knacky/mimic-big
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0aee6f46eb69bbd8e6beb57fb30b955c934b01ce
mimic-big/CHANGELOG.md
knacky 4ecf4b0b0e chore: tighten gitignore, align README stack, formalize D-010 (Ansible) 
- .gitignore: add Keycloak/Mythic/Fernet secret patterns (pfx, p12, token, kdbx,
  credentials.json, secrets.json, service-account*.json), MSVC artifacts
  (lib, exp, idb, ilk, tlog), dedup dist/build/ between Python and Node blocks.
- README.md: align Storage line on H38 (testcontainers Postgres for Postgres-
  specific behavior, incl. unit tests of audit log / RBAC / write-only role).
- README.md: align Deploy line on D-007/D-010 — Docker + Ansible playbook,
  reverse proxy explicitly out-of-Mimic.
- README.md: add proprietary internal use notice.
- CHANGELOG.md: convert markdown link to inline URL (no dangling reference).
- tasks/spec-decisions.md: add D-010 (Ansible for deployment playbook).

Addresses code-reviewer M1/M2/M3 + N2/N3/N4/N6 on commit 047583e.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 20:16:40 +02:00

1.4 KiB
Raw Blame History

Changelog

All notable changes to Mimic. Format inspired by Keep a Changelog (https://keepachangelog.com). Versioning starts at 0.1.0 when sprint 0 lands.

[Unreleased]

Team decisions (2026-05-21)

  • Q1 — SOC client collaboration in the live cockpit is assumed valid (no PoC sheet).
  • Q2 — Mimic is deployed on RT infrastructure (not at client). SOC client connects over the internet through the existing RT reverse proxy (out of Mimic scope).
  • Q3 — Project framed as "improve the existing shared sheet workflow", not "rebuild Caldera".
  • T2 — C2 credentials stored in a dedicated c2_credential table with version + retirement (Fernet-encrypted config_json). Active row per engagement = retired_at IS NULL, max version.
  • T3 — Jinja templating exposes two accessors: {{outputs.text}} (stdout) and {{outputs.blob("key")}} (binary, 10 MB cap, UTF-8 with latin-1 fallback).
  • T4soc_session.token_opaque stores a bcrypt hash; the clear token is delivered out-of-band and never re-displayable.
  • Auth — v1: local user/password (bcrypt + Flask session). v2: Keycloak OIDC mapping onto the same group model. RBAC is group-based from day one.

Sprint 0 in progress

Repo skeleton, data model, C2Connector ABC, Jinja2 sandbox, local auth + RBAC, flat CRUD, UX wireframes (mock data). No real connector, no reporting until PR1/PR2/PR3 land.

Reference in New Issue View Git Blame Copy Permalink