-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4 from andreashappe/navigation
implement navigation similar to Juergens
- Loading branch information
Showing
5 changed files
with
50 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Linux Privilege Escalation | ||
|
|
||
| These examples try to solve the following scenario: | ||
|
|
||
| - the attacker has low-level (non-`root`) access to a virtual machine through SSH. | ||
| - they know their username and the respective password | ||
| - and want to become the all powerful root user (`uid=0`) | ||
|
|
||
| ## Example Implementations | ||
|
|
||
| These examples are currently available through our github repository: | ||
|
|
||
| | Example | Domain | Summary | Described in| | ||
| | -- | -- | -- | -- | | ||
| | [initial example](https://github.com/andreashappe/offensivegraphs/blob/main/src/initial_version.py) | linux priv-esc | good first example | [initial post](../blog/posts/2024-10-10-first-steps-and-initial-version.md), [tools and configuration](../blog/posts/2024-10-11-configuration-for-tool-calls.md) | | ||
| | [react agent](https://github.com/andreashappe/offensivegraphs/blob/main/src/switch-to-react.py) | linux priv-esc | use langgraph to reduce code | [Using `create_react_agent`](../blog/posts/2024-10-12-create_react_agent.md) | | ||
| | [plan-and-execute](https://github.com/andreashappe/offensivegraphs/blob/main/src/plan_and_execute.py) | linux priv-esc | multi-layer planing | [Adding Plan-and-Execute Planner](../blog/posts/2024-10-14-plan-and-exec.md) | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Security Agents with LangGraph | ||
|
|
||
| This is our initial foray into using LangChain/LangGraph for security agents. The blog series should be usable as an introduction for new developers that want to do something similiar. | ||
|
|
||
| ## Basic Concepts | ||
|
|
||
| | Date | Blog Post | Description | | ||
| | --- | --- | --- | | ||
| | 10.10.2024 | [First Steps and Initial Version](./../blog/posts/2024-10-10-first-steps-and-initial-version.md) | Creating a first autonomous linux priv-esc agent using langgraph. Introduce `ssh connection` as Tool so that the agent can execute commands over SSH. | | ||
| | 11.10.2024 | [Improving Configuration Handling, esp. for Tools](./../blog/posts/2024-10-11-configuration-for-tool-calls.md) | Remove Hardcoded Configuration and improve Tool-Integration. | | ||
| | 12.10.2024 | [Simplify our Tool-Calling Agent through `create_react_agent`](./../blog/posts/2024-10-12-create_react_agent.md) | LangGraph offers a prebuilt react agent that highly simplifies our code (albeit does not allow us to further customize the agent flows). | | ||
|
|
||
| ## Advanced Implementations | ||
|
|
||
| | Date | Blog Post | Description | | ||
| | --- | --- | --- | | ||
| | 14.10.2024 | [Adding Plan-and-Execute Planner](./../blog/posts/2024-10-14-plan-and-exec.md) | Implement the Plan-and-Execute pattern for pen-testing. This combines a high-level task list for pen-test planing with a low-level executor that tries to execute the given high-level task against a target virtual machine. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Planning and Decision Making | ||
|
|
||
| This series investigates multiple strategies that should guide security agent towards better coverage. | ||
|
|
||
| | Date | Blog Post | Description | | ||
| | --- | --- | --- | | ||
| | 14.10.2024 | [Adding Plan-and-Execute Planner](./../blog/posts/2024-10-14-plan-and-exec.md) | Implement the Plan-and-Execute pattern for pen-testing. This combines a high-level task list for pen-test planing with a low-level executor that tries to execute the given high-level task against a target virtual machine. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters