This page provides additional information about configuring monkeys, tips and tricks and creative usage scenarios.
If you want Monkey to run some kind of script or a tool after it breaches a machine, you can configure it in Configuration -> Monkey -> Post breach. Just input commands you want executed in the corresponding fields. You can also upload files and call them through commands you entered in command fields.
To improve scanning speed you could specify a subnet instead of scanning all of the local network.
The following configuration values also have an impact on scanning speed:
Infection Monkey is not limited to the scenarios mentioned in this section, once you get the hang of configuring it, you might come up with your own use case or test all of suggested scenarios at the same time! Whatever you do, Security, ATT&CK and Zero Trust reports will be waiting for you!
Use Monkey -> Persistent scanning configuration section to either have periodic scans or to increase reliability of exploitations by running consecutive Infection Monkey scans.
Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the island’s configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
To see the Monkey executing in real-time on your servers, add the post-breach action command:
wall “Infection Monkey was here”. This post breach command will broadcast a message across all open terminals on
the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server.
Let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored
inside your network. See below: