facebookincubator / TTPForge / 15932629094
66%
main: 67%

LAST BUILD BRANCH: export-D89671295
DEFAULT BRANCH: main
Ran
Jobs 1
Files 59
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 65.927%. First build
15932629094

Pull #541

github

facebook-github-bot 
Adding Kill Action to TTPForge

Summary:
# Adding Kill Action to TTPForge
## Summary
This diff introduces a new feature to the TTPForge framework, enabling the simulation of process killing on various operating systems, including Linux, MacOS, and Windows. This feature allows for more realistic and complex attack scenarios. The implementation includes action code, unit tests, utility functions & their tests, and example TTPs for Unix and Windows systems.

## Context
Many malware variants employ process killing as a tactic to create fake processes, facilitate DLL hijacking, and achieve other malicious objectives. Currently, TTPForge developers must manually rewrite the process killing code for each new implementation, which can be time-consuming and inefficient. With this update, we aim to streamline the development process by providing a reusable framework for process killing, thereby empowering developers to focus on creating more complex and realistic TTPs. 

## Impact
The added functionality allows for more realistic attack simulations, ultimately enhancing the security posture of organizations using the framework.

## Fields
You can specify the following YAML fields for the `kill_process:` action:
- `kill_process_id:` (type: `string`) the process ID of the process that you wish to kill
- `kill_process_name:` (type: `string`) the process name of the processes that you wish to kill

## Note
* If both `kill_process_id` and `kill_process_name` are specified, the action will only consider terminate the process with the specified process ID.

## References
* [TTPForge](https://github.com/facebookincubator/TTPForge/)
* [TTPForge Wiki](https://www.internalfb.com/wiki/Offensive_Security_Group/Projects/TTPForge_0/) 
* [TTPForge Developer Guide](https://www.internalfb.com/wiki/Offensive_Security_Group/Projects/TTPForge_0/Developer_Guide/)
* [Guide to Creating New TTPs in TTPForge](https://docs.google.com/document/d/1jJdg1A-SdlyKH_t3MLK5Vjh5LveGUTCujXkow4Zc82... (continued)
Pull Request #541: Adding Kill Action to TTPForge

89 of 105 new or added lines in 3 files covered. (84.76%)

2198 of 3334 relevant lines covered (65.93%)

17.23 hits per line

New Missed Lines in Diff

Lines Coverage File
4
73.33
 pkg/processutils/processutils.go
12
86.52
 pkg/blocks/killprocess.go
Jobs
ID Job ID Ran Files Coverage
1 15932629094.1 59
65.93
 GitHub Action Run
Source Files on build 15932629094