("B")
    c = b.action("C")

    c.connectTo(goal)

    #Before
    assert (len(b.edges) == 1)

    # Create a  second block with a pSuccess of 100
    block = Block(label="Test Block", implemented=True, cost=5000, pDefend=100)

    # The tested function
    block.insertBetween(b, c)

    # After
    assert (
        len(b.edges) == 1
    )  # As the block has 100% chance of working, c should be unreachable
    assert (b.edges[0].childNode == block)

    if render:
        Renderer().render(root=root,
                          fname=inspect.currentframe().f_code.co_name)
Ejemplo n.º 3
0
def test_instertBlockBetweenPatiallySuccessfulActions(render=True):
    # Prep
    root = Root("Start")
    goal = Goal("Finish")

    a = root.add(Action(label="A", pSuccess=80))

    b = a.action("B")
    c = b.action("C")

    c.connectTo(goal)

    # a has an 80percent chance of working.
    # lets add a blocker that's 20% effective

    block = Block(label="Test Block", implemented=True, cost=5000, pDefend=50)

    # The tested function
    block.insertBetween(a, b)

    assert (len(a.edges) == 1)
    assert (a.edges[0].childNode == block)

    assert (len(block.edges) == 1)
    assert (block.edges[0].childNode == b)

    # The tested function:
    if render:
        Renderer().render(root=root,
                          fname=inspect.currentframe().f_code.co_name)
Ejemplo n.º 4
0
def test_insertBetween_50perecent(render=False):
    # Prep
    root = Root("Start")
    goal = Goal("Finish")

    a = root.action("A")
    b = a.action("B")
    c = b.action("C")

    c.connectTo(goal)

    # Verify prep
    assert (len(a.edges) == 1)
    assert (a.edges[0].childNode == b)

    # Create a block
    block = Block(label="Test Block", implemented=True, cost=5000, pDefend=50)

    # The tested function
    block.insertBetween(a, b)

    # After
    assert (len(a.edges) == 1)
    assert (len(block.edges) == 1)
    assert (a.edges[0].childNode.edges[0].childNode == b)

    if render:
        Renderer().render(root=root,
                          fname=inspect.currentframe().f_code.co_name)
Ejemplo n.º 5
0
def test_single_pathToVictory(render=False):
    root = Root("Root")
    goal = Goal("Goal")

    # Test with just one action
    root.add(Action(label="A")).add(goal)
    brain = Brain()
    paths = brain.pathsToVictory(root)
    print(paths)
    assert len(paths) == 1
    assert len(paths[0]) == 3

    if render:
        Renderer().render(root=root,
                          fname=inspect.currentframe().f_code.co_name)
Ejemplo n.º 6
0
def test_buildTree(render=True):
    root = basicTree()
    brain = Brain()

    # Check root is correct type
    assert isinstance(root, Root)

    paths = brain.pathsToVictory(root)

    for path in paths:
        brain.evaluatePath(path)

    assert len(paths) == 3

    if render:
        Renderer().render(root=root,
                          fname=inspect.currentframe().f_code.co_name)
Ejemplo n.º 7
0
def test_double_pathToVictory(render=True):
    root = Root("Root XX")
    goal = Goal("Goal")

    # Test with just one action
    root.add(Action(label="A")).add(goal)
    root.add(Action(label="B")).add(goal)

    brain = Brain()
    paths = brain.pathsToVictory(root)
    print(paths)
    assert(len(paths) == 2)
    assert(len(paths[0]) == 3)
    assert(len(paths[1]) == 3)

    if render:
        Renderer().render(
            root=root,
            fname=inspect.currentframe().f_code.co_name
        )
Ejemplo n.º 8
0
def test_quad_pathToVictory(render=True):
    root = Root("Root XXXX")
    goal = Goal("Goal")

    # Test with just one action
    root.add(Action(label="A")).add(goal)
    root.add(Action(label="B")).add(goal)
    root.add(Action(label="C")).add(goal)
    root.add(Action(label="D")).add(goal)

    brain = Brain()
    paths = brain.pathsToVictory(root)
    assert len(paths) == 4
    assert len(paths[0]) == 3
    assert len(paths[1]) == 3
    assert len(paths[2]) == 3
    assert len(paths[3]) == 3

    if render:
        Renderer().render(root=root,
                          fname=inspect.currentframe().f_code.co_name)
Ejemplo n.º 9
0
def test_pathEvaluationWithBlock(render=True):
    root = Root("Root")
    goal = Goal("Goal")
    brain = Brain()
    
    a = root.add(Action("A",pSuccess=100, cost=500))
    b = a.add(Action("b",pSuccess=70, cost=500))
    b.add(goal)

    paths = []
    _ = brain.pathsToVictory(root, paths)

    assert(len(paths)==1)

    res = brain.evaluatePath(paths[0])

