Recent Releases of caldera
caldera - v5.3.0
What's Changed
- Bump jinja2 from 3.1.3 to 3.1.6 by @dependabot in https://github.com/mitre/caldera/pull/3151
- Remove/Change Python 3.8 References by @endiz in https://github.com/mitre/caldera/pull/3155
- Refactor Docker setup, follow best-practices in containerization and make caldera easier to deploy by @daw1012345 in https://github.com/mitre/caldera/pull/3114
- Bump aiohttp from 3.10.8 to 3.10.11 by @dependabot in https://github.com/mitre/caldera/pull/3089
- Replace deprecated logging function by @stefanvi in https://github.com/mitre/caldera/pull/3159
- Get manx working again by @daw1012345 in https://github.com/mitre/caldera/pull/3160
- filter 0-score facts from operation source by @uruwhy in https://github.com/mitre/caldera/pull/3167
- Fix requirements packages for tox security by @uruwhy in https://github.com/mitre/caldera/pull/3168
New Contributors
- @endiz made their first contribution in https://github.com/mitre/caldera/pull/3155
- @stefanvi made their first contribution in https://github.com/mitre/caldera/pull/3159
Full Changelog: https://github.com/mitre/caldera/compare/5.2.0...5.3.0
- Python
Published by elegantmoose about 1 year ago
caldera - v5.2.0
What's Changed
- Remove references to VITECALDERAURL and using window.location.origin for hosting address by @daw1012345 in https://github.com/mitre/caldera/pull/3115, https://github.com/mitre/magma/pull/67
- Payload downloading script fix in Emu plugin by @daw1012345 in https://github.com/mitre/emu/pull/45
New Contributors
- @daw1012345 made their first contribution in https://github.com/mitre/caldera/pull/3115
Full Changelog: https://github.com/mitre/caldera/compare/5.1.0...5.2.0
- Python
Published by elegantmoose about 1 year ago
caldera - v5.1.0
What's Changed
- added Rich logging and build warning by @elegantmoose in https://github.com/mitre/caldera/pull/2893
- Update Dockerfile to build vue for 5.0.0 by @cln-io in https://github.com/mitre/caldera/pull/2890
- Fix for ragdoll agent contact html error - #2932 by @elegantmoose in https://github.com/mitre/caldera/pull/2937
- Fix a typo in the documentation for POST /api/v2/abilities by @Guil33 in https://github.com/mitre/caldera/pull/2928
- magma repin for agent update fix by @elegantmoose in https://github.com/mitre/caldera/pull/2956
- repin magma for adversary export by @elegantmoose in https://github.com/mitre/caldera/pull/2961
- errant logging line by @elegantmoose in https://github.com/mitre/caldera/pull/2963
- repin human for selenium update by @elegantmoose in https://github.com/mitre/caldera/pull/2965
- repin stockpile for defense adv updated IDs by @elegantmoose in https://github.com/mitre/caldera/pull/2969
- manual op fix by @elegantmoose in https://github.com/mitre/caldera/pull/2973
- Have server.py automatically configure Magma .env when build flag set by @djlawren in https://github.com/mitre/caldera/pull/2977
- Makes Docker directly handle the SIGINT signal by @jbaptperez in https://github.com/mitre/caldera/pull/2983
- Feature - Manage payloads by @jbaptperez in https://github.com/mitre/caldera/pull/2989
- Uses a dedicated setting to generate the magma VITECALDERAURL variable by @jbaptperez in https://github.com/mitre/caldera/pull/2994
- Fix - dnspython version in requirements-dev.txt by @jbaptperez in https://github.com/mitre/caldera/pull/3012
- repinning magma for newpayload UI by @elegantmoose in https://github.com/mitre/caldera/pull/3017
- Fix ghost facts by @guillaume-duong-bib in https://github.com/mitre/caldera/pull/2978
- Fix - Internal Server Error 500 for ValidationError by @sasirven in https://github.com/mitre/caldera/pull/3027
- Add API functionality to update planners by @L015H4CK in https://github.com/mitre/caldera/pull/3020
- Feature - Manage schedules with cron (1/3) by @sasirven in https://github.com/mitre/caldera/pull/3025
- fix: bump aiohttp to 3.10.8 to avoid 500 errors caused by yarl issue by @b1tst0rm in https://github.com/mitre/caldera/pull/3063
- Fix - Broken tests by @jbaptperez in https://github.com/mitre/caldera/pull/3013
- Feature - Update API for schedule (2/3) by @sasirven in https://github.com/mitre/caldera/pull/3026
- add userformatstring to allow use with AD by @TomGoedeme in https://github.com/mitre/caldera/pull/3067
- fix: remove failing quality test for unsupported, obsolete Python version by @rfulwell in https://github.com/mitre/caldera/pull/3104
- 3098: fix broken Docker build by @rfulwell in https://github.com/mitre/caldera/pull/3099
- Patch for CVE-2025-27364, sanitize user-provided LDFLAG parameters by @uruwhy in https://github.com/mitre/caldera/pull/3129
- fix handler signature to address websocket errors by @uruwhy in https://github.com/mitre/caldera/pull/3134
- Bump cryptography from 42.0.2 to 44.0.1 by @dependabot in https://github.com/mitre/caldera/pull/3130
New Contributors
- @cln-io made their first contribution in https://github.com/mitre/caldera/pull/2890
- @Guil33 made their first contribution in https://github.com/mitre/caldera/pull/2928
- @jbaptperez made their first contribution in https://github.com/mitre/caldera/pull/2983
- @timbrigham-oc made their first contribution in https://github.com/mitre/caldera/pull/2997
- @guillaume-duong-bib made their first contribution in https://github.com/mitre/caldera/pull/2978
- @sasirven made their first contribution in https://github.com/mitre/caldera/pull/3027
- @psicoder85 made their first contribution in https://github.com/mitre/caldera/pull/3023
- @L015H4CK made their first contribution in https://github.com/mitre/caldera/pull/3020
- @b1tst0rm made their first contribution in https://github.com/mitre/caldera/pull/3063
- @TomGoedeme made their first contribution in https://github.com/mitre/caldera/pull/3067
- @rfulwell made their first contribution in https://github.com/mitre/caldera/pull/3104
Full Changelog: https://github.com/mitre/caldera/compare/5.0.0...5.1.0
- Python
Published by elegantmoose over 1 year ago
caldera - v5.0.0 "Magma"
What's Changed
Backwards-Breaking Changes
- Completely refactored UI/UX VueJS front end. https://github.com/mitre/caldera/pull/2874
- Dropped support for Python 3.7. https://github.com/mitre/caldera/pull/2795
UI
- Summary dashboard landing page with tiles for agents, operations, adversaries, abilities, and server address. https://github.com/mitre/caldera/pull/2874
- New network and table Operation view. https://github.com/mitre/caldera/pull/2874
- Agent hosts displayed on network view with OS platform icon. https://github.com/mitre/caldera/pull/2874
- Agents are denoted by colored rings around hosts they are beaconing from, with multiple agents marked by multiple rings, and the colors denoting the status of agent. https://github.com/mitre/caldera/pull/2874
- Agents with elevated user execution privileges on their host are denoted by red tinted host OS platform icon. https://github.com/mitre/caldera/pull/2874
- Agent side panel (in network view) that shows key agent/host information. Activated when Agent/host node clicked. https://github.com/mitre/caldera/pull/2874
- Agent actions shortcut on agent side panel. https://github.com/mitre/caldera/pull/2874
- Operation action table. https://github.com/mitre/caldera/pull/2874
- Ability commands now have code syntax highlighting. https://github.com/mitre/caldera/pull/2776
- Fact sources can now be downloaded from Fact Sources view. https://github.com/mitre/caldera/pull/2874
- Added option to rename facts https://github.com/mitre/caldera/pull/2811
Plugins
- (Bug Fix) Manx Plugin: Fixed JSON decoding error fixed with short sleep to avoid timing issues.
