search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.55k stars 764 forks source link

Spoof malicious traffic to test network defenses #827

Open ShayNehmad opened 3 years ago

ShayNehmad commented 3 years ago

Is your feature request related to a problem? Please describe. Improve the coverage of ZT tests.

Describe the solution you'd like Monkeys should access a random subset of domains which are known to be malicious, such as PhishTank. If it manages to access the domains, fail the test.

We should store a list of 100 domains or so (not plaintext!) and choose 3 at random so the test isn't 100% predictable (like real malware :) )

This can be a simple PBA with a relevant PBA processor in post_breach.py.

ZT info:

OmriGanor commented 3 years ago

What do you mean by not plaintext? do you want to store them statically some way, or dynamically pull them at runtime from a source such as phishtank?