target/mmk-ui-api target/mmk-ui-api

  • Stars
    star
    119
  • Rank 292,645 (Top 6 %)
  • Language
    TypeScript
  • License
    Apache License 2.0
  • Created over 2 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
target/mmk-ui-api
github

target

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

UI, API, and Scanner (Rules Engine) services for Merry Maker

Merry Maker 2.0

Documentation   |   Pull Requests   |   Issues

Merry Maker is a fully scalable tool to detect the presence of digital skimmers.

Background

Merry Maker is a solution designed to detect the presence of digital skimmers, built by two Target security developers, @cawalch and @ebrandel.

Fundamentally, Merry Maker operationalizes three key processes:

  • Preserving a baseline of existing pages by saving the code being served by a website along with the network traffic generated by test transactions
  • Scanning the saved code for any malicious indicators
  • Scanning the saved network traffic for any potential compromise

Merry Maker continually simulates online browsing and completes test transactions to scan for the presence of malicious code. It acts like a guest on Target.com by completing several typical activities, including online purchases. While doing so, the tool gathers and analyzes a variety of information, including network requests, JavaScript files, and browser activity to look for any type of unwanted activity. Merry Maker was built to execute on all of this at scale.

Merry Maker's purchases are flagged as test orders internally so that they don't get processed, but otherwise, everything happens behind the scenes just as it normally would during check out. If any possible malicious activity is detected, Merry Maker triggers an alert to Target's 24/7 Cybersecurity Incident Response Team to prompt an investigation.

Since its launch in 2018, Merry Maker has completed over one million website scans and we've filed multiple patent applications. The technology helps keep the holiday shopping season safe and merry here at Target (hence the name).

We have open sourced the Merry Maker framework along with several detection rules in the hopes that this information helps other cybersecurity teams stand up their own customized defense.

Features

  • Puppeteer scripts to simulate user interactions
  • Yara rules for static analysis
  • Hooks native JavaScript function calls for detection and attribution
  • Near real-time browser event detection and alerting
  • Distributed event scanning (rule engine)
  • Role based UI with local and OAuth2 authentication options

Related Projects

  • mmk-js-scope Enumerates javascript requests and hooks native function calls with Headless Chrome for use by Merry Maker
  • mmk-types Shared typings between services - only needed for developers

Full Stack Demo

# Start all the services
docker compose -f docker-compose.all.yml up

Navigate to http://localhost:8080 to begin.

Requirements

  • docker
  • node v14.18.1

Setup

Docker Stack

Includes postgres, redis and a testRedis instance

# from ./
docker compose up -d

Backend

API service for the frontend and scanner

DB Migration

# from ./backend
yarn migrate

# from ./backend
yarn install

yarn start

Testing

yarn test

Uses nodemon to auto reload on change. Listens on two separate HTTP ports (UI and transport)

Frontend

Vue dev server for developing the frontend. Run backend prior to starting this service

# from ./frontend
yarn install
yarn serve

Jobs

Main scheduler for running scans, purging old data, and misc cron jobs

# from ./backend
yarn jobs

Scanner

Rules runner for processing browser events emitted by jsscope

# from ./scanner
yarn install
yarn start

Testing

yarn test

Optional Auth Strategy

OAuth2

export MMK_AUTH_STRATEGY=oauth
export MMK_OAUTH_AUTH_URL=http://oauth-server/auth/oauth/v2/authorize
export MMK_OAUTH_TOKEN_URL=https://oauth-server/auth/oauth/v2/token
export MMK_OAUTH_CLIENT_ID=client_id
export MMK_OAUTH_SECRET=<oauth-secret>
export MMK_OAUTH_REDIRECT_URL=http://localhost:8080/api/auth/login
export MMK_OAUTH_SCOPE=openid profile email

Copyright (c) 2021 Target Brands, Inc.

More Repositories

1

goalert

Open source on-call scheduling, automated escalations, and notifications so you never miss a critical alert
Go
2,160
star
2

lorri

Your project's nix-env
Rust
990
star
3

strelka

Real-time, container-based file scanning at enterprise scale
Python
813
star
4

matrixprofile-ts

A Python library for detecting patterns and anomalies in massive datasets using the Matrix Profile
Python
732
star
5

flottbot

A chatbot framework written in Go. All configurations are made in YAML files, or inside scripts written in your favorite language.
Go
323
star
6

halogen

Automatically create YARA rules from malicious documents.
Python
205
star
7

pod-reaper

Rule based pod killing kubernetes controller
Go
195
star
8

portauthority

API that leverages Clair to scan Docker Registries and Kubernetes Clusters for vulnerabilities
Go
151
star
9

huntlib

A Python library to help with some common threat hunting data analysis operations
Python
131
star
10

row-types

A Haskell library for open records and variants using closed type families and type literals
Haskell
112
star
11

data-validator

A tool to validate data, built around Apache Spark.
Scala
100
star
12

libdart

A High Performance, Network Optimized, JSON Library
C++
80
star
13

XCBBuildServiceProxy

A framework to create proxies for XCBBuildService, which allows for custom Xcode build integrations.
Swift
74
star
14

graphql-liftoff

Generate GraphQL schema language from API specifications and more
TypeScript
44
star
15

nix-fetchers

A set of morally pure fetching builtins for Nix.
Python
43
star
16

grease

Automated Scripting Engine For the Modern Age
Python
42
star
17

react-native-svg-parser

Parses SVG files and converts to 'react-native-svg' format objects. NOTE: This project has been archived.
JavaScript
42
star
18

Threat-Hunting

Detection of obfuscated Powershell commands
Jupyter Notebook
41
star
19

theta-idl

Define communication protocols between applications using algebraic data types.
Haskell
41
star
20

f5-bigip-cookbook

Chef cookbook for F5 Big IP
Ruby
37
star
21

winnaker

An audit tool that tests the whole system functionality of Spinnaker
Python
33
star
22

captains-log

A continuous integration plugin that helps organize release information in slack
JavaScript
31
star
23

go-arty

Go client library for Artifactory and Xray
Go
30
star
24

strelka-ui

Strelka Web UI for File Submission and Analysis
JavaScript
30
star
25

attack-navigator-docker

A simple Docker container that serves the MITRE ATT&CK Navigator web app
Makefile
26
star
26

POSSUM

Java
22
star
27

reuse

A simple Golang app to test TCP and SSL/TLS session reuse.
Go
22
star
28

karmabot

A karmabot for Slack
Python
21
star
29

edge-mac-integrations

A collection scripts and API interactions used by Target to simplify the user experience and make Jamf Pro Self Service the one stop shop for access, peripherals, and software.
Shell
19
star
30

statsd-kafka-backend

A Statsd backend for sending metrics to Kafka
JavaScript
18
star
31

network_interfaces_v2-cookbook

Chef cookbook for managing network interfaces on Ubuntu, RHEL and Windows
Ruby
16
star
32

impeller

Manage Helm charts in Kubernetes clusters.
Go
15
star
33

table-model

Supercharge your datagrid with TableModel
JavaScript
15
star
34

REDstack

REDstack - Hadoop as a service on OpenStack
Python
15
star
35

lite-for-jdbc

Lightweight library to simplify JDBC database access
Kotlin
15
star
36

secured-yarn-cluster-ansible

Ansible playbook for provisioning secured yarn cluster
Ruby
14
star
37

casper-auto-provisioning

Shell
13
star
38

jenkins-docker-master

Dockerfile for Jenkins master
Shell
12
star
39

sccmosd-refresh-multitool

A method to migrate from Windows 7 (w/ BIOS) to Windows 10 (w/ UEFI) In A Single Task Sequence
PowerShell
9
star
40

jenkins-docker-nginx

Dockerfile for NGINX frontend to Jenkins
Shell
9
star
41

markdown-inject

Add file or command output to markdown documents.
TypeScript
9
star
42

intellidiff

Kotlin
9
star
43

emoji_manager

Custom emoji management for Enterprise Slack users
Kotlin
8
star
44

cloudpunch

A framework to performance test OpenStack at scale
Python
8
star
45

native_memory_allocator

A Kotlin library providing a simple, high-performance way to use off-heap native memory in JVM applications.
Kotlin
7
star
46

boots_of_haste

This script parses through an Nmap XML file and sends requests through Burp for every open port.
Python
7
star
47

gelvedere

Cli to deploy a Jenkins master
Go
7
star
48

consensource-api

API for sending batches to the process, and reading from pg
Rust
6
star
49

jenkins-docker-api

An API to manage containerized Jenkins masters
Go
6
star
50

sensu-go-goalert

Sensu Go GoAlert Handler
Go
6
star
51

consensource-compose

INACTIVE REPO! Please visit github.com/target/consensource
Shell
5
star
52

consensource-database

Reporting database
Rust
5
star
53

consensource-processor

Transaction processor, smart contracts
Rust
5
star
54

cartster

Target Partner's Commerce Basket Transfer Example App
JavaScript
5
star
55

pacemaker-cookbook

Chef cookbook for managing pacemaker on RHEL
Ruby
5
star
56

consensource-common

Data models, addressing, and dockerfiles
Rust
4
star
57

consensource-ui

Web client to interface with the ConsenSource blockchain
JavaScript
4
star
58

coldsalt

(THIS REPO HAS BEEN ARCHIVED) API test automation
Python
4
star
59

jupyter-git-extension

Extension that adds basic git functionality to the Jupyter Notebook UI
JavaScript
4
star
60

DataStoreExplorer

Kotlin
3
star
61

plugin-for-rundeck-to-execute-sap-modules

Rundeck plugin for connecting to SAP systems for triggering ABAP programs and process chains
Java
3
star
62

mmk-js-scope

Puppeteer worker for Merry Maker
TypeScript
3
star
63

consensource-docs

WIP: Docsite
CSS
3
star
64

consensource-sds

An event subscriber for publishing blockchain events to an off-chain reporting database
Rust
3
star
65

osx-edgelab

Python
2
star
66

pull-request-code-coverage

A continuous integration plugin to allow detecting code coverage for only the lines changed in a PR.
Go
2
star
67

mmk-types

JavaScript
2
star
68

woozie

An Emacs package for creating and validating Apache Oozie workflows
Emacs Lisp
2
star
69

consensource-cli

CLI for testing transactions and genesis
Rust
2
star
70

flottbot-docs

Documentation for flottbot
JavaScript
2
star
71

concatenated-barcode-parser

This library has logic to parse GS1-128 (Global Standard 1) concatenated barcode and return a list of parsed objects
Kotlin
2
star
72

hdp-cloud

Ruby
1
star
73

burndown-for-github-projects

TypeScript
1
star
74

setupcfg2nix

Generate nix expressions from setup.cfg for a python package.
Python
1
star
75

k-sim

A simple simulator trying to work through bottleneck/constraints theory as applied to a few simple Kafka topologies.
JavaScript
1
star
76

compiler-of-android-for-lona

The Android Compiler for Lona Design Systems
FreeMarker
1
star
77

token-manager-for-salesforce

Spring Boot library to make Salesforce API calls easy
Java
1
star
78

chatops-docs

Terms & Conditions for using Slack at Target
HTML
1
star
79

Schema-Check-filter-for-Logstash

(This repo is archived) Schema Check filter for Logstash
Ruby
1
star