- (Bug Fix) Debrief Plugin: Fixed bugs generating empty PDFs. https://github.com/mitre/debrief/pull/67
- (New) Emu Plugin: New Turla adversary emulation plan (Caldera Adversary profile) from MITRE ATT&CK Evals. https://github.com/center-for-threat-informed-defense/adversaryemulationlibrary/tree/master/turla
- (New) Sandcat Plugin: Allow architecture headers to be supplied to Sandcat agent. This allows Darwin ARM64 platforms to be compiled. https://github.com/mitre/sandcat/pull/435
- Builder Plugin: Moved
docker-pydependency from core to the Builder plugin as it is optional.
Bug Fixes
- Fixed encryption key mismatch for backups when booting Caldera locally and then with Docker. https://github.com/mitre/caldera/pull/2780
- Removed operation visibility slider as had no effect on underlying operation. https://github.com/mitre/caldera/pull/2806
- HMAC digest comparison in authorization service is now more resistant to timing attacks. https://github.com/mitre/caldera/pull/2823
- Added manually skipped Abilities to Operation report. https://github.com/mitre/caldera/pull/2822
- Fixed bug selecting the wrong executor for potential links. https://github.com/mitre/caldera/pull/2843
- Moved
donut-shellcodepython package dependency to Stockpile plugin. Dependency was moved asdonut-shellcodepackage cannot (at this time) be installed on MacOS ARM chip architectures and caused install issues for Caldera core. https://github.com/mitre/caldera/pull/2874 - Fixed Ragdoll agent's timestamp format (thanks to @LwsChlds). https://github.com/mitre/stockpile/pull/571
Other
- Improved checking of reasons why abilities are skipped in operations. https://github.com/mitre/caldera/pull/2623
New Contributors
- @noperse made their first contribution in https://github.com/mitre/caldera/pull/2802
- @d3vco made their first contribution in https://github.com/mitre/caldera/pull/2843
- @avlyssna made their first contribution in https://github.com/mitre/caldera/pull/2823
Full Changelog: https://github.com/mitre/caldera/compare/4.2.0...5.0.0
- Python
Published by elegantmoose over 2 years ago
caldera - 4.2.0
What's Changed
Backwards-Breaking Changes
- Link results now return stdout and stderr separately, as a dictionary. Any non-CALDERA users of APIs/reports or any custom plugins may be effected. #2662
- Moved Atomic planner into Caldera main repo from stockpile. #2768
Plugins
- The mock plugin will no longer be officially supported.
Bug Fixes
- Fixed bug with the /operations API endpoint. #2691
- Fixed bug where newline was missing at the end of operation logs. #2693
- Fixed bug causing LDAP integration to fail. #2718
- Fixed bug with fact sources not being removed correctly. #2732
- Fixed bug causing Metasploit integration to fail.
UI
- Fixed bug where plaintext command was not displayed correctly in the UI. #2668
- Fixed bug freezing UI when deleting an operation. #2671
- Adversary profile page now displays the Adversary ID for the selected adversary. #2672
- Tabs are now pinned to the top of the page. #2695
- Fixed bug preventing manually approving links in UI. #2729
- Updated moving abilities on adversary page to be more clear. #2770
Planners
- (New!) Naive Bayes planner: selects next action based on highest probability of success, as determined from historical operation report data.
- (New!) Universal and Existential requirements: can check facts against the entire knowledge base instead of only using facts used by the command.
Other
- Link commands are now unencoded by default, but are still sent encoded if any obfuscation is used for an operation. #2698
- Added several event types to the eventing system: agent/added, fact/added, fact/updated, system/ready. #2692
- Sandcat agents now include return the "exit_code" field in results. #2713
- Sandcat agents now close out their sessions properly, preventing large sessions potentially showing up in logs.
New Contributors
- @michael-the-jones made their first contribution in https://github.com/mitre/caldera/pull/2662
- @nikstuckenbrock made their first contribution in https://github.com/mitre/caldera/pull/2691
- @pirxthepilot made their first contribution in https://github.com/mitre/caldera/pull/2693
- @M15terHyde made their first contribution in https://github.com/mitre/caldera/pull/2692
- @JamieScottC made their first contribution in https://github.com/mitre/caldera/pull/2770
Full Changelog: https://github.com/mitre/caldera/compare/4.1.0...4.2.0
- Python
Published by clenk almost 3 years ago
caldera - 4.1.0
What's Changed
Bug Patches
- Fixed "Save + Add" button on "Add Ability" modal in adversaries page so it doesn't result in an error. #2637
- Fixed a first-time startup error in the Atomic plugin resulting from a loop when parsing atomic abilities. #2657
- Fixed a bug in the Training plugin preventing the first manx flag from completing. #2638
- Fixed "(unexpected keyword argument 'loop')" error from the start_server call. #2625
Security Fixes
- Patched a XSS bug found in the Operations tab and Debrief plugin that took advantage of unsanitized input in an operation's name field. #2644
- Disclosure reports coming soon, stay tuned
- Credit to Jayson Grace from Meta's Purple Team for discovering this vulnerability
Operations Page
- Added "Operations Detail" modal on operation page that shows how the operation was configured at its start. #2558
- Tidied up row of buttons so they align better. #2615
Adversaries
(New!) "Everything Bagel" adversary: A collection of all CALDERA abilities ordered by ATT&CK tactic. Particularly useful when using the new advanced planners (see below) and want all abilities at the disposal of the planner.
