Closed emtuls closed 4 months ago
Tagging @nos3curity @geo-lit @Menn1s for commando. We refined all of the Commando categories in August last year I think this mostly aligns with what we had created
I'm surprised those 9 don't have any tools yet.. I think we will need to circle back and take a look at those and see what can be added (such as notepad++). It may also give rise to a more fundamental issue of where we're categorizing both "phase of the attack lifecycle" and the "target environment". Seems like there will always be overlap if we do that.
As far as introducing categories to break up utilities, this seems like a great idea for clarity. Will Utilities be removed entirely? I can see Productivity Tools basically taking its place.
I agree that most of the mentioned categories either need a revamp or outright deletion, with a few exceptions - cloud, evasion, vuln analysis, and web.
Cloud is necessary, because as common as it is to integrate with AD and traditional environments, it's still a separate beast testing-wise. If we distribute cloud tools among other categories, they will be a pain to find if you are only looking to do cloud testing.
Same thing with evasion. The category is underutilized because it hasn't been a major focus for Commando, considering that our target is penetration testing, not adversary simulation. I think if we scatter the evasive tools across categories, they might be a pain to find as well, but I'm open to hearing what others say about that.
I don't mind vuln analysis getting the boot, but we need to figure out where vulnerability scanning tools should go if it's gone. If memory serves me right, we largely kept that category just because we couldn't figure out what else to classify them as.
And lastly, web is largely a placeholder category at this moment. It's been one of our plans to expand the arsenal of web tooling in Commando, however, we're still getting through other priorities.
@nos3curity could you list all of the categories we know for sure we need for Commando? I think that would help.
I'm surprised those 9 don't have any tools yet.. I think we will need to circle back and take a look at those and see what can be added (such as notepad++). It may also give rise to a more fundamental issue of where we're categorizing both "phase of the attack lifecycle" and the "target environment". Seems like there will always be overlap if we do that.
As far as introducing categories to break up utilities, this seems like a great idea for clarity. Will Utilities be removed entirely? I can see Productivity Tools basically taking its place.
notepad++
seems to just be being installed and no shortcut is placed into any category, but I think this should be adjusted. The addition of VSCode
which may be considered soon could also have this be added to Text Editors
, or we could place both of them into Productivity Tools
instead and simply get rid of Text Editors
.
I think Utilities
should stay for things related to either CommandoVM or FlareVM more directly (i.e., useful tools that directly relate to Malware Analysis or Pentesting), but not abstractable to a general usability level (think, chrome
or 7zip
type tool).
@day1player
@nos3curity could you list all of the categories we know for sure we need for Commando? I think that would help.
@nos3curity I think you have missed this comment. Could you please provide the categories you need, so that we can remove the rest?
@Ana06 apologies, here are the categories we need for Commando, might be able to time with the other PR:
@day1player Made that change in https://github.com/mandiant/VM-Packages/pull/903. Thank you!
Details
@mandiant/flare-vm @mandiant/commando-vm I recently went through all of our tool packages and noticed a few changed that I think could be made.
Unnecessary or Underused Categories
Currently, of the 35 categories we have, 9 of them have no tools associated with them:
Should we remove these categories or attempt to make use of them? For instance:
Text Editors
could likely havenotepad++
added to it, and possiblyVSCode
(not currently a package yet)Web Application
could includeBurp Suite
which is currently listed as aUtility
(though it could also go intoNetworking
)New Categories to Improve Organization and Clarity
Our largest category is
Utilities
with a total of 38 tools. I think we could possibly introduce a couple more categories to reduce this a little bit. I propose the following new categories (open to suggestions/changes):shellcode -> PE
tool we decide to go with