anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6376523923b7c8bcd5d77d4ff0e09985e778272c
DECNET/decnet
History
anti 6376523923 feat(canary): mysql_dump generator with phone-home replica payload 
Mirrors the Canarytokens.org trick: a base64-wrapped CHANGE REPLICATION
SOURCE TO + START REPLICA block in the dump trailer. Importing the
file into MySQL resolves <slug>.<dns_zone> (DNS trip) and opens a 3306
replica handshake whose SOURCE_USER smuggles @@hostname and
@@lc_time_names of the victim DB.

DNS lookup alone is sufficient for detection via the existing canary
dns_server; capturing the smuggled metadata via a 3306 handshake
responder is a follow-up.
2026-04-27 13:52:55 -04:00
..
agent
feat(fleet): systemd unit + bus signal for fleet reconciler
2026-04-26 21:21:36 -04:00
asn
feat(asn): IP→ASN enrichment via iptoasn.com bulk dump
2026-04-25 03:58:58 -04:00
bus
feat(bus): canary token bus topics (placed/triggered/revoked)
2026-04-27 12:43:23 -04:00
canary
feat(canary): mysql_dump generator with phone-home replica payload
2026-04-27 13:52:55 -04:00
cli
feat(cli): register decnet canary subcommand + tests
2026-04-27 13:13:23 -04:00
clustering
test(clustering): full-bound passes through production campaign clusterer
2026-04-26 09:13:59 -04:00
collector
fix(collector): label-based fleet container discovery
2026-04-25 08:11:21 -04:00
correlation
feat(correlation): credential-reuse engine + reuse-correlate worker
2026-04-26 03:37:49 -04:00
engine
feat(deploy): seed canary baseline at deploy time + tests
2026-04-27 13:19:08 -04:00
fleet
feat(fleet): systemd unit + bus signal for fleet reconciler
2026-04-26 21:21:36 -04:00
geoip
feat(attackers): PTR record (reverse DNS) enrichment
2026-04-24 17:26:40 -04:00
intel
refactor(intel): re-key attacker_intel on attacker_uuid (closes DEBT-041)
2026-04-26 05:35:29 -04:00
logging
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
mutator
fix(topology/allocator): widen default subnet base to /12 for mass-scale
2026-04-24 18:57:55 -04:00
net
feat(net): stealth-egress httpx client factory
2026-04-26 04:59:34 -04:00
orchestrator
refactor(emailgen): pluggable LLM backend (base/factory/impl)
2026-04-26 22:43:36 -04:00
prober
feat(sniffer): ISN sequence classifier (reuses seq_class helper)
2026-04-26 20:30:24 -04:00
profiler
feat(sniffer): ISN sequence classifier (reuses seq_class helper)
2026-04-26 20:30:24 -04:00
services
feat(creds): DEBT-040 Phase 3 — RDP NLA / CredSSP NTLMv2 capture
2026-04-25 07:42:52 -04:00
sniffer
feat(sniffer): ISN sequence classifier (reuses seq_class helper)
2026-04-26 20:30:24 -04:00
swarm
feat(swarm): pin worker cert SHA-256 fingerprint per host
2026-04-25 03:01:15 -04:00
templates
feat(templates): standalone NTLMSSP Type 3 parser + decnet-init wrapper
2026-04-27 10:12:30 -04:00
topology
Revert "feat(mazenet): host resolution + cross-host bridge guard"
2026-04-25 03:26:19 -04:00
updater
feat(agent,forwarder,updater): publish system.<worker>.health heartbeats (DEBT-031 workers 7-9)
2026-04-21 17:02:10 -04:00
vectorstore
feat(creds): cred-reuse foundation + vectorstore scaffold
2026-04-26 03:18:34 -04:00
web
feat(api): canary token CRUD router (/api/v1/canary) + tests
2026-04-27 13:18:00 -04:00
webhook
fix(webhook/worker): self-heal when bus starts late or restarts
2026-04-24 16:39:38 -04:00
__init__.py
feat(env): run decnet.ini loader at package import; expose DECNET_MODE
2026-04-19 03:17:25 -04:00
archetypes.py
refactor(ssh): consolidate real_ssh into ssh, remove duplication
2026-04-11 19:51:41 -04:00
composer.py
fix(collector): label-based fleet container discovery
2026-04-25 08:11:21 -04:00
config_ini.py
feat(config): promote /etc/decnet/decnet.ini to real config with domain sections
2026-04-23 18:21:00 -04:00
config.py
fix(logging): don't crash the process if the system log can't be opened
2026-04-24 01:00:42 -04:00
custom_service.py
Add per-service customization, stealth hardening, and BYOS support
2026-04-04 04:08:27 -03:00
distros.py
fix: stabilize tests with synchronous DB init and handle Bandit security findings
2026-04-09 01:33:15 -04:00
env.py
fix(api): gate embedded Docker-log collector on DECNET_EMBED_COLLECTOR
2026-04-24 00:47:37 -04:00
ini_loader.py
fix: align tests with model validation and API error reporting
2026-04-13 01:43:52 -04:00
models.py
feat(swarm): DeckyConfig.host_uuid + fix agent log/status field refs
2026-04-18 19:10:25 -04:00
network.py
fix(network): sweep orphan Docker bridges that squat on our subnet
2026-04-20 23:19:42 -04:00
os_fingerprint.py
feat(os_fingerprint): Phase 2 — add icmp_ratelimit + icmp_ratemask sysctls
2026-04-10 16:41:23 -04:00
privdrop.py
fix: chown log files to sudo-invoking user so non-root API can append
2026-04-17 13:39:09 -04:00
telemetry.py
fix: resolve all ruff and bandit lint/security issues
2026-04-16 01:04:57 -04:00