(In progress) Added a missing ability to the "Worm" Adversary in the Stockpile plugin.
Planners
(New!) Look-Ahead Planner: A CALDERA planner that decides which abilities to execute based on expected future reward. (New!) Guided Planner: A CALDERA planner which makes use of "distance to goals" in a dependency graph to select the optimal next action.
New Contributors
- @jt0dd made their first contribution in https://github.com/mitre/caldera/pull/2590
- @sgianvecchio made their first contribution in https://github.com/mitre/caldera/pull/2563
- @pierregi made their first contribution in https://github.com/mitre/caldera/pull/2577
- @djmartin41041 made their first contribution in https://github.com/mitre/caldera/pull/2649
- @Morpheme777 made their first contribution in https://github.com/mitre/caldera/pull/2642
Full Changelog: https://github.com/mitre/caldera/compare/4.0.0...4.1.0
- Python
Published by argaudreau over 3 years ago
caldera - 4.0.0
What's Changed
All New User Interface
- Brand new look and feel across the entire platform.
- AlpineJS has replaced JQuery as our front-end framework.
- Bulma is our CSS framework of choice, which makes styling our templates a breeze.
- Core pages like operations, adversaries, and agents have been completely revamped to make them more powerful, insightful, and robust.
Operations Page
- Made more use of screen real estate.
- Adding a potential link now gives you the ability to edit the command before it's added.
- You can select fact values for all fact templates in a potential link, either ones from a fact source or ones collected from the operation.
Training Plugin
- UI has been refreshed to match the new UI in core CALDERA.
- Gameboard badge has been removed.
- Solution guides have been updated to reflect the changes in the new interface.
Sandcat
- Can update executors mid-operation
- New "proc" executor that directly spawns desired processes
- New "native" executor that performs various TTPs through pure Golang.
- Now provides command output for timed-out links
- New C2 channels and capabilities: SSH tunneling, FTP, Slack
Other
- REST API v2 with associated API Swagger Docs
- New open-source abilities and adversary profiles, including new collection and exfiltration capabilities.
- Timestamps in sandcat are now UTC instead of local time
- Automatic deletion of payloads is now optional
- Better storage of exfiltrated files to prevent overwriting
- More back end tests have been added
- General bug squashing and improvements
v5.0
We've begun working on v5 and are excited to bring capabilities not currently seen by automated cyber operation platforms
New Contributors
- @emmanvg made their first contribution in https://github.com/mitre/caldera/pull/2157
- @dependabot made their first contribution in https://github.com/mitre/caldera/pull/2179
- @bleepbop made their first contribution in https://github.com/mitre/caldera/pull/2188
- @neptunia made their first contribution in https://github.com/mitre/caldera/pull/2224
- @Sloane4 made their first contribution in https://github.com/mitre/caldera/pull/2211
- @CDJellen made their first contribution in https://github.com/mitre/caldera/pull/2321
- @cyber-arsenull made their first contribution in https://github.com/mitre/caldera/pull/2346
- @heatonk made their first contribution in https://github.com/mitre/caldera/pull/2373
- @bernsteinj made their first contribution in https://github.com/mitre/caldera/pull/2411
- @aapplebaum made their first contribution in https://github.com/mitre/caldera/pull/2412
- @BCHarrell made their first contribution in https://github.com/mitre/caldera/pull/2415
- @yee-jonathan made their first contribution in https://github.com/mitre/caldera/pull/2398
- @djlawren made their first contribution in https://github.com/mitre/caldera/pull/2404
- @damionmounts made their first contribution in https://github.com/mitre/caldera/pull/2424
- @zacharylc-mitre made their first contribution in https://github.com/mitre/caldera/pull/2418
- @cmagone made their first contribution in https://github.com/mitre/caldera/pull/2440
- @mshkolnik22 made their first contribution in https://github.com/mitre/caldera/pull/2536
- @ZacharyLPalmer made their first contribution in https://github.com/mitre/caldera/pull/2574
Full Changelog: https://github.com/mitre/caldera/compare/3.1.0...4.0.0
- Python
Published by wbooth almost 4 years ago
caldera - 4.0.0 Beta
What's Changed
Operations Page
- Made more use of screen space at top of page
- Adding a potential link now gives you the ability to edit the command before it's added
- You can select fact values for all fact templates in a potential link, either ones from a fact source or ones collected from the operation.
Training Plugin
- UI has been refreshed to match the new UI in core CALDERA
- Gameboard badge has been removed
- New users should be able to complete User certificate in its entirety without issue
Other
- API Docs are better documented
- Timestamps in sandcat are now UTC instead of local time
- More back end tests have been added
- General bug squashing and improvements
Full Changelog: https://github.com/mitre/caldera/compare/3.1.0...4.0.0-beta
Contributors (since last release)
@ArtificialErmine, @clenk, @argaudreau, @iguannalin, @heatonk, @bleepbop, @mchan143, @christophert, @yee-jonathan, @blackwidow0616, @djlawren, @ddavila54, @CDJellen, @wbooth, @bernsteinj, @emmanvg, @cyber-arsenull, @uruwhy, @elegantmoose, @damionmounts, @zacharylc-mitre, @cmagone, @alexanderkent, ... and more!
