What's Changed
Backwards-Breaking Changes
- Completely refactored UI/UX VueJS front end. #2874
- Installation/run commands changed! The first time you run Caldera, you must add the
--build
flag in order to build the VueJS UI. If you restart the server afterwards, the--build
flag is not needed. - Dropped support for Python 3.7. #2795
UI
- Summary dashboard landing page with tiles for agents, operations, adversaries, abilities, and server address. #2874
- New network and table Operation view. #2874
- Agent hosts displayed on network view with OS platform icon. #2874
- Agents are denoted by colored rings around hosts they are beaconing from, with multiple agents marked by multiple rings, and the colors denoting the status of agent. #2874
- Agents with elevated user execution privileges on their host are denoted by red tinted host OS platform icon. #2874
- Agent side panel (in network view) that shows key agent/host information. Activated when Agent/host node clicked. #2874
- Agent actions shortcut on agent side panel. #2874
- Operation action table. #2874
- Ability commands now have code syntax highlighting. #2776
- Fact sources can now be downloaded from Fact Sources view. #2874
- Added option to rename facts #2811
Plugins
- (Bug Fix) Manx Plugin: Fixed JSON decoding error fixed with short sleep to avoid timing issues.
- (Bug Fix) Debrief Plugin: Fixed bugs generating empty PDFs. mitre/debrief#67
- (New) Emu Plugin: New Turla adversary emulation plan (Caldera Adversary profile) from MITRE ATT&CK Evals. https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/turla
- (New) Sandcat Plugin: Allow architecture headers to be supplied to Sandcat agent. This allows Darwin ARM64 platforms to be compiled. mitre/sandcat#435
- Builder Plugin: Moved
docker-py
dependency from core to the Builder plugin as it is optional.
Bug Fixes
- Fixed encryption key mismatch for backups when booting Caldera locally and then with Docker. #2780
- Removed operation visibility slider as had no effect on underlying operation. #2806
- HMAC digest comparison in authorization service is now more resistant to timing attacks. #2823
- Added manually skipped Abilities to Operation report. #2822
- Fixed bug selecting the wrong executor for potential links. #2843
- Moved
donut-shellcode
python package dependency to Stockpile plugin. Dependency was moved asdonut-shellcode
package cannot (at this time) be installed on MacOS ARM chip architectures and caused install issues for Caldera core. #2874 - Fixed Ragdoll agent's timestamp format (thanks to @LwsChlds). mitre/stockpile#571
Other
- Improved checking of reasons why abilities are skipped in operations. #2623
New Contributors
- @noperse made their first contribution in #2802
- @d3vco made their first contribution in #2843
- @Avlyssna made their first contribution in #2823
Full Changelog: 4.2.0...5.0.0