search

mitre / caldera

Automated Adversary Emulation Platform
https://caldera.mitre.org
Apache License 2.0
5.54k stars 1.06k forks source link

Agent Cleanup #1830

Closed jetbennett closed 3 years ago

jetbennett commented 4 years ago

I would like to have an agent remove exploits/evidence after losing contact with the server (once the Watchdog value is exceeded). Is there currently a mechanism to do this?

Example:

  1. Blue team notices something is off
  2. Blue team disconnects target from the network
  3. Agent counters by wiping evidence/ doing some anti-forensics.

Enhancement Suggestion: Implement a "Dead Man's Ability" that an Agent executes just prior to termination (similar idea to Bootstrap Abilities).

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 20 days with no activity. Remove stale label or comment or this will be closed in 5 days

wbooth commented 3 years ago

this is in, thanks @uruwhy !