New Contributors
- @emmanvg made their first contribution in https://github.com/mitre/caldera/pull/2157
- @bleepbop made their first contribution in https://github.com/mitre/caldera/pull/2188
- @neptunia made their first contribution in https://github.com/mitre/caldera/pull/2224
- @Sloane4 made their first contribution in https://github.com/mitre/caldera/pull/2211
- @CDJellen made their first contribution in https://github.com/mitre/caldera/pull/2321
- @cyber-arsenull made their first contribution in https://github.com/mitre/caldera/pull/2346
- @heatonk made their first contribution in https://github.com/mitre/caldera/pull/2373
- @bernsteinj made their first contribution in https://github.com/mitre/caldera/pull/2411
- @BCHarrell made their first contribution in https://github.com/mitre/caldera/pull/2415
- @yee-jonathan made their first contribution in https://github.com/mitre/caldera/pull/2398
- @djlawren made their first contribution in https://github.com/mitre/caldera/pull/2404
- @damionmounts made their first contribution in https://github.com/mitre/caldera/pull/2424
- @zacharylc-mitre made their first contribution in https://github.com/mitre/caldera/pull/2418
- @cmagone made their first contribution in https://github.com/mitre/caldera/pull/2440
Thank you to all of the MANY builders of CALDERA, both in and out of GitHub! đ
- Python
Published by argaudreau over 4 years ago
caldera - 4.0.0 Alpha2
Bugfixes and enhancements to the 4.0.0-alpha release
What's Changed
- [VIRTS-2881] Health API v2 Pytests by @bleepbop in https://github.com/mitre/caldera/pull/2305
- virts-2891 - Planner parsing error checking by @ArtificialErmine in https://github.com/mitre/caldera/pull/2275
- [VIRTS-2877] Objectives api v2 Pytests by @bleepbop in https://github.com/mitre/caldera/pull/2283
- [VIRTS-2878] Planners v2 API Pytests by @bleepbop in https://github.com/mitre/caldera/pull/2299
- [VIRTS-2880] Sources v2 API Pytests by @bleepbop in https://github.com/mitre/caldera/pull/2307
- [VIRTS-2879] Plugins v2 API Pytests by @bleepbop in https://github.com/mitre/caldera/pull/2300
- Origin link ID storage fix by @uruwhy in https://github.com/mitre/caldera/pull/2187
- added pyminizip dependency from emu plugin by @mchan143 in https://github.com/mitre/caldera/pull/2322
- [VIRTS-3040] Fix Timestamp Error in Sources API Tests by @bleepbop in https://github.com/mitre/caldera/pull/2328
- [VIRTS-2887] Update Swagger Docs by @bleepbop in https://github.com/mitre/caldera/pull/2324
- Ops source fix by @iguannalin in https://github.com/mitre/caldera/pull/2323
- Bug fix for source-originated facts in relationships by @ArtificialErmine in https://github.com/mitre/caldera/pull/2338
- virts-2979 - Learning Service Fact Creation bugfix by @ArtificialErmine in https://github.com/mitre/caldera/pull/2340
- Fix Copy button for agent commands by @clenk in https://github.com/mitre/caldera/pull/2336
- Possible fix to Issue #2315 (affects
templates/abilities.html) by @CDJellen in https://github.com/mitre/caldera/pull/2321 - Change addPotentialLink to have ability: link in response. by @cyber-arsenull in https://github.com/mitre/caldera/pull/2346
- [VIRTS-3047] Update Config api docs by @bleepbop in https://github.com/mitre/caldera/pull/2353
- Revert profiles.html and rename showAbilityModal. by @cyber-arsenull in https://github.com/mitre/caldera/pull/2351
- Operations select dead agent bug in add potential link menu by @iguannalin in https://github.com/mitre/caldera/pull/2344
- Moved confetti.min.js to core library, updated training plugin with completed certificate message by @iguannalin in https://github.com/mitre/caldera/pull/2342
- Utc time by @uruwhy in https://github.com/mitre/caldera/pull/2355
- Change global styles to accomodate changes in debrief by @argaudreau in https://github.com/mitre/caldera/pull/2341
- Update README.md by @wbooth in https://github.com/mitre/caldera/pull/2375
- Resolve flake8 errors by @argaudreau in https://github.com/mitre/caldera/pull/2376
- Add plugin field to adversaries, abilities, and planners by @argaudreau in https://github.com/mitre/caldera/pull/2345
- [VIRTS-3255] Fix timestamp bug in v2 API Pytests by @bleepbop in https://github.com/mitre/caldera/pull/2356
- Ops UI fix by @iguannalin in https://github.com/mitre/caldera/pull/2368
- Add plugin apidocs details by @argaudreau in https://github.com/mitre/caldera/pull/2371
- Update aiohttp to 3.8.1 by @wbooth in https://github.com/mitre/caldera/pull/2382
- Bug fixes to agents page, add deadman abilities by @argaudreau in https://github.com/mitre/caldera/pull/2354
- Repin sandcat by @uruwhy in https://github.com/mitre/caldera/pull/2366
- Fix event_logs download functionality by @heatonk in https://github.com/mitre/caldera/pull/2373
New Contributors
- @iguannalin made their first contribution in https://github.com/mitre/caldera/pull/2150
- @emmanvg made their first contribution in https://github.com/mitre/caldera/pull/2157
- @dependabot made their first contribution in https://github.com/mitre/caldera/pull/2179
- @bleepbop made their first contribution in https://github.com/mitre/caldera/pull/2188
- @neptunia made their first contribution in https://github.com/mitre/caldera/pull/2224
- @Sloane4 made their first contribution in https://github.com/mitre/caldera/pull/2211
- @argaudreau made their first contribution in https://github.com/mitre/caldera/pull/2260
- @CDJellen made their first contribution in https://github.com/mitre/caldera/pull/2321
- @cyber-arsenull made their first contribution in https://github.com/mitre/caldera/pull/2346
- @heatonk made their first contribution in https://github.com/mitre/caldera/pull/2373
Thank you to the MANY builders of CALDERA on and off Github!
Full Changelog: https://github.com/mitre/caldera/compare/3.1.0...4.0.0-alpha2
- Python
Published by wbooth over 4 years ago
caldera - 4.0.0 Alpha
** Plugin UIs are still being updated so this will remain a pre-release until then
New UI
We are re-imagining the way end users interact with CALDERA. This includes large updates to the UI. Included is a new abilities screen to easily manage your extensive library.
API v2
Calling all builders! For all those who build on the CALDERA platform we have a whole new API with full documentation. Currently docs are available once you start up the server. Look for a link at the bottom of the navigation menu "api docs"
C2 Channels
We've introduced some new C2 channels, including:
- Slack
- SSH tunneling
- FTP
Agent Updates
- Sandcat agent support for new C2 channels (Slack, FTP, SSH tunneling)
- New âprocâ executor for Sandcat that will directly spawn processes using a provided executable path and arguments, rather than calling via PowerShell, sh, or cmd.
