You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am currently working on a new planner that tries to automatically elevate privileges only when needed. The planner executes a selection of abilities using a user agent during the operation and the goal is that it detects that an ability needs elevated privileges and then tries to start a new elevated agent, e.g. using the UAC bypass used by APT29. So far everything is clear and kind of already works as proof of concept. But how to define that an ability needs elevated privileges?
Possible solutions might include:
Define a new ability field "need_elevated" and just check if this field is true before executing the ability and act accordingly
Use a fact "got_elevated_agent" during the operation that gets created by the privilege escalation abilities and is required by the abilities that need elevated (I already implemented a planner that tries to gather required facts recursively during an operation..)
My question now is, is there a CALDERA way to define/detect that an ability needs elevated privileges?
Edit: Wow, as always I think I found the solution myself just a few minutes after opening this issue.. I do not know how I missed this the last few days.. I found the "privilege" field in c_ability.py and the usage in c_agent.py.
Looking into the tests in tests/objects/test_ability.py the solutions seems like defining the privileges as "User" or "Elevated". One can find the following example usage:
Hello there,
I am currently working on a new planner that tries to automatically elevate privileges only when needed. The planner executes a selection of abilities using a user agent during the operation and the goal is that it detects that an ability needs elevated privileges and then tries to start a new elevated agent, e.g. using the UAC bypass used by APT29. So far everything is clear and kind of already works as proof of concept. But how to define that an ability needs elevated privileges?
Possible solutions might include:Define a new ability field "need_elevated" and just check if this field is true before executing the ability and act accordinglyUse a fact "got_elevated_agent" during the operation that gets created by the privilege escalation abilities and is required by the abilities that need elevated (I already implemented a planner that tries to gather required facts recursively during an operation..)My question now is, is there a CALDERA way to define/detect that an ability needs elevated privileges?Edit: Wow, as always I think I found the solution myself just a few minutes after opening this issue.. I do not know how I missed this the last few days.. I found the "privilege" field in c_ability.py and the usage in c_agent.py.
Looking into the tests in tests/objects/test_ability.py the solutions seems like defining the privileges as "User" or "Elevated". One can find the following example usage:
The issue can be deleted or kept as archived solution in case anyone might ask themselves the same question in the future..
Best regards,
L015
The text was updated successfully, but these errors were encountered: