Docs: Expand the explanation of credentials collectors

guardicore · Jul 18, 2024 · bf74c8f · bf74c8f
1 parent 4d60ee9
commit bf74c8f
Showing 1 changed file with 30 additions and 9 deletions.
diff --git a/docs/content/features/credentials_collectors/_index.md b/docs/content/features/credentials_collectors/_index.md
@@ -6,17 +6,38 @@ pre: "<i class='fas fa-key'></i> "
 
 # Credentials Collectors
 
-## <!-- we just need this here for formatting preferences done with CSS -->
+Credentials Collectors attempt to steal credentials from systems that the
+Infection Monkey Agent has infected.
 
-In real-world network attacks, malicious actors often adopt methods to extract
-credentials from compromised systems. Stolen credentials enable the attackers
-to further breach the environment in many ways including lateral movement,
-privilege escalation, data theft, and persistence.
+## Mimicking attackers
 
-Infection Monkey has multiple credentials collectors that steal credentials from
-compromised machines similarly. These credentials are used during exploitation
-for brute-forcing.
+In real-world network attacks, malicious actors often attempt to extract
+credentials from compromised systems. Stolen credentials enable attackers to
+penetrate deeper into the environment in many ways, such as lateral movement,
+privilege escalation, data theft, and persistence. To mimic this behavior,
+Infection Monkey has multiple plugins, called "credentials collectors", that
+steal credentials from compromised hosts.
 
-Infection Monkey provides the following credentials collectors:
+## How credentials collectors work
+
+When an Infection Monkey Agent is started, it begins the reconnaissance phase
+of its attack. The first step in this phase is to use all enabled credentials
+collectors to steal credentials. Any stolen credentials are then sent to the
+Monkey Island, where they become immediately available for any Agent to use.
+
+After the reconnaissance phase, the Agent will begin the propagation phase and
+attempt to compromise other hosts on the network. Exploiters are Infection
+Monkey plugins that attempt to spread copies of the Agent throughout the
+network. Some exploiters can use the credentials stolen by credentials
+collectors to gain access to other systems on the network. First, the exploiter
+will query the Monkey Island to retrieve credentials that were configured by
+the user and any credentials that were stolen by credentials collectors. Next,
+the exploiters will use the stolen credentials to attempt to authenticate with
+a target system. If authentication is successful, the exploiter will execute
+the Agent on the target system, spreading the infection throughout the network.
+
+## Techniques
+To read more about the techniques Infection Monkey can use to steal
+credentials, click the links below:
 
 {{% children /%}}