-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cleanup Categories #883
Comments
Tagging @nos3curity @geo-lit @Menn1s for commando. We refined all of the Commando categories in August last year I think this mostly aligns with what we had created |
I'm surprised those 9 don't have any tools yet.. I think we will need to circle back and take a look at those and see what can be added (such as notepad++). As far as introducing categories to break up utilities, this seems like a great idea for clarity. Will Utilities be removed entirely? I can see Productivity Tools basically taking its place. |
I agree that most of the mentioned categories either need a revamp or outright deletion, with a few exceptions - cloud, evasion, vuln analysis, and web. Cloud is necessary, because as common as it is to integrate with AD and traditional environments, it's still a separate beast testing-wise. If we distribute cloud tools among other categories, they will be a pain to find if you are only looking to do cloud testing. Same thing with evasion. The category is underutilized because it hasn't been a major focus for Commando, considering that our target is penetration testing, not adversary simulation. I think if we scatter the evasive tools across categories, they might be a pain to find as well, but I'm open to hearing what others say about that. I don't mind vuln analysis getting the boot, but we need to figure out where vulnerability scanning tools should go if it's gone. If memory serves me right, we largely kept that category just because we couldn't figure out what else to classify them as. And lastly, web is largely a placeholder category at this moment. It's been one of our plans to expand the arsenal of web tooling in Commando, however, we're still getting through other priorities. |
@nos3curity could you list all of the categories we know for sure we need for Commando? I think that would help. |
I think |
@nos3curity I think you have missed this comment. Could you please provide the categories you need, so that we can remove the rest? |
@Ana06 apologies, here are the categories we need for Commando, might be able to time with the other PR:
|
@day1player Made that change in #903. Thank you! |
Details
@mandiant/flare-vm @mandiant/commando-vm
I recently went through all of our tool packages and noticed a few changed that I think could be made.
Unnecessary or Underused Categories
Currently, of the 35 categories we have, 9 of them have no tools associated with them:
Should we remove these categories or attempt to make use of them?
For instance:
Text Editors
could likely havenotepad++
added to it, and possiblyVSCode
(not currently a package yet)Web Application
could includeBurp Suite
which is currently listed as aUtility
(though it could also go intoNetworking
)New Categories to Improve Organization and Clarity
Our largest category is
Utilities
with a total of 38 tools. I think we could possibly introduce a couple more categories to reduce this a little bit. I propose the following new categories (open to suggestions/changes):shellcode -> PE
tool we decide to go withThe text was updated successfully, but these errors were encountered: