DataDog/stratus-red-team

Issues

• [AWS] Add boundary support

  #508 opened 2 months ago by Renizmy
  4

• New attack technnique: Exfiltrate disk of Azure VM by snapshotting it

  #510 opened 2 months ago by christophetd
  0

• Display nicer error when AWS_REGION is not set

  #506 opened 2 months ago by christophetd
  0

• Backdoor AWS account using "guest" role in Cognito Identity Pool

  #450 opened 6 months ago by christophetd
  1

• [QUESTION] [k8s] Circumventing the privileged pod technique

  #430 opened 2 months ago by loresuso
  1

• Add references to S3 ransomware in the wild to existing S3 attack techniques

  #484 opened 4 months ago by christophetd
  0

• "An argument named skip_get_ec2_platforms is not expected here" when detonating aws.credential-access.ec2-get-password-data

  #505 opened 2 months ago by christophetd
  1

• New attack technique: SendSerialConsoleSSHPublicKey

  #487 opened 3 months ago by christophetd
  1

• Analyze LUCR-3 TTPs and suggest new attack techniques

  #496 opened 3 months ago by christophetd
  0

• [QUESTION] [k8s] Cluster admin binding

  #431 opened 3 months ago by loresuso
  3

• New attack technique: VMAccess Extension to add SSH keys to VMs

  #486 opened 3 months ago by christophetd
  0

• New attack technique: Snapshot existing volume and attach to compromised EC2 instance

  #485 opened 3 months ago by christophetd
  0

• Usage of ssm:SendCommand on multiple instances #60

  #480 opened 4 months ago by christophetd
  1

• Create new backdoor IAM role

  #469 opened 4 months ago by christophetd
  1

• AWS Route53: disable DNS query logging

  #470 opened 4 months ago by ccamac01-dd
  1

• AWS SNS: delete topic

  #471 opened 4 months ago by ccamac01-dd
  1

• Incorrect IAM permissions causing Stratus to error on detonation of aws.defense-evasion.organizations-leave

  #462 opened 5 months ago by christofort
  4

• Azure AD: Backdoor tenant through new application

  #451 opened 6 months ago by christophetd
  0

• New EKS attack technique: backdooring the aws-auth configmap

  #375 opened a year ago by christophetd
  1

• Add attack technique about AWS Secrets Manager's new BatchGetSecrets

  #433 opened 7 months ago by christophetd
  0

• Failure to detonate k8s.privilege-escalation.nodes-proxy

  #428 opened 7 months ago by prsimoes
  5

• Azure execution through serial console

  #410 opened 9 months ago by christophetd
  0

• Azure storage account ransomware

  #408 opened 9 months ago by christophetd
  0

• Investigate the possibility of an Azure AD platform

  #398 opened 9 months ago by christophetd
  0

• Add new TTP on S3 ransomware

  #343 opened 10 months ago by christophetd
  2

• SES attack technique

  #291 opened 10 months ago by christophetd
  1

• Add STRATUS_RED_TEAM_ATTACKER_EMAIL env to gcp.exfiltration.share-compute-disk

  #385 opened a year ago by pberba
  0

• aws.execution.ec2-launch-unusual-instances working

  #387 opened a year ago by agroyz
  3

• Migrate from using deprecated GCP SDK APIs

  #389 opened a year ago by christophetd
  0

• Add support for EKS

  #374 opened a year ago by christophetd
  0

• Investigate additional GCP exfiltration techniques

  #371 opened a year ago by christophetd
  0

• GCP: Share a compute disk (exfiltration)

  #369 opened a year ago by christophetd
  0

• Stratus Does Not Use Instance Profile On EC2

  #367 opened a year ago by mrugank-canva
  7

• "Backdoor Lambda Function" fails because the nodejs12 runtime isn't available anymore

  #359 opened a year ago by christophetd
  0

• Leftover AWS resources after stratus warmup error

  #293 opened a year ago by rollwagen
  2

• Download EC2 Instance User Data technique does request userdata properly

  #353 opened a year ago by agroyz
  22

• cleanup for aws.persistence.lambda-overwrite-code not working

  #356 opened a year ago by agroyz
  0

• AWS: Create service account token for pod and exchange for AWS credentials (IRSA)

  #344 opened a year ago by christophetd
  1

• terraform error for detonate aws.persistence.lambda-overwrite-code technique

  #354 opened a year ago by agroyz
  3

• Not working on Apple M1

  #341 opened a year ago by thibon
  8

• Persistence through OS patch

  #314 opened a year ago by JOSHUAJEBARAJ
  0

• aws.persistence.rolesanywhere-create-trust-anchor does not give out proper result

  #331 opened a year ago by sboonyakiatACR
  2

• Cleanup flag should cleanup when the detonation fails

  #298 opened a year ago by christophetd
  4

• Persistence through federation + re-enabling IAM access key

  #313 opened a year ago by christophetd
  0

• Investigate failure of gcp.privilege-escalation.impersonate-service-accounts

  #299 opened a year ago by christophetd
  0

• Broken gcp.persistence.create-admin-service-account

  #294 opened a year ago by christophetd
  2

• Max length exceeded for some Azure resources

  #301 opened a year ago by rcobb-scwx
  2

• Broken gcp.privilege-escalation.impersonate-service-accounts

  #296 opened a year ago by christophetd
  0

• Dry-run capabilities

  #292 opened a year ago by sjhood
  3

• Terraform linting on PRs

  #276 opened 2 years ago by christophetd
  0