Version 1.11.4

Bug Fixes:

• #2263 Executor tiers are not working anymore

Pull Requests:

• Bump vite from 6.0.3 to 6.0.9 in /openbas-front by @dependabot in #2266
• [backend] Added Agent ID at the implant command level for third-party executors by @RomuDeuxfois in #2264

Full Changelog: 1.11.3...1.11.4

Version 1.11.3

Bug Fixes:

• #2247 OpenBAS server user interface does not show agent version

Pull Requests:

• [backend] bring back deprecated routes to let agents upgrade (#2247) by @guillaumejparis in #2258
• [backend] add a migration to delete hanging agent update jobs (#2247) by @guillaumejparis in #2261

Full Changelog: 1.11.2...1.11.3

Version 1.11.2

Bug Fixes:

• #2234 Need to improve our management of active/inactive endpoint status based on executors

Pull Requests:

• [tool] update renovate for release/current branch by @guillaumejparis in #2232
• [backend] pass agent active threshold to 1h (#2234) by @guillaumejparis in #2235

Full Changelog: 1.11.1...1.11.2

Version 1.11.1

Bug Fixes:

• #2230 Http injector cannot callback openbas

Pull Requests:

• [backend] fix python injector missing callback route (#2230) by @guillaumejparis in #2229

Full Changelog: 1.11.0...1.11.1

Version 1.11.0

Hello dear community! The OpenBAS 1.11.0 is out ! Hope you will enjoy it! 🎉

🐦 CrowdStrike Executor
In the continuity of our integrations with CrowdStrike and what you can already do with Tanium Client, you can now connect your CrowdStrike Falcon agent with OpenBAS to perform your simulations or atomic testing. Check out the full configuration guide in our documentation.

🤖 Prerequisites for a Dual-Agent logic
Soon, you will be able to register multiple agents on a single endpoint. We’ve already begun working on the backend and the prerequisites for it, and the full feature will be available in the next release.
For now, in order to create a new asset, you will need to install an agent. You can find detailed instructions on the agent installation page and in our documentation.

🌀 Obfuscation Options
Our agents now support multiple obfuscation techniques (Base64, Clear) for your technical injects, helping you stay under the radar and avoid detection.

📔 Documentation
We’ve been actively enhancing our documentation to provide clearer, more comprehensive guidance for our users. You can have a look a the documentation for Microsoft Sentinel and Defender here

This release also includes lots of bugs fixes and UI improvements.

As always, your feedbacks are most welcome !

Enhancements:

• #2114 Front end UI part - agent installation logic
• #2067 adapt backend on new agent logic
• #1961 Ability to select all injects with a 'select all'
• #1604 Ability to choose an obfuscator for your technical inject to avoid detection
• #1494 [ Unit testing - assets scope ] - Asset groups creation/update
• #1492 [ Unit testing - assets scope ] - endpoints creation/update
• #1491 [ Unit testing - people scope ] - teams creation/update
• #1490 [ Unit testing - people scope ] - players creation/update
• #1366 CrowdStrike Endpoint Security Executor / native integration to execute implants

Bug Fixes:

• #2203 Deleting a type representation in a mapper delete the injector contract
• #2193 Error when I apply sort on column update at on injector/:id
• #2157 Simulations: unable to input text to box in create new feedback template dialog
• #2126 Infinite Request Loop on Home Page
• #2077 In Add users to group, only the first 10 can be viewed or selected
• #2038 Technical Improvement : inject form
• #2000 Technical payload with cmd and if statement does not work
• #1985 Remove Code Associated with dryInject Feature (Backend, Frontend, DB)
• #1963 "I forgot my password" returns internal error
• #1948 Payload from Atomic Red Team is not working
• #1941 Inject in pending state
• #1936 Breadcrumb in inject details is not consistent
• #1707 Adding asset groups in bulk to inject doesn't enable them in the UI
• #1672 Useless scenario filter in the overview of a scenario
• #1642 No longer able to update inject expectations

Pull Requests:

• [frontend] remove final-form from inject form by @MarineLeM in #2042
• Breadcrumb in inject details is not consistent by @RomuDeuxfois in #2131
• [frontend] Remove attack pattern store by @RomuDeuxfois in #2044
• [frontend] Change "Add teams..." dialog into "Modify teams..." and alter behaviour (#2112) by @RomuDeuxfois in #2127
• [backend/frontend] Adapt backend on new agent logic by @isselparra in #2133
• • Fixing the card layout used to display the inject result Issue/1642 by @heditar in #2132
• Add obfuscation chunk 2 by @MarineLeM in #2090
• [backend] handle multilines with cmd by @MarineLeM in #2002
• [backend] Implement CrowdStrike native executor (#1366) by @SamuelHassine in #2154
• [backend] adding TagRule apis/repo Issue/1998 by @heditar in #2122
• [Backend] Fix password reset for users who are not logged in by @savacano28 in #2141
• [frontend] fix Textfield component by @MarineLeM in #2158
• In Add users to group, only the first 10 can be viewed or selected by @RomuDeuxfois in #2130
• [backend] Upgrade Spring Boot Starter Parent from 3.3.5 to 3.3.7 by @RomuDeuxfois in #2134
• [frontend] Update dependency apexcharts to v4.3.0 by @renovate in #2010
• [frontend] Update dependency ckeditor5 to v44 by @renovate in #2011
• [Backend]Test asset groups creation/update (#1494) by @johanah29 in #2150
• [Backend]Test player creation/update by @johanah29 in #2139
• [Backend]Test endpoints creation/update (#1492) by @johanah29 in #2155
• [Backend]Test teams creation/update (#1491) by @johanah29 in #2149
• [backend] Add the default Assets logic to scenario creation and update by @heditar in #2161
• Improvment/remove store model by @RomuDeuxfois in #2160
• [tool] Update rabbitmq Docker tag to v4 by @renovate in #1567
• [backend/frontend] update endpoint list and add endpoint overview by @savacano28 in #2153
• [frontend] add getValues on InjectDefinition by @MarineLeM in #2171
• [backend] Adapt backend on new agent logic (part 2) by @damgouj in #2162
• [backend][frontend] Ability to select all injects with a 'select all' by @impolitepanda in #2163
• [backend] Refactored TagRule to use AssetGRoup instead of Assets Issue/1998 by @heditar in #2170
• [backend] fix threshold for agent inactivity (#2067) by @guillaumejparis in #2183
• [frontend] Remove useless scenario filter in the overview of a scenario by @savacano28 in #2185
• [frontend] Update material-ui monorepo by @renovate in #2182
• [frontend] Update dependency react-intl to v7.1.0 by @renovate in #2181
• [frontend] Update dependency eslint-import-resolver-oxc to v0.8.0 by @renovate in #2180
• [frontend] Update dependency @hookform/resolvers to v3.10.0 by @renovate in #2178
• [backend] Update apache-poi monorepo to v5.4.0 by @renovate in #2175
• [backend] Update dependency com.diffplug.spotless:spotless-maven-plugin to v2.44.1 by @renovate in #2176
• [backend] Fix Server-Side Request Forgery by @RomuDeuxfois in #2136
• [backend/frontend] Delete legacy dryinjects and dryruns (#1985) by @savacano28 in #2186
• [backend/frontend] Add update at param to injector contract and add queryable property by @savacano28 in #2192
• [frontend] use client time for last ping date in sse client (#2126) by @guillaumejparis in #2187
• [tool] update renovate config to take release branch into account by @guillaumejparis in #2189
• [backend] Enforce delete injector contract by @RomuDeuxfois in #2191
• [frontend] Fix missing fields in injectForm and improve ui by @savacano28 in #2196
• [frontend] fix c...

Version 1.10.2

Bug Fixes:

• #2205 Survey link still contains the mention exercise

Full Changelog: 1.10.1...1.10.2

Version 1.10.1

Enhancements:

• #2043 OCTI x OBAS Add placeholder to TTP that could not be generated

Bug Fixes:

• #2147 Upgrade tomcat-embed-core
• #2145 Fix Internal Server Error on export of simulation
• #2144 Fix Internal Server Error on import of scenario
• #2112 Modifying targets in an inject is not working properly
• #2111 When I select injects and export them, the entire list is exported
• #1857 [ Performance issue ] -Action on pop ups are slow and can lead on multiple action
• #1842 Layout of inject lists is not correct in create injects
• #1786 [security] Unsafe Reflection
• #1783 [security] Regular expression injection

Pull Requests:

• [backend] Update dependency io.swagger.core.v3:swagger-annotations-jakarta to v2.2.27 by @renovate in #2109
• [backend] Update logback monorepo to v1.5.13 by @renovate in #2110
• [tool] Update Node.js to v22.12.0 by @renovate in #2108
• [frontend] Update typescript-eslint monorepo to v8.18.1 by @renovate in #2107
• [frontend] Update fontsource monorepo to v5.1.0 by @renovate in #2106
• [frontend] Update dependency zod to v3.24.1 by @renovate in #2103
• [frontend] Update dependency react-syntax-highlighter to v15.6.1 by @renovate in #2102
• [frontend] Update dependency globals to v15.14.0 by @renovate in #2101
• [frontend] Update emotion monorepo to v11.14.0 by @renovate in #2104
• [tool] Update template feature by @savacano28 in #2098
• updated the PR template by @heditar in #2097
• [frontend] When I select injects and export them, the entire list is exported by @isselparra in #2113
• [frontend] Update dependency @ckeditor/ckeditor5-react to v9.4.0 by @renovate in #2078
• [frontend] Update dependency @stylistic/eslint-plugin to v2.12.1 by @renovate in #2079
• [frontend] Layout of inject lists is not correct in create injects Issue/1842 by @heditar in #2095
• Migrate renovate config by @renovate in #2083
• [frontend] Update dependency dompurify to v3.2.3 by @renovate in #2082
• [backend] Add enabled property to injectInput in order to create inje… by @savacano28 in #2099
• [frontend] Update dependency eslint-import-resolver-oxc to v0.7.0 by @renovate in #2115
• [backend] Update logback monorepo to v1.5.15 by @renovate in #2117
• [frontend] Update dependency chokidar to v4.0.3 by @renovate in #2121
• [frontend] Update dependency @uiw/react-md-editor to v4.0.5 by @renovate in #2119
• [frontend] Update dependency @playwright/test to v1.49.1 by @renovate in #2118
• [frontend] Update dependency axios to v1.7.9 by @renovate in #2120
• [frontend] Update dependency react-router to v7.1.1 by @renovate in #2116
• [backend] Fix Regular expression injection by @RomuDeuxfois in #2137
• [backend] Fix unsafe Reflection by @RomuDeuxfois in #2135
• [frontend] fix: fixed adding empty filters on datatables by @impolitepanda in #2142
• [backend] Fix export exercise by @RomuDeuxfois in #2143
• [backend] Fix on 500 errors when importing a scenario (#2144) by @Dimfacion in #2146
• [backend] Upgrade tomcat-embed-core by @Dimfacion in #2148

New Contributors:

• @impolitepanda made their first contribution in #2142

Full Changelog: 1.10.0...1.10.1

Version 1.10.0

Hello dear community! The OpenBAS 1.10.0 is out ! Hope you will enjoy it! 🎉

🐦 Collector for CrowdStrike Endpoint Security

CrowdStrike is in da place ! With this new collector, you can leverage your own Crowdstrike Endpoint Security to quickly receive real-time feedback on your tests on endpoints, letting you know if your attack was detected and/or prevented.

🧩Integration openBAS & openCTI

1. Apply the right platform & architecture when generating a scenario from OCTI

We now have a platform & architecture coherence in the injects generated via OCTI, which makes the scenarios more relevant and usable in openBAS (the full integration will come with next OpenCTI minor release).

2. Have all payloads mapped with the supported architecture

In order to map correctly the architecture when creating a simulation from OCTI and to ensure the right payload is used with the right endpoint we now have all payloads mapped with an architecture x86_64, arm or both.

🏁 Precheck of the executor at the implant level

The implant now includes a precheck to ensure the specified executor is available, providing a clear message if it is not.

👀 Be able to navigate from the MITRE result of a simulation:

Results in the MITRE matrix display the inject responsible for each score, with the option to navigate to inject details by clicking on the inject name.

🔍 Access payload information from the inject detail page.

You forgot what command lines were in your inject ? No worries, you can now access your payload configuration info directly in the inject detail page !

This work included many bugs bashed, some UI improvements and update in our documentation.

Enhancements:

• #1856 Access payload information from the inject detail page
• #1611 Be able to access to the original scenario from simulation (going to parent)
• #1911 Ability to see 100 simulations of 50 injects each in the overview of a scenario in 0.5 second
• #1966 Be able to navigate from the mitre result of a simulation
• #1713 Apply the right platform & architecture when generating a scenario from OCTI
• #1488 [ Unit testing - simulation scope ] - launch/relaunch/pause of a simulation
• #1966 Be able to navigate from the mitre result of a simulation
• #1771 [security] Upgrade of postgresql JDBC driver
• #1831 Raise the interpolation and obfuscation of commands to the OpenBAS platform level
• #1850 Introduce /health endpoint
• #1752 Have all payloads mapped with the supported architecture (x86_64, arm or both)

Bug Fixes:

• #1997 "Simulation results" chart in a scenario is not accurate
• #2093 Agent and implants missing in .jar for specific arch/os
• #2091 When I have some disabled inject, simulation still On Going
• #2076 Try to install OpenBAS agent on Windows Virtual Machine failed
• #2023 OpenBAs unable to start after adding a Caldera Agent running with an Open BAs agent

Pull Requests:

• [backend/frontend] Restarting an atomic testing keeps the same Inject UUID by @isselparra in #1901
• [tool] Update Node.js to v22 by @renovate in #1873
• [frontend] Update dependency apexcharts to v4 by @renovate in #1878
• [backend] send encoded command into implant by @MarineLeM in #1935
• [backend] Upgrading to latest spring boot version by @Dimfacion in #1894
• [backend] Fixing migration number by @Dimfacion in #1989
• [backend] Add architecture to payloads (#1752) (#1922) by @savacano28 in #1918
• [backend] Adding a new "health" endpoint (#1850) by @heditar in #1950
• [backend] handle cmd variables by @MarineLeM in #2001
• [frontend] Update dependency react-router-dom to v7 by @renovate in #1914
• [frontend] Remove EndpointStore, AssetGroupStore & ArticleStore by @RomuDeuxfois in #2019
• [backend] fix (build): use correct interface to PayloadCreateInput with PayloadUtils by @antoinemzs in #2034
• [Backend]Test launch/relaunch/pause of a simulation (#1488) by @johanah29 in #2025
• [backend] Apply the right platform & architecture when generating a scenario from OCTI (#1713) by @savacano28 in #2003
• [backend/frontend] Ability to see 100 simulations in the overview of a scenario in 0.5 seconds by @isselparra in #1995
• [frontend|backend]Show prerequisites info in atomic testing (#1787) by @johanah29 in #2026
• [frontend] add button to navigate back to scenario from simulation (#1611) by @antoinemzs in #2040
• [frontend] Update dependency globals to v15.13.0 by @renovate in #2046
• [frontend] Fixing the back to administration button not working by @Dimfacion in #2087
• [frontend] Fix payload info tab not visible for simulations by @damgouj in #2084
• Fix for the bug breaking openbas when running multiple agent issue/2023 by @heditar in #2069
• [frontend] Don't add asset arch filter if payload is all archs by @antoinemzs in #2088
• [frontend] replace deprecated ListItemSecondaryAction component by @MarineLeM in #2086
• [tests] Explicitly mock Instant.now to fix test flakiness by @antoinemzs in #2089
• [backend] fix thatMustBeFinisehd query to exclude disabled injects fr… by @guillaumejparis in #2092
• [backend] Update dependency org.postgresql:postgresql to v42.7.4 by @renovate in #2073
• [backend] Update dependency com.rabbitmq:amqp-client to v5.24.0 by @renovate in #2071
• [frontend] Update dependency react-router-dom to v6.28.0 by @renovate in #2060
• [frontend] Update dependency cronstrue to v2.52.0 by @renovate in #2081
• [frontend] Update dependency @testing-library/react to v16.1.0 by @renovate in #2080
• [tool] add missing arch/os agent & implant in circle build (#2093) by @guillaumejparis in #2094
• [backend] add arm64 windows repository for agent & implant (#2093) by @guillaumejparis in #2096

Full Changelog: 1.9.2...1.10.0

Version 1.9.2

Enhancements:

• #1990 Added Windows arm management for OpenBAS agent
• #1909 Handle prerelease platform on our CI

Bug Fixes:

• #2063 Issue when using MistralAI server
• #2051 Latest Docker tag incorrectly points to a lower semantic version if it is more recent
• #2035 Error 400 with MDE collector
• #1659 Popover icon inconsistency in lists

Pull Requests:

