From 26ea6d4f060fb8518799da2aa4a96f634a811797 Mon Sep 17 00:00:00 2001 From: Sadie H <30934213+sjhood@users.noreply.github.com> Date: Tue, 22 Nov 2022 02:09:48 -0800 Subject: [PATCH] Name created resources more consistently (#242) * add names * add all renames with local variables and extend necessary random character strings * terraform fmt --- .../ec2-get-password-data/main.tf | 6 +++++- .../ec2-steal-instance-credentials/main.tf | 10 ++++++--- .../secretsmanager-retrieve-secrets/main.tf | 5 +++-- .../defense-evasion/cloudtrail-delete/main.tf | 21 ++++++++++++------- .../cloudtrail-event-selectors/main.tf | 21 ++++++++++++------- .../cloudtrail-lifecycle-rule/main.tf | 21 ++++++++++++------- .../defense-evasion/cloudtrail-stop/main.tf | 21 ++++++++++++------- .../organizations-leave/main.tf | 6 +++++- .../vpc-remove-flow-logs/main.tf | 8 +++++-- .../ec2-enumerate-from-instance/main.tf | 10 ++++++--- .../aws/discovery/ec2-get-user-data/main.tf | 6 +++++- .../ec2-launch-unusual-instances/main.tf | 16 ++++++++------ .../aws/execution/ec2-user-data/main.tf | 9 +++++--- .../main.tf | 8 +++++-- .../aws/exfiltration/ec2-share-ami/main.tf | 8 +++++-- .../exfiltration/rds-share-snapshot/main.tf | 6 +++++- .../s3-backdoor-bucket-policy/main.tf | 10 ++++++--- .../console-login-without-mfa/main.tf | 10 ++++++--- .../aws/persistence/iam-backdoor-role/main.tf | 6 +++++- .../aws/persistence/iam-backdoor-user/main.tf | 6 +++++- .../iam-create-user-login-profile/main.tf | 6 +++++- .../lambda-backdoor-function/main.tf | 14 ++++++++----- .../persistence/lambda-overwrite-code/main.tf | 14 ++++++++----- .../rolesanywhere-create-trust-anchor/main.tf | 6 +++++- .../vm-custom-script-extension/main.tf | 16 ++++++++------ .../azure/execution/vm-run-command/main.tf | 18 +++++++++------- .../azure/exfiltration/disk-export/main.tf | 6 +++--- .../create-admin-service-account/main.tf | 8 +++++-- .../create-service-account-key/main.tf | 6 +++++- .../impersonate-service-accounts/main.tf | 5 +++-- .../steal-serviceaccount-token/main.tf | 6 +++--- .../hostpath-volume/main.tf | 6 +++--- .../privilege-escalation/nodes-proxy/main.tf | 9 ++++---- .../privileged-pod/main.tf | 2 +- 34 files changed, 225 insertions(+), 111 deletions(-) diff --git a/v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf b/v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf index a0c8a604..d0dd0afb 100644 --- a/v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf +++ b/v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf @@ -18,10 +18,14 @@ provider "aws" { } } +locals { + resource_prefix = "stratus-red-team-ec2-get-password-data" +} + data "aws_caller_identity" "current" {} resource "aws_iam_role" "role" { - name = "sample-role-used-by-stratus-for-ec2-password-data" + name = "${local.resource_prefix}-role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ diff --git a/v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf b/v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf index c7f50389..b6887a6a 100644 --- a/v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf +++ b/v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf @@ -19,6 +19,10 @@ provider "aws" { } } +locals { + resource_prefix = "stratus-red-team-ec2-steal-credentials" +} + data "aws_availability_zones" "available" { state = "available" } @@ -26,7 +30,7 @@ data "aws_availability_zones" "available" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - name = "stratus-red-team-vpc-ec2-credentials" + name = "${local.resource_prefix}-vpc" cidr = "10.0.0