Skip to content

Commit

Permalink
Docs: Expand the explanation of credentials collectors
Browse files Browse the repository at this point in the history
  • Loading branch information
mssalvatore committed Jul 16, 2024
1 parent 13948cd commit 85099ce
Showing 1 changed file with 30 additions and 9 deletions.
39 changes: 30 additions & 9 deletions docs/content/features/credentials_collectors/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,38 @@ pre: "<i class='fas fa-key'></i> "

# Credentials Collectors

## <!-- we just need this here for formatting preferences done with CSS -->
Credentials Collectors attempt to steal credentials from systems that the
Infection Monkey Agent has infected.

In real-world network attacks, malicious actors often adopt methods to extract
credentials from compromised systems. Stolen credentials enable the attackers
to further breach the environment in many ways including lateral movement,
privilege escalation, data theft, and persistence.
## Mimicking attackers

Infection Monkey has multiple credentials collectors that steal credentials from
compromised machines similarly. These credentials are used during exploitation
for brute-forcing.
In real-world network attacks, malicious actors often attempt to extract
credentials from compromised systems. Stolen credentials enable attackers to
penetrate deeper into the environment in many ways, such as lateral movement,
privilege escalation, data theft, and persistence. To mimic this behavior,
Infection Monkey has multiple plugins, called "credentials collectors", that
steal credentials from compromised hosts.

Infection Monkey provides the following credentials collectors:
## How credentials collectors work

When an Infection Monkey Agent is started, it begins the reconnaissance phase
of its attack. The first step in this phase is to use all enabled credentials
collectors to steal credentials. Any stolen credentials are then sent to the
Monkey Island, where they become immediately available for any Agent to use.

After the reconnaissance phase, the Agent will begin the propagation phase and
attempt to compromise other hosts on the network. Exploiters are Infection
Monkey plugins that attempt to spread copies of the Agent throughout the
network. Some exploiters can use the credentials stolen by credentials
collectors to gain access to other systems on the network. First, the exploiter
will query the Monkey Island to retrieve credentials that were configured by
the user and any credentials that were stolen by credentials collectors. Next,
the exploiters will use the stolen credentials to attempt to authenticate with
a target system. If authentication is successful, the exploiter will execute
the Agent on the target system, spreading the infection throughout the network.

## Techniques
To read more about the techniques Infection Monkey can use to steal
credentials, click the links below:

{{% children /%}}

0 comments on commit 85099ce

Please sign in to comment.