Stratus Red team v2.12 releases: emulate offensive attack techniques

by do son · Published · Updated

Stratus Red team

Stratus Red Team is “Atomic Red Team™” for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.

Stratus Red Team is a lightweight Go binary you can install easily. It comes packaged with a number of AWS-specific attack techniques. Each attack technique is a documentation page automatically generated from the source code.

Stratus Red Team handles spinning up any infrastructure or configuration needed to execute an attack technique. This is what it calls warming-up an attack technique. Once an attack technique is “warm”, it can be detonated, i.e. executed to emulate the attacker behavior it intends to simulate.

List of all Attack Techniques

This page contains the list of all Stratus Attack Techniques.

Name Platform MITRE ATT&CK Tactics
Retrieve EC2 Password Data AWS Credential Access
Steal EC2 Instance Credentials AWS Credential Access
Retrieve a High Number of Secrets Manager secrets AWS Credential Access
Retrieve And Decrypt SSM Parameters AWS Credential Access
Delete CloudTrail Trail AWS Defense Evasion
Disable CloudTrail Logging Through Event Selectors AWS Defense Evasion
CloudTrail Logs Impairment Through S3 Lifecycle Rule AWS Defense Evasion
Stop CloudTrail Trail AWS Defense Evasion
Attempt to Leave the AWS Organization AWS Defense Evasion
Remove VPC Flow Logs AWS Defense Evasion
Execute Discovery Commands on an EC2 Instance AWS Discovery
Open Ingress Port 22 on a Security Group AWS Exfiltration
Exfiltrate an AMI by Sharing It AWS Exfiltration
Exfiltrate EBS Snapshot by Sharing It AWS Exfiltration
Exfiltrate RDS Snapshot by Sharing AWS Exfiltration
Backdoor an S3 Bucket via its Bucket Policy AWS Exfiltration
Backdoor an IAM Role AWS Persistence
Create an Access Key on an IAM User AWS Persistence, Privilege Escalation
Create an administrative IAM User AWS Persistence, Privilege Escalation
Create a Login Profile on an IAM User AWS Persistence, Privilege Escalation
Backdoor Lambda Function Through Resource-Based Policy AWS Persistence

Changelog v2.12

New GCP attack techniques by @vthiery:

Install & Use

Copyright (C) 2022 @christophetd

Tags: emulate offensive attack techniques