• [backend] Overriding spring's postgresql dependency by @Dimfacion in #1967
• [frontend] Bump nanoid from 3.3.7 to 3.3.8 by @dependabot in #2024
• [frontend] Update react monorepo by @renovate in #2008
• [frontend] Update material-ui monorepo by @renovate in #2007
• [frontend] Update dependency @xyflow/react to v12.3.6 by @renovate in #1972
• [tool] update drone & circle for prerelease platform (#1909) by @guillaumejparis in #1978
• [tool] fix drone & circle for prerelease platform (#1909) by @guillaumejparis in #2032
• [tool] fix drone & circle for prerelease platform (#1909) by @guillaumejparis in #2033
• [frontend] Update dependency vite to v6 by @renovate in #2012
• [frontend] Update Yarn to v4.5.3 by @renovate in #1968
• [frontend] Update dependency mini-css-extract-plugin to v2.9.2 by @renovate in #1977
• [tool] fix circle prerelease regex (#1909) by @guillaumejparis in #2039
• [backend] Fix cron test failed by @RomuDeuxfois in #2036
• [tool] fix latest tag incorrectly points to a lower semver (#2051) by @guillaumejparis in #2052
• [Frontend]Correct popover icon (#1659) by @johanah29 in #2054
• [frontend] Update dependency react-hook-form to v7.54.1 by @renovate in #2049
• [frontend] Update dependency typescript to v5.7.2 by @renovate in #1917
• [tool/backend] fix agent & implant fetching (#1909) by @guillaumejparis in #2062
• [backend] Update dependency org.bouncycastle:bcpg-jdk18on to v1.79 by @renovate in #2059
• [backend] Update dependency io.opentelemetry:opentelemetry-bom to v1.45.0 by @renovate in #2058
• [backend] Update dependency commons-io:commons-io to v2.18.0 by @renovate in #2057
• [backend] Update dependency com.rabbitmq:amqp-client to v5.23.0 by @renovate in #2056
• [frontend] Update dependency react-redux to v9.2.0 by @renovate in #2050
• [frontend] Update dependency eslint-import-resolver-oxc to v0.6.0 by @renovate in #2045
• [frontend] remove useless package json resolutions by @guillaumejparis in #2031
• [backend] Adding the content-type header when calling MistralAI by @Dimfacion in #2064
• [frontend] Update dependency react-dropzone to v14.3.5 by @renovate in #2048
• [frontend] Update dependency html-react-parser to v5.2.0 by @renovate in #2047

Full Changelog: 1.9.1...1.9.2

Version 1.9.1

Enhancements:

• #1763 [ UI improvement ] - add tooltip on global score

Bug Fixes:

• #1992 Importing a scenario previously exported from a different OpenBAS instance fails
• #1897 Error on executable payload not handle correclty
• #1754 Documents list page is really slow
• #1714 After deleting all expectations from a technical/media/challenge inject, an expectation is added by default to inject again
• #1706 Creating a new tag from a scenario should automatically tag the scenario
• #1338 Injects randomly fail to be sent when SMTP server refuse the connection too many times
• #1028 In some cases, IMAP store of sent message can fail

Pull Requests:

• [frontend] Fixed Tag creation method #1706 by @heditar in #1957
• [backend] Update dependency ch.qos.logback:logback-core to v1.5.12 by @renovate in #1954
• [backend] Update dependency io.minio:minio to v8.5.14 by @renovate in #1955
• [backend] Update dependency ch.qos.logback:logback-classic to v1.5.12 by @renovate in #1953
• [tool] Update dependency slack to v5.1.1 - autoclosed by @renovate in #1952
• [backend] Handle errors for payloads by @damgouj in #1933
• [frontend] After deleting all expectations from a technical/media/challenge inject, an expectation is added by default to inject again by @isselparra in #1923
• [frontend] Update dependency @hookform/resolvers to v3.9.1 by @renovate in #1969
• [frontend] Update dependency @types/qs to v6.9.17 by @renovate in #1970
• [frontend] Update dependency @vitejs/plugin-react to v4.3.4 by @renovate in #1971
• [frontend] Update dependency axios to v1.7.8 by @renovate in #1973
• [frontend] Update dependency eslint-plugin-i18next to v6.1.1 by @renovate in #1974
• [frontend] Update dependency react-intl to v7 by @renovate in #1915
• [frontend] Add tooltip on global score (#1763) by @johanah29 in #1979
• [frontend] Update dependency eslint-plugin-react-refresh to v0.4.16 by @renovate in #1975
• [Backend] Refactor creation of inject expectations by @savacano28 in #1986
• [frontend] Update dependency html-react-parser to v5.1.19 by @renovate in #1976
• Improv swagger documentation by @RomuDeuxfois in #1999
• [tool] Update Node.js to v20.18.1 by @renovate in #2009
• [backend] Fix import/export with unknown contract ID by @RomuDeuxfois in #2018

Full Changelog: 1.9.0...1.9.1