Update demo projects

demo_data/htb-demo-projects/NOTICE

@@ -0,0 +1,105 @@
+This file contains licenses of components used in the HTML/Vue template source code of designs.
+
+vue
+MIT
+The MIT License (MIT)
+
+Copyright (c) 2018-present, Yuxi (Evan) You
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+chart.js
+MIT
+The MIT License (MIT)
+
+Copyright (c) 2014-2022 Chart.js Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+chartjs-plugin-datalabels
+MIT
+The MIT License (MIT)
+
+Copyright (c) 2017-2021 chartjs-plugin-datalabels contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+lodash
+MIT
+The MIT License
+
+Copyright JS Foundation and other contributors <https://js.foundation/>
+
+Based on Underscore.js, copyright Jeremy Ashkenas,
+DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
+
+This software consists of voluntary contributions made by many
+individuals. For exact contribution history, see the revision history
+available at https://github.com/lodash/lodash
+
+The following license applies to all parts of this software except as
+documented below:
+
+====
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+====
+
+Copyright and related rights for sample code are waived via CC0. Sample
+code is defined as all source code displayed within the prose of the
+documentation.
+
+CC0: http://creativecommons.org/publicdomain/zero/1.0/
+
+====
+
+Files located in the node_modules and vendor directories are externally
+maintained libraries used by this software which have their own
+licenses; we recommend you read them, as their terms may differ from the
+terms above.
+

demo_data/htb-demo-projects/cbbh.toml

@@ -0,0 +1,129 @@
+format = "projects/v2"
+id = "bb4eddb5-eead-48ab-9416-181bb6ddaeb2"
+name = "CBBH Exam Report"
+language = "en-US"
+tags = []
+members = []
+override_finding_order = false
+images = []
+
+[[sections]]
+id = "overview_summary"
+status = "in-progress"
+
+[[sections]]
+id = "appendix"
+status = "in-progress"
+
+[[sections]]
+id = "meta"
+status = "in-progress"
+
+[[sections]]
+id = "document_control"
+status = "in-progress"
+
+[[sections]]
+id = "executive_summary"
+status = "in-progress"
+
+[report_data]
+title = "CBBH Exam Report"
+web_application_summary = "{{ report.candidate.name }} began all testing activities from the perspective of an unauthenticated user on the internet. {{ report.customer_short }} provided the tester with a single URL and IP address but did not provide additional information such as operating system or configuration information."
+finding_summary = "During the course of testing, {{ report.candidate.name }} uncovered a total of {{ finding_stats.count_total }} findings that pose a material risk to {{ report.customer_short }}’s information systems. The below chart provides a summary of the findings by severity level."
+appendix_flags = """
+| Flag # | Application | Flag Value | Flag Location | Method Used |
+| ------- | ------- | ------- | ------- | ------- |
+| 1. | TODO HOSTNAME   | TODO HTB RANDOM VALUE    |  TODO Web root   |  TODO Command Injection (example)  |
+| 2. | | | | |
+| 3. | | | | |
+| 4. | | | | |
+| 5. | | | | |
+| 6. | | | | |
+| 7. | | | | |
+| 8. | | | | |
+| 9. | | | | |
+| 10. | | | | |
+"""
+appendix_additional_sections = []
+customer_full = "TODO Customer Ltd."
+customer_short = "TODO Customer"
+pentest_approach = "BLACKBOX"
+report_version = "TODO 1.0"
+customer_contacts = []
+executive_summary = """
+{{ report.customer_full }} (“{{ report.customer_short }}” herein) invited {{ report.candidate.name }} to a private bug bounty program to perform a targeted Web Application Penetration Test of {{ report.customer_short }}’s externally facing web applications to identify high-risk security weaknesses, determine the impact to {{ report.customer_short }}, document all findings in a clear and repeatable manner, and provide remediation recommendations. The following types of findings were in-scope for this private bug bounty program: 
+
+* Sensitive or personally identifiable information disclosure
+* Cross-Site Scripting (XSS)
+* Server-side or remote code execution (RCE)
+* Arbitrary file upload
+* Authentication or authorization flaws, such as insecure direct object references (IDOR), and authentication bypasses
+* All forms of injection vulnerabilities
+* Directory traversal
+* Local file read
+* Significant security misconfigurations and business logic flaws
+* Exposed credentials that could be leveraged to gain further access
+
+The following types of activities were considered out-of-scope for this bug bounty program:
+
+* Scanning and assessing any other IP in the Entry Point's network
+* Physical attacks against {{ report.customer_short }} properties
+* Unverified scanner output
+* Man-in-the-Middle attacks
+* Any vulnerabilities identified through DDoS or spam attacks
+* Self-XSS
+* Login/logout CSRF
+* Issues with SSL certificates, open ports, TLS versions, or missing HTTP response headers
+* Vulnerabilities in third party libraries unless they can be leveraged to significantly impact the target
+* Any theoretical attacks or attacks that require significant user interaction or low risk
+
+{{ report.candidate.name }} performed testing under a “{{ report.pentest_approach.label }}” approach from {{ formatDate(report.pentest_start, 'long') }}, to {{ formatDate(report.pentest_end, 'long') }} without credentials or any advance knowledge of {{ report.customer_short }}’s web applications with the goal of identifying unknown weaknesses. Testing was performed from a non-evasive standpoint with the goal of uncovering as many misconfigurations and vulnerabilities as possible. Testing was performed remotely. Each weakness identified was documented and manually investigated to determine exploitation possibilities and escalation potential. {{ report.candidate.name }} sought to demonstrate the full impact of every vulnerability, up to and including internal network access.
+"""
+scope = """
+The scope of this assessment was as follows TODO *.tricolor.local and any and all open web server ports discovered on the target IP address provided at the start of the assessment.
+
+### In Scope Assets
+| Host/URL/IP Address | Description |
+|:---|:---|
+| TODO www.triclor.local | Main Tricolor website/unauthenticated |
+| TODO exam IP address  | PR website/unauthenticated |
+| TODO exam IP address  | Jobs Portal/unauthenticated |
+| TODO exam IP address  | HR website/unauthenticated |
+| TODO exam IP address  | Tricolor online store/unauthenticated |
+"""
+assessment_overview = """
+During the course of testing against {{ report.candidate.name }} identified ...
+
+TODO SUMMARY OF FINDINGS AND RECOMMENDATIONS HERE
+"""
+
+[report_data.candidate]
+a_name = "TODO Candidate Name"
+b_title = "TODO Candidate Title"
+c_email = "TODO Candidate Email"
+
+[[findings]]
+id = "dd47a6dd-5f26-4920-a48e-a1ff002e0a47"
+status = "in-progress"
+order = 1
+
+[findings.data]
+title = "TODO FINDING TITLE"
+cvss = "n/a"
+summary = "TODO DESCRIPTION"
+impact = "TODO IMPACT"
+description = """
+```
+ADD COMMAND OUTPUT AS APPROPRIATE
+```
+
+TODO ADD SCREENSHOTS AS APPROPRIATE
+"""
+recommendation = "TODO REMEDIATION"
+cwe = "TODO CWE"
+references = []
+affected_components = []
+
+[project_type]
+file = "../htb-designs/cbbh.toml"

demo_data/htb-demo-projects/cdsa.toml

@@ -0,0 +1,104 @@
+format = "projects/v2"
+id = "357a21a6-636a-4579-beff-1e0bcb8bdc3e"
+name = "CDSA Exam Report"
+language = "en-US"
+tags = []
+members = []
+override_finding_order = false
+images = []
+
+[[sections]]
+id = "executive_summary"
+status = "in-progress"
+
+[[sections]]
+id = "meta"
+status = "in-progress"
+
+[[sections]]
+id = "document_control"
+status = "in-progress"
+
+[[sections]]
+id = "appendix"
+status = "in-progress"
+
+[report_data]
+title = "CDSA Exam Report"
+executive_summary = "{{ report.customer_full }} engaged {{ report.candidate.name }} to investigate two (2) independent security incidents across two of {{ report.customer_full }}' separate networks. The objective is to identify the root causes and the full extent of these incidents and to meticulously document the findings in an understandable, technically robust, and reproducible way."
+customer_full = "TODO Customer Ltd."
+customer_short = "TODO Customer"
+report_version = "TODO 1.0"
+engagement_contacts = []
+appendix_timeline = """
+| Time                | Activity                                           |
+| ------------------- | -------------------------------------------------- |
+| TODO                | TODO                                              |
+| ...                 | ...                                                |
+| ...                 | ...                                                |
+| ...                 | ...                                                |
+| ...                 | ...                                                |
+"""
+appendix_additional_sections = []
+
+[report_data.candidate]
+a_name = "TODO Candidate Name"
+b_title = "TODO Candidate Title"
+c_email = "TODO Candidate Email "
+
+[[findings]]
+id = "c18ae678-4844-4a9d-8b28-a536feda2df2"
+status = "in-progress"
+order = 1
+
+[findings.data]
+title = "TODO INCIDENT TITLE"
+ioc = """
+IoCs are instrumental for hunting potential compromises across our broader environment or even among partner organizations. These can range from abnormal outbound traffic to unfamiliar processes and scheduled tasks initiated by the attacker.
+
+TODO TO BE FILLED BY THE SECURITY ANALYST
+"""
+nature = """
+Deep-dive into the type of attack, as well as the tactics, techniques, and procedures (TTPs) employed by the attacker. 
+
+TODO TO BE FILLED BY THE SECURITY ANALYST
+"""
+timeline = """
+This is a pivotal component for comprehending the incident's sequence of events. The timeline should include:
+* Reconnaissance
+* Initial Compromise
+* C2 Communications
+* Enumeration
+* Lateral Movement
+* Data Access & Exfiltration
+* Malware Deployment or Activity (including Process Injection and Persistence)
+* Containment Times (can be excluded)
+* Eradication Times (can be excluded)
+* Recovery Times (can be excluded)
+
+TODO TO BE FILLED BY THE SECURITY ANALYST
+"""
+root_cause = """
+Within this section, detail the root cause analysis conducted and elaborate on the underlying cause of the security incident (vulnerabilities exploited, failure points, etc.).
+
+TODO TO BE FILLED BY THE SECURITY ANALYST
+"""
+incident_id = "TODO TO BE FILLED BY THE SECURITY ANALYST"
+key_findings = "TODO TO BE FILLED BY THE SECURITY ANALYST"
+affected_systems = """
+Highlight all systems and data that were either potentially accessed or definitively compromised during the incident. If data was exfiltrated, specify the volume or quantity, if ascertainable.
+
+TODO TO BE FILLED BY THE SECURITY ANALYST
+"""
+evidence_sources = """
+Emphasize the evidence scrutinized, the results, and the analytical methodology employed. Each detection should be elucidated step by step, inclusive of the associated data sources, SIEM queries, and tool commands.
+
+TODO TO BE FILLED BY THE SECURITY ANALYST
+"""
+immediate_actions = "TODO TO BE FILLED BY THE SECURITY ANALYST"
+incident_overview = "TODO TO BE FILLED BY THE SECURITY ANALYST"
+incident_severity = "TODO: TO BE FILLED BY THE SECURITY ANALYST"
+stakeholder_impact = "TODO TO BE FILLED BY THE SECURITY ANALYST"
+
+[project_type]
+file = "../htb-designs/cdsa.toml"