Stratus Red team v2.5.2 releases: emulate offensive attack techniques

by do son · Published · Updated

Stratus Red team

Stratus Red Team is “Atomic Red Team™” for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.

Stratus Red Team is a lightweight Go binary you can install easily. It comes packaged with a number of AWS-specific attack techniques. Each attack technique is a documentation page automatically generated from the source code.

Stratus Red Team handles spinning up any infrastructure or configuration needed to execute an attack technique. This is what it calls warming-up an attack technique. Once an attack technique is “warm”, it can be detonated, i.e. executed to emulate the attacker behavior it intends to simulate.

List of all Attack Techniques

This page contains the list of all Stratus Attack Techniques.

Name Platform MITRE ATT&CK Tactics
Retrieve EC2 Password Data AWS Credential Access
Steal EC2 Instance Credentials AWS Credential Access
Retrieve a High Number of Secrets Manager secrets AWS Credential Access
Retrieve And Decrypt SSM Parameters AWS Credential Access
Delete CloudTrail Trail AWS Defense Evasion
Disable CloudTrail Logging Through Event Selectors AWS Defense Evasion
CloudTrail Logs Impairment Through S3 Lifecycle Rule AWS Defense Evasion
Stop CloudTrail Trail AWS Defense Evasion
Attempt to Leave the AWS Organization AWS Defense Evasion
Remove VPC Flow Logs AWS Defense Evasion
Execute Discovery Commands on an EC2 Instance AWS Discovery
Open Ingress Port 22 on a Security Group AWS Exfiltration
Exfiltrate an AMI by Sharing It AWS Exfiltration
Exfiltrate EBS Snapshot by Sharing It AWS Exfiltration
Exfiltrate RDS Snapshot by Sharing AWS Exfiltration
Backdoor an S3 Bucket via its Bucket Policy AWS Exfiltration
Backdoor an IAM Role AWS Persistence
Create an Access Key on an IAM User AWS Persistence, Privilege Escalation
Create an administrative IAM User AWS Persistence, Privilege Escalation
Create a Login Profile on an IAM User AWS Persistence, Privilege Escalation
Backdoor Lambda Function Through Resource-Based Policy AWS Persistence

Changelog v2.5.2

Bug fixes:

  • c6e1f68 Fix max duration parameter of RolesAnywhere attack technique (closes #331) (#332)

Docs:

  • 370a454 Add references to aws.persistence.iam-create-admin-user
  • c098e26 Add references to aws.persistence.iam-create-user-login-profile

Chores:

  • fad1e4a Brew formula update for stratus-red-team version v2.5.1
  • bb3b3e3 Bump actions/checkout from 3.2.0 to 3.3.0 (#328)
  • ca0ad37 Bump actions/upload-artifact from 3.1.0 to 3.1.2 (#329)
  • c513cfe Bump alpine from 3.17.1 to 3.17.2 (#325)
  • d1fd5a3 Bump dominikh/staticcheck-action from 1.2.0 to 1.3.0 (#326)
  • d4ac89a Bump github/codeql-action from 2.2.1 to 2.2.5 (#330)
  • 590516a Bump golang from 1.19.5-alpine3.16 to 1.20.1-alpine3.16 (#324)
  • eb63922 Bump golang.org/x/net in /v2 (#320)
  • efc8da3 Bump golang.org/x/text from 0.3.7 to 0.3.8 in /v2 (#316)
  • 48f0fe5 Bump step-security/harden-runner from 2.1.0 to 2.2.0 (#327)

Install & Use

Copyright (C) 2022 @christophetd

Tags: emulate offensive attack techniques