Skip to content
This repository has been archived by the owner on Oct 20, 2023. It is now read-only.

Beacon Name Updates #181

Merged
merged 8 commits into from
Sep 20, 2023
Merged

Beacon Name Updates #181

merged 8 commits into from
Sep 20, 2023

Conversation

arniebradfo
Copy link
Collaborator

@arniebradfo arniebradfo commented Sep 14, 2023
edited
Loading

BLDSTRIKE-602

Changes

  • display the hostName before the beacon name in almost all contexts
  • Not showing the Cobalt Strike beaconName in the computedName anymore because it is a useless string of numbers
  • truncate list Row item text when the panel is to narrow
  • add process name to UI
    • parse process out of the [meta] line in the cs-parser
    • display the process as part of the beacon's computedName
    • for Brute Ratel process, trim off the full file path name before display. Only show the process name

Screenshots

Screen Shot 2023-09-14 at 12 54 06 PM
Screen Shot 2023-09-14 at 12 55 00 PM
Screen Shot 2023-09-14 at 12 55 08 PM

@arniebradfo arniebradfo changed the title Final beacon name updates Beacon Name Updates Sep 14, 2023
arniebradfo
arniebradfo commented Sep 14, 2023
View reviewed changes
parsers/cobalt-strike-parser/src/beacon/parsingOrchestrator.machine.ts
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GoldingAustin - I did a monkey-see monkey-do on the parsing the process name in the cobalt-strike-parser. Please check this over to make sure it is correct. It does seem to work.

arniebradfo
arniebradfo commented Sep 14, 2023
View reviewed changes
applications/client/src/store/util/cleaned-queries.ts
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GoldingAustin - this seems to add the process property to the beacon metadata in the UI. Is this correct?

@arniebradfo
Copy link
Collaborator Author

arniebradfo commented Sep 14, 2023
edited
Loading

@ccarpenter28 & @sang2925, this PR significantly changes the text contents of the beacon rows. This may break tests or require new tests.

@sang2925 sang2925 merged commit 4b84407 into develop Sep 20, 2023
@sang2925 sang2925 deleted the final-beacon-name-updates branch September 20, 2023 15:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ccarpenter28 ccarpenter28 ccarpenter28 approved these changes

@GoldingAustin GoldingAustin GoldingAustin approved these changes

@sang2925 sang2925 Awaiting requested review from sang2925

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arniebradfo @GoldingAustin @ccarpenter28 @sang2925