- Sandcat agents can remove executors or update executor binary paths
- Manx agents can properly run commands of longer durations.
Knowledge Service
New service created to better manage facts and information during an operation or when performing analysis
File upload/download encoding
Supports basic file encoding (plaintext and base64) for payload downloads and file uploads. To encode a downloaded payload or uploaded file, set the âx-file-encoding" HTTP header accordingly when making the download/upload request. Available data encoders are defined as Python modules in app/data_encoders. Currently supported encoders are âplain-textâ and âbase64â
Auth service
Add support for custom login handlers, as well as a new SAML authentication plugin.
Other Changes
- Dropped python 3.6 support and now testing for 3.7, 3.8, and 3.9
- We now support all browsers, Google Chrome is no longer the only supported browser
New CALDERA Contributors
- @iguannalin made their first contribution in https://github.com/mitre/caldera/pull/2150
- @emmanvg made their first contribution in https://github.com/mitre/caldera/pull/2157
- @bleepbop made their first contribution in https://github.com/mitre/caldera/pull/2188
- @neptunia made their first contribution in https://github.com/mitre/caldera/pull/2224
- @Sloane4 made their first contribution in https://github.com/mitre/caldera/pull/2211
- @argaudreau made their first contribution in https://github.com/mitre/caldera/pull/2260
Thank you to the MANY builders of CALDERA on and off Github!
Full Changelog: https://github.com/mitre/caldera/compare/3.1.0...4.0.0-alpha
- Python
Published by wbooth over 4 years ago
caldera - 3.1.0
Overview
Improvements to the training plugin, C2 Channels, and some core feature improvements
Core Features
- #2101 Server
--freshargument now backs up data todata/backupsbefore deleting data files. - #2037 Ip rule matching fix
- #2032 new DNS contact
- #2045 new operation log reporting style (events)
- #2055 fixed issue with deletion of sessions during refresh
- #2056 Sandcat agents now display all IP addresses associated with the host they are running on
- #2060 Files exfiltrated by abilities can now be downloaded through the UI
- #2088 new capability to automatically generate event logs on operation completion
New C2 Channel
- #2032 new DNS contact
Plugin Updates
Training
- A solution guide has been provided to ensure that learning caldera is even easier.
Sandcat
- Fixed bug with agents not sleeping after receiving commands, leading to extraneous c2 traffic
Stockpile
- Fixed base64 jumble and b64 no padding obfuscators
Debrief
- Fixed various bugs with the display (missing links, text overflowing)
- Python
Published by wbooth about 5 years ago
caldera - 3.0.0
Overview
Big improvements to usability, a new plugin called Emu that imports adversary emulation plans from CTID, P2P agent communication, lateral movement tracking, and more!
Plugin Updates
NEW PLUGIN: Emu
This plugin imports adversary emulation plans from the Center for Threat Informed Defense
Learn more about the support emulation plans here: https://github.com/center-for-threat-informed-defense/adversaryemulationlibrary
Debrief
Debrief is now tracking lateral movement through the new attack path graph in addition to some changes made to sandcat and core!
Learn more about the feature here: https://caldera.readthedocs.io/en/latest/Lateral-Movement-Guide.html#displaying-lateral-movement-in-debrief
Builder
Allow for dynamic compilation of C#, C, C++, and Go binaries. Code will be built in Docker containers, requiring additional setup when CALDERA starts, but reducing dependencies on the server. Both C# and Go binaries can be built with libraries/modules.
New Features
Peer-to-Peer Communication
Peer to Peer functionality allows agents within internal networks to chain together to enable beaconing and communications where a direct connection is not possible. The implementation in sandcat allows for varied channels of communication as well, so that an agent can be configured for the environment is is being deployed in. Also present in caldera is functionality for discovery of peers, so that an agent can be deployed from a generic binary and discover if there are any available peers to connect out through if direct connection to the C2 server is not possible. The CALDERA server will display the proxy chain and protocols used to facilitate the communications in the agents page.
Lateral Movement Tracking
adds in the capability for caldera to track lateral movement via the originLinkID. This is passed in as an optional command line argument when executing an agent.
Learn more about the feature here: https://caldera.readthedocs.io/en/latest/Lateral-Movement-Guide.html#displaying-lateral-movement-in-debrief
Manual Links
Allow users to run arbitrary commands on agents. Previously, only commands in abilities could be run. Add manual links from the operation screen.
Uploads
Similar to payload downloads in abilities, you can now specify file uploads in an ability YAML file. Supporting agents will upload the specified file(s) after completing an ability. File paths can be local or absolute. Before, file uploads and exfiltration were performed using hardcoded commands (curl, powershell webclient, etc) that required HTTP(s) connection to the C2. In cases where the agent is using peer-to-peer and cannot directly access the server, old file upload commands wouldnât work as intended. By adding in the upload capability as a separate ability and instruction component, supporting agents will use their contact methodâs built-in upload functionality to send file bytes upstream, whether it is directly to the C2 server or to another agent proxy peer who will forward the bytes on their behalf.
Deadman Abilities
Users can now specify deadman abilities in the agents.yml config or via the agent GUI modal to have supporting agents run them prior to termination. Whereas all agents will receive bootstrap abilities for immediate execution upon their first successful beacon, the CALDERA server will only send deadman abilities to agents who have indicated through their beacons that they support deadman abilities. An example use case for this functionality is to specify an ability that will remove the agent executable once the agent terminates, or other defense evasion abilities like clearing logs.
Other Updates
- Many various bugfixes and usability improvements
- Python
Published by wbooth over 5 years ago
caldera - 2.8.1
Overview
This release features a new plugin Debrief and numerous stability fixes.
NEW Plugin: Debrief
Get operation analytics and insights with Debrief. Export JSON and PDF operation reports straight from the UI.
Features
CALDERA Core Features
- Global event execution: trigger actions off any event in the system
- Planner Objectives configuration pane. Set objectives for operations and stop when they're achieved
- Stream notifications when no abilities execute in an operation
- Configurable C2 address in agent command windows makes it easier to launch agents with the right address
Plugin Features
- ACCESS: import Metasploit exploits into abilities
- COMPASS: support latest version of navigator
- RESPONSE: ingest elasticsearch output into CALDERA as facts or steps
- STOCKPILE: new cleanup commands
- TRAINING: new question types (multiple-choice, fill in the blank, and navigator layer)
Fixes
CALDERA Core Fixes
- Bucket Planner functionality is restored (with tests)
- Align white and gold stars in operation output
- Sources table is fixed width, all values wrap
- Prevent adding duplicate agent groups
- Rule removal was not functioning under certain circumstances
- Fix bug that had operation hang when abilities were skipped during manual mode
- update ldap3 to 2.8.1 which pins pyasn1 greater than 0.4.6
- removed status variable and updated logic to only stream one msg if the chain is empty
- Tux is used instead of ubuntu icon for *nix commands (maybe the most important fix?)
Plugin Fixes
- ATOMIC: ignore use of reserved ability variables
- SANDCAT: fix donut hanging issue
- STOCKPILE: technique name fixes
...and many more
- Python
Published by wbooth over 5 years ago
caldera - 2.6.5
Big features
- A new plugin, Training, has been added. This plugin allows a user to gain a "User Certificate" which proves their ability to use CALDERA. This is the first of several certificates planned in the future. The plugin takes you through a capture-the-flag style certification course, covering all parts CALDERA.
Small features
- You can now delete adversaries from the GUI, through a new 'delete adversary' button
- You can now create mini-ability YML files called "extensions". An extension is simply the ID + platforms sections of a given ability and can be stored as a separate file from the full ability file (which contain names, descriptions, ATT&CK info, etc). Extensions are helpful because they allow you to store custom platforms/executors in a separate plugin then the normal ones.
UI changes
N/A
Rest API changes:
N/A
Contact changes
N/A
Plugin changes:
Stockpile
- We added two new obfuscators, base64nopadding.py and caeser cipher. The former obfuscates commands by base64 encoding them and removing any padding. The latter obfuscates commands by applying a cipher which uses a shift key to change the ordinal char of each byte.
Breaking changes:
We expect plugin developers to only interact with the core system (and other plugins) through the list of services passed to their plugin and through importing the c_[object] modules in the core code. As such, each release we will highlight the changes in these two areas, as they could introduce breaking changes to a plugin.
Services
auth_svc
- A bug was fixed where we were using a convenience "bypass" of authentication for localhost.
Objects
c_agent
- a new function (privilegedtorun) was added, which accepts a given ability and returns whether the agent is privileged to run it or not.
- Python
Published by privateducky about 6 years ago
caldera - 2.6.4
Big features
- A new contact - HTML - was added to the existing set of agent contact points. This contact allows agents to communicate to the CALDERA C2 by scraping web content/DOM elements for instructions. If you navigate to the http://localhost:8888/weather webpage, you can view the HTML page configured for agents to scrape. This is a decoy web page with hidden instructions in the HTML.
- This new contact comes with a new agent, Ragdoll, which uses the contact point. Ragdoll is written in Python and it gets instructions by scraping the decoy web page, it then sends results through GET URL parameters (encoded).
- We introduced a new plugin, Training, which includes a full Red Team Operator certificate course. This is a capture-the-flag style certification to become a CALDERA subject matter expert (SME). It also teaches some basics around adversary emulation and red-teaming along the way. This is the first certificate among several coming in the future.
Small features
- The Terminal plugin has been rebranded as the Manx plugin, after the agent it contains.
- A new service was added, learningsvc, which is called whenever an agent posts results from running a command. Previously, we required all abilities to define a parser (on the ability YML) if we were going to parse the results into facts. Now, if the ability has no parser, it will go into the learningsvc and we will attempt to parse the arbitrary text blob into facts using a series of intelligent parsers. We even create inferred relationships by analyzing the existing trait combinations. We will be moving parsers off of ability YML files and into this much more dynamic form of parsing moving forward.
- Abilities can now outline variations of the command, inside its YML file. For instance, there are multiple ways to deploy an agent (in the foreground, background, in verbose mode, etc.). Instead of having separate ability YML files for each variation, you can include a variations block in the YML file and describe each command variation.
UI changes
- The agents modal on the UI now allows you to add bootstrap abilities and change the filename of any downloaded agent.
- The delivery commands for Manx and Sandcat have been moved to the agents modal under campaigns.
Rest API changes:
N/A
Contact changes
- All contacts accept a list of results instead of a single result. All built-in agents have been updated to reflect this change. This allows an agent to group results into a single call to the C2 instead of needing to send 1 beacon per result.
Plugin changes:
N/A
Breaking changes:
We expect plugin developers to only interact with the core system (and other plugins) through the list of services passed to their plugin and through importing the c_[object] modules in the core code. As such, each release we will highlight the changes in these two areas, as they could introduce breaking changes to a plugin.
Services
contact_svc
- All module-level properties have been removed and instead are being saved inside the "agents" configuration. We now persist this agents configuration file to survive each server reboot. In addition, the agents modal (on the UI) has been updated to allow you to update/change any agent config from the browser, eliminating the need to work with the conf/agents.yml manually.
Objects
c_ability
- a new concept of variations has been included. this is outlined above.
c_fact:
- an optional parameter âtechnique_id" can be used to associate a fact to a specific ATT&CK technique
- Python
Published by privateducky about 6 years ago
caldera - 2.6.0
Big features
- A new plugin - Response - was added, which allows a user to run automated incident response in the same way we run adversary emulation exercises.
- A new plugin - Atomic - was added, which imports all the open-source Red Canary tests into CALDERA as abilities
- A new plugin - Access - was added, which lays the foundation for doing initial access inside CALDERA. Included in this plugin out of the gate are a website cloner and the ability to load a rubber ducky (USB) with a Sandcat agent delivery command.
- We built out the user authentication, allowing you to log in as either a red or blue user. See the default.yml file for the default credentials for either group. Red users are intended to be red-team operators and blue users blue-team operators. Plugins can now be designated as either red or blue - and they'll be visible only to the given authentication group.
- The entire front-end was rebuilt to be modular. Each component (modal window) is now loaded dynamically on request and refreshes itself automatically.
- The terminal plugin now includes a full, realistic terminal emulator for reverse shells - which will work on any Linux, MacOS or Windows computer. This is coupled with our new Manx agent, which will spin up a reverse-shell on a host and provide the operator with the terminal emulator within the browser.
- We now automatically create reports for operations and every instruction sent to an agent - and store them in the /tmp directory when the server shuts down.
- We include bootstrap instructions - which are instructions sent to an agent on its first beacon. These are described in the conf/agents.yml.
Smaller items
- All documentation has been updated
- Python
Published by privateducky over 6 years ago
caldera - 2.5.1
Big features
- You can now run an operation with a varying amount of "visibility" (or probability of being detected). This is a new option when you start an operation, under stealth. This range is from 1 (very stealthy) to 100 (very visible). Each ability is automatically assigned a default visibility of 50 when it is loaded into the database. By default, an operation will run with a visibility=50 and it will run all abilities that are <= the visibility of the operation. When abilities are run inside of an operation, they are evaluated based on the new "adjustments" block on the fact source chosen for the operation. These adjustments look at all facts inside the operation and determine whether or not to modify an ability's visibility score. From the GUI, when the operation is running, all links which have high visibility will show up as pink. These will be accompanied by a "+" button which allows you to add them into the operation, if you'd like.
Smaller items
- Our default logging now disables, by default, all logging except for the specific logging statements within the CALDERA code base. This means all logs from external libraries (like asyncio) will be ignored.
Rest API changes:
None
Plugin changes:
Stockpile
- A few new abilities have been added
Breaking changes:
We expect plugin developers to only interact with the core system (and other plugins) through the list of services passed to their plugin and through importing the c_[object] modules in the core code. As such, each release we will highlight the changes in these two areas, as they could introduce breaking changes to a plugin.
In general
- The data/facts directory has been renamed to data/sources, globally (including in plugins).
Services
file_svc
- A new function was added: get_file
- A new function was added: createexfilsub_directory
rest_svc
- A new function was promoted from private to public: constructagentsfor_group.
baseplanningsvc
- A new base function was added: removelinksabove_visibility, which allows a planner to trim down the links according to the new visibility object score.
Objects
c_visibility:
- This is a new object, which hold information about an ability's probability of getting detected by the defense.
c_link:
- Now creates a new visibility object for each instance of c_link.
- A new function, canignore, will return whether the clink instance is in a state that can be ignored (discarded or high_viz, currently)
- A new state was added, HIGH_VIZ, which a link will be if it is determined to be high visibility (as in, higher than the operation threshold).
c_operation:
- The allow_untrusted parameter was removed. This is no longer an option.
- The max_time parameter was removed. This is no longer an option.
- A new function was added, has_fact, which will return True/False if a given trait+value pairing is in the operation fact list.
- The OUTOFTIME state has been removed
- A new optional parameter, ignoreenforcementmodules has been added.
c_source:
- A new optional parameter, adjustments, has been added. This contains all the adjusted visibility scores for abilities, as determined by the fact source passed in.
- Python
Published by privateducky over 6 years ago
caldera - 2.5.0
Big features
- Potential links is a new functionality which allows you to view all the commands from the entire TTP database that each agent could run. You can filter these by tactic and technique. At any point during a running operation, you can now add these potential links, one-by-one, to the operation. This is our second way of allowing âhuman in the loopâ behavior.
- Groups and Adversary profiles are now optional when running an operation. You can instead (or in addition) add a max operation time - which is 300 seconds by default - which will stop an operation automatically after it has been open for that duration. This means you can run an operation with no adversary but add potential links until the max operation time is hit. If you want to run an adversary-less operation you should select the operation option to keep open for max time.
- We now have automated and versioned documentation - which is now available when you click the âDocsâ tab in the navigation bar.
Smaller items
- A new YouTube video tutorial has been created. It is now linked from the project README.
- The baseworld class was given two new static functions: âgeneratenumberâ and âis_base64â
- Several new libraries were added to the requirements.txt
- The operation modal was given several new additions to show more information when running an operation. This modal also swallowed up the reports modal, as they were duplicating much of the functionality. Downloading reports can now be done through the operation modal.
Rest API changes:
- New endpoints have been created:
- /plugin/chain/potential-links (PUT): Adds potential links to an operation
- /plugin/chain/potential-links (POST): Returns all potential links for an operation
- /internals (*): Designed to return the properties of a given c_link object.
Plugin changes:
Compass
- A new plugin which allows you to view and add new adversaries from the ATT&CK matrix directly. This plugin utilizes the ATT&CK Navigator.
Mock
- This plugin was rewritten to drop scenarios (which had hard-coded results for simulated agents) and instead programmatically create random output to be used for the results. This ensures mock operations are now non-deterministic.
Sandcat
- A new C2 option was added. This new option allows you to run the same operations as before - but instead of traffic going over HTTP, it can go over GitHub private Gists. The server will add commands to a new Gist file, each agent will pick up the Gist files execute the command(s) and place the results in a new Gist file for the server to pick up and save. This way, the agents and server never directly communicate.
Stockpile
- Many new abilities (TTPs) have been added, as well as a new "Super Spy" adversary profile, which performs basic surveillance techniques.
- Two new obfuscators were added:
- Base64: encodes all commands in base64 and executes them as such, to hide the commands from the defense.
- Base64Jumble: encodes all commands in base64 - then adds some padding to make it invalid base64 text - and executes them as such. This should bypass any detection of base64 commands.
Breaking changes:
We expect plugin developers to only interact with the core system (and other plugins) through the list of services passed to their plugin and through importing the c_[object] modules in the core code. As such, each release we will highlight the changes in these two areas, as they could introduce breaking changes to a plugin.
Services
app_svc
- A new check_authorization decorator was added, which ensures any function in the code base that uses it checks if the user is logged in.
planning_svc
- The âgenerateandtrim_linksâ function was made public (it was private previously).
- Several new functions were added: âupdateplannerâ, âgetpotentiallinksâ, âapplypotentiallinksâ, âchangeoperationstateâ and âgetlink_pinâ
Objects
c_agent:
- an optional parameter âtimeoutâ was added, which will allow you to customize the timeout period per ability. Abilities previously all used a 60 second timeout without a way to modify it.
c_adversary:
- a new function âhas_abilityâ was added, which returns True/False whether the adversary contains a specific ability
c_fact:
- an optional parameter âcollected_byâ was added, which will show you which agent collected the given fact.
c_link:
- an optional parameter âpinâ was added, which will allow you to add a special string on the object for custom use. This is intended to serve as an encryption key per link - but it is currently not hooked up to anything.
- an optional parameter âidâ was added, which allows you to create a link object with a specific ID instead of the link creating its own one.
c_obfuscator:
- A new required parameter âdescriptionâ was added
c_operation:
- A new function âredacted_reportâ allows you to see a version of the report function but with sensitive data redacted.