    # Check results are correct before we add a block
    assert(res['attackCost']==1000)
    assert(res['pSuccess']==70)

    assert(a.pSuccess==100) 

    block = Block(label="FIREWALL",implemented=True,cost=0,pDefend=50)
    block.insertBetween(a,b)

    paths = []
    _ = brain.pathsToVictory(root, paths)
    res = brain.evaluatePath(paths[0])
    
    print(res)

    assert(res['attackCost']==1000)
    assert(res['pSuccess']==35)


    if render:
        Renderer().render(
            root=root,
            fname=inspect.currentframe().f_code.co_name
        )
Ejemplo n.º 10
0
from attacktree.models import Action, Block, Detect, Discovery, Edge
from attacktree.renderer import Renderer

with Renderer(root="Reality", goal="Attacker gets data from bucket") as graph:

    apiCache = Action(
        label="Search API Caches",
        chain="recon",
        cost=0,
        time=3,
        objective="Discover bucket paths",
        pSuccess=1.0,
    )
    graph.root.add(apiCache, edge_label="#Yolosec")

    s3urls = Discovery(
        label="S3 Urls",
        description="The URL paths to various S3 buckets",
        sensitivity=3,
        value=0,
    )
    apiCache.add(s3urls, edge_label="#Yolosec")

    downloadFiles = Action(
        chain="exfiltration",
        label="Download files from all buckets",
        cost=0,
        time=1,
        objective="Access confidential information stored in S3",
        pSuccess=1.0,
        detections=["CloudWatch", "DLP"],
Ejemplo n.º 11
0
def test_contextManager(render=False):
    with Renderer(root="Reality",
                  goal="Attacker gets data from bucket") as graph:
        pwd = graph.root.action("Use password")
        block = pwd.block("Block", implemented=False)
        block.connectTo(graph.goal)
Ejemplo n.º 12
0
describePods = creds.action("Call KubeAPI describe pods")
pods = describePods.discover(
    "100+ customer pods on 120 nodes\nEach customer has their own namespace")
versions = describePods.discover(
    "OLD Kubernetes versions v1.8.4, v1.9.10, v1.10.9")
anonymousAccess = describePods.discover("Kubelets run with anonymous access")

otherKubelet = anonymousAccess.action("Access another customer's kubelet")
blockedbyFirewall = otherKubelet.block("Blocked by firewall", implemented=True)

cve = versions.discover("CVE-2018-1002102 kube-api follows 302 redirect")
exploit2 = cve.action("Attempt to redirect to kube-api pod")
fail = exploit2.block(
    "ACI uses a 'bridge' POD which is not impacted by this issue",
    implemented=True)

interesting = exploit2.discover(
    "ServiceAccount in 'AuthorizationHeader' of Exec requests")
bridgeToken = interesting.discover(
    "Decoded JWT shows this token belongs to 'bridge' service")

accessReview = bridgeToken.action(
    "Call SelfSubjectAccessReview with 'bridge' token")
privs = accessReview.discover("Cluster-wide permissions\npods/exec privilege")

gameOver = privs.action("Exec into shell on kube-API")
gameOver.add(goal)

Renderer().render(root, fname="aciBreakout")
Ejemplo n.º 13
0
from attacktree.models import Action, Block, Detect, Discovery, Edge
from attacktree.renderer import Renderer

with Renderer(root="Internet", goal="Launch Containers") as graph:

    breakApplication = Action(label="RCE in application")
    graph.root.add(breakApplication)

    patch = Block(label="Keep containers up to date", implemented=True)
    breakApplication.add(patch)

    executeSiloScape = Action(label="Execute Siloscape")
    breakApplication.add(executeSiloScape)

    systemPrivileges = Discovery(label="Privileged Access")
    executeSiloScape.add(systemPrivileges)

    symLinkDrive = Action(label="SymLink root volume")
    systemPrivileges.add(symLinkDrive)

    kubeConfig = Action(label="Find Kubernetes creds on disk")
    symLinkDrive.add(kubeConfig)

    deployMalicious = Action(label="Deploy malicious containers")
    kubeConfig.add(deployMalicious)

    runWindowsContainersWithLowPrivilege = Block(
        label="Windows containers have low privilege", implemented=False)
    deployMalicious.add(runWindowsContainersWithLowPrivilege)
    deployMalicious.add(graph.goal)