search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.55k stars 764 forks source link

Include OTP in agent executable #3834

Open VakarisZ opened 8 months ago

VakarisZ commented 8 months ago

Is your feature request related to a problem? Please describe.

There are some use-cases where agents would be run by users who are not authorized to access the island. For example if you want to do a phishing simulation, you can't rely that users will not only execute the file, but will also use an OTP.

Describe the solution you'd like

We should think of a solution where we could build an OTP into the agent executable. The built-in OTP should be longer and have a long timeout (or no timeout at all). We also need to inform that the binary can be reverse-engineered to retrieve the configuration or stolen credentials.

Describe alternatives you've considered Please describe alternative solutions or features you have considered.

mssalvatore commented 8 months ago

Alternative solutions:

  1. Allow the user to configure the OTP's TTL
  2. Allow the user to configure a static "OTP".

Either of these could be useful during development.