- A new status was added to the available operation states, âOUTOFTIMEâ
- Several operation object parameters were made optional instead of required, with natural default values: obfuscator and phases_enabled.
- Two new optional parameters were added: autoclose and maxtime. Each have reasonable default values.
- A new function âis_closeableâ will determine if an operation should be closed or remain open.
- The âactive_agentsâ function was made public (it was previously private)
c_planner:
- A new required parameter âplanner_idâ was added
- Python
Published by privateducky over 6 years ago
caldera - 2.4.0
Breaking changes:
- Plugins now accept a single âservicesâ parameter, instead of âappâ and âservicesâ. The app parameter was removed because it is now accessible through the app_svc.application object, which is contained in the services list.
- The required initialize function in a pluginâs hook file has been renamed to enable. This change was made to be more transparent of the underlying functionality.
- We renamed the core conf/local.yml to conf/default.yml.
Restructuring changes:
- The core code swallowed the GUI and Chain plugins. This introduced new templates/ and static/ directories containing the front-end elements of these plugins. New restapi and restsvc modules were created to handle the back-end logic.
- The UI design was improved significantly to make it more intuitive for new users.
- We introduced CI elements to build all repositories and check for PEP-8 compliance.
- The entire backend was reworked so we could remove the SQL database entirely. All transient data is now represented in Python object form (c_ objects in the code base). All permanent data can be found in the data/results directory and data/object_store file.
- We added support for Docker container deployments of the CALDERA server.
New features:
When mentioning a âmodalâ we mean the pop-up box on the website/GUI when you select different links, such as the agents modal, adversaries modal, etc.
Agents
- When the agent is downloaded, now in addition to getting a different file hash each time, each agent gets a random file name as well. This is intended to make it more difficult to detect, as before defenses could trigger off of sandcat.go.
- We now allow you to run multiple agents on the same machine. This required converting the agent âpaw printâ (unique identifier) to a 6-character integer, instead of a combination of hostname+username.
- We now track the privilege level of the agent when it is started
- We now track the PID and hostname of each agent and show them on the agent modal
- The agents modal allows you to filter the viewable columns
- We added in 2 new delivery-commands for Windows hosts, allowing you to start the agent in memory instead of on disk. This was coupled with a change to the agent code allowing it to run this way.
Adversaries
- We added in the ability to update existing, built-in adversary profiles from the GUI.
- We added in a new pop-up modal box for viewing, updating and creating TTPs from the GUI, including uploading new payloads. Newly created abilities and adversaries will be saved in the data/ directory.
- A new concept called adversary âpacksâ was introduced, which allows you to chain adversaries together in an easy-to-use way.
Abilities
- We added in dozens of new TTP files (abilities) and several new adversary profiles.
- TTP parsers were all rewritten from regex to python, to allow for more powerful parsing of output.
- We added in ârulesâ which allows you to set boundaries around where CALDERA is allowed to move. You can create a rule to contain CALDERA to a specific IP network, not touch specific files or users, etc. A rule can be created around any fact.
Operations
- Added an option to run an operation, ignoring phases for an adversary.
- Added an option to run an operation, obfuscating all the commands. The obfuscation converts the commands to base64 and ensures they are executed that way, instead of plain-text. This feature was put in place as an extendable object, so we hope others will add obfuscation options in the future (beyond just base64). This allows a defense to test how they could detect an adversary who runs TTPs in abnormal ways.
- We added in a new scheduling feature, allowing you to schedule an operation to run daily at the same time.
- Added color-coding to the âlinksâ on the timeline view when watching a running operation. This allows you to more easily understand how the operation is progressing.
- Added a progress bar to view what % the operation is complete.
General
- 3 new GUI pages were added to the advanced tab:
1) C2: gives a description of all C2 mechanisms available 2) Planners: gives a description of all available planners. 3) Sources: shows all fact sources, and allows you to edit them. This includes the ability to view, edit and create rules for each source.
- Added a new concept called special_payloads, which allows you to define a custom function to execute when specific payloads are downloaded. Good examples of this are sandcat.go and reverse.go, both of which use this functionality to dynamically compile upon request.
Plugin changes
54ndc47
- We added in a new optional parameter called sleep, which allows you to delay the starting of the agent for n-number of seconds.
- We added a new /ping endpoint to test connectivity of the agent to the server. This was added in combination with a new interface inside the agent code, which makes adding your own C2 communication channel more accessible.
- Added new shell code executors to allow the execution of arbitrary shell code across multiple operating systems.
Mock plugin
- This plugin was extended to allow running simulated scenarios using a more fine-grained approach. Now, instead of just simulating a response per agent, you can specific a response per agent per anticipated fact used. While this sounds confusing, you may want to just take this plugin for a spin!
Terminal plugin
- This plugin was completely rewritten. Now, instead of having a terminal window pop up when using this plugin, there is a new GUI page which allows you to launch reverse-shells and manage sessions for each. This includes a basic terminal âemulatorâ so you can manually interact with any of your agents from the comfort of your browser.
- Similar to the 54ndc47 agent, the reverse-shell payload (reverse.go) will now download with a different random name each time.
- Python
Published by privateducky over 6 years ago
caldera - 2.3.0
BROKEN - USE 2.3.2, or newer.
Many new updates and breaking changes since 2.2.0.
Some key updates are:
1) The abilities format has changed, most notably around the addition of executors. 2) All mutable files (abilities, adversaries, facts and planners) are now stored in the Stockpile plugin's data/ directory. 3) The app uses an in-memory SQL database instead of a file-based DB (still SQLite, however). 4) A new plugin, terminal, adds shell capabilities. 5) Many new UI features have been added to Chain mode. 6) Two new executors, pwsh (PowerShell core) and cmd (command prompt) have been added.
- Python
Published by privateducky almost 7 years ago
caldera - 2.1.0
BROKEN - USE 2.2.0, 2.3.2, or newer.
Revamped terminal, with new view and enhanced options. This release also contains more abilities and adversaries, along with a handful of small enhancements around each component of the application.
- Python
Published by privateducky about 7 years ago
caldera - 2.0.0
BROKEN - USE 2.2.0, 2.3.2, or newer.
VERSION 2.0.0
Major code upgrade and our first official publicly released version.
This version highlights a new plugin architecture, with a core code base and a set of 5 supported plugins (git submodules).
- Python
Published by privateducky about 7 years ago