Skip to content

Version 1.2.0

Compare
Choose a tag to compare
@Filigran-Automation Filigran-Automation released this 01 Jul 21:14
· 520 commits to master since this release
d3a09d2

Hi dear community! It is release time for OpenBAS! We’re happy to introduce new great functionalities, some of them suggested by community members! 🤜🤛

As always, your feedbacks & requests will be very valuable to help us shape this exciting new product. Please let us know how you would see the product evolve and what feature would be game changing for your industry! ✨

OpenBAS Implant

We celebrated the introduction of our own OpenBAS Agent in 1.1. To fulfill the workflow and as promised, we are proud to introduce our own Implant. A quick reminder: The Agent ensures the completion of the whole simulation by spawning temporary Implants responsible for executing payloads and ultimately being caught by your security systems! The new OpenBAS implant will allow us an enhanced malicious actions’ execution and less likeliness to be detected than the Caldera one, improving our overall capacity to test evaluate your systems’ response! 🚀

Security platforms

Integrating OpenBAS with security platforms will be a long road. We’ve already integrated with some of the most popular, but what if your integration is not there yet? You may want to assess manually if they catch your payloads… With OpenBAS 1.2, you now can define security platforms through the UI and add manual expectations for them in your injects, while we keep working on more integration and automatization of your favorite tools. 🥳

Verified Payloads

OpenBAS 1.2 also introduces the Unverified/Verified custom Payloads. Integrations, like the one with Atomic Red Team, can generate a lot of custom payloads to be used into your Simulations. Such integrations are a really great way to get immediate value through OpenBAS. But some payloads imported through integration might not be up-to-date. Filigran team is dedicated to bring the most value possible and will work on verifying payloads imported through official integrations! ✅

Duplicate Payloads

Having a library of Payloads through integration is great, but editing them to fit your exact use cases is better ! With the duplication of payloads, you can now create custom payload based on our existing one to customize them following your needs, and not to have to reinvent the wheel. 😎

Enhancements:

  • #1173 Be able to duplicate payloads
  • #1165 Implement security platform assets associated to collectors
  • #1105 Create dummy collectors placeholder and be able to validate manually its technical expectation
  • #1087 Introducing OpenBAS Implant (Injector)
  • #1065 Sort simulation by updated date
  • #1058 Creating an Scenario, simulation or atomic testing should redirect you to the page of the element created
  • #1056 UI - In the navigation group scenario with simulation and atomic testing

Bug Fixes:

  • #1141 After deleting a payload, atomic testing is throwing an error when accessing
  • #1132 Be able to filter users on admin property
  • #1130 Import simulation error 500 - Not working
  • #1129 When exporting then importing a scenario, all expectations are lost
  • #1126 Using change tone for an existing email is displaying wrong options
  • #1121 the select inject panel can make a scenario page crash
  • #1110 When editing an endpoint without description, form cannot be validated
  • #1091 Scenario scores go up to 200% when they have no result to show
  • #1045 Team score over time in % of expectations is not correctly computed
  • #1040 When scheduling a scenario once, then simulation is done, scenario is still marked as "scheduled"
  • #1021 Expectations cumulating in front in the validations screen
  • #950 Inject: Broken filter for the ATT&CK matrix
  • #883 [Inject] The layout of the image in an email body doesn't seem to work

Pull Requests:

New Contributors:

Full Changelog: 1.1.1...1.2.0