-
Notifications
You must be signed in to change notification settings - Fork 788
Testing plan
Shay Nehmad edited this page Feb 3, 2020
·
2 revisions
Before each release, we'd like to test the following features to make sure we're passing a high-quality bar.
| Feature | How is it tested | Notes |
|---|---|---|
| SSH user password | Monkey Zoo | SSH.conf, TUNNELING.conf |
| SSH keypair | Monkey Zoo | SSH.conf |
| WMI user password | Monkey Zoo | WMI_MIMIKATZ.conf |
| WMI PTH | Monkey Zoo | WMI_MIMIKATZ.conf |
| SMB user password | Monkey Zoo | SMB_MIMIKATZ.conf |
| SMB PTH | Monkey Zoo | SMB_MIMIKATZ.conf |
| Sambacry | UNKNOWN | |
| ElasticGroovy | Monkey Zoo | ELASTIC.conf |
| OracleWebLogic | Monkey Zoo | WEBLOGIC.conf |
| Struts2 | Monkey Zoo | STRUTS2.conf |
| Hadoop yarn | Monkey Zoo | HADOOP.conf |
| MSSQL | Monkey Zoo | MSSQL.conf (test didn't pass has a bug) |
| shellshock - apache CGI | Monkey Zoo | SHELLSHOCK.conf |
| Conficker | Not tested |
| Feature | How is it tested | Notes |
|---|---|---|
| Process list windows | NOT TESTING | |
| Process list Linux | NOT TESTING | |
| Local network interface windows | NOT TESTING | |
| Local network interface Linux | NOT TESTING | |
| Azure guest agent password-stealing | NOT TESTING | |
| Windows service discovery | NOT TESTING | |
| Environment (Cloud vs On Prem) | NOT TESTING |
| Feature | How is it tested | Notes |
|---|---|---|
| Tunneling TCP | Monkey Zoo | TUNNELING.conf |
| Tunneling HTTP | Monkey Zoo | TUNNELING.conf |
| SSH key-stealing | Monkey Zoo | SSH.conf |
| Mimikatz (Windows password hash stealing) | Monkey Zoo | SMB_MIMIKATZ.conf or WMI_MIMIKATZ.conf |
| Post-breach actions | Monkey Zoo | |
| Upgrade windows agent to 64bit | Monkey Zoo | Some blind exploiter, we need to add the ability to build 32-bit monkey in island |
| Feature | How is it tested | Notes |
|---|---|---|
| Reporting | Monkey Zoo (manual) | |
| Segmentation | Monkey Zoo (manual) | |
| AWS detection | NOT TESTING | |
| AWS listing | NOT TESTING | |
| AWS sec hub | NOT TESTING | |
| Per machine, recommendations generated | Monkey Zoo (manual) | |
| Tunneling map - edge of tunnelling created | Monkey Zoo (manual) | |
| Test status of each directive | Monkey Zoo | NOT TESTING |
| Test number of findings | Monkey Zoo | NOT TESTING |
| Feature | How is it tested | Notes |
|---|---|---|
| Deploy Debian | Manually | Should be tested by 2 different people |
| Deploy Windows | Manually | Should be tested by 2 different people |
| Deploy VMWare | Manually | Should be tested by 2 different people |
| Deploy Docker | Manually | Should be tested by 2 different people |
| Deployment script Windows | NOT TESTING | |
| Deployment script Linux | NOT TESTING |
| Feature | How is it tested | Notes |
|---|---|---|
| Full mesh network, 10 machines | Manually | All reports should load in under 3 seconds |
| 3 sub-networks, 10 machines | Manually | All reports should load in under 3 seconds |
| 3 users on the Island and 3 Monkeys simultaneously | Manually | Island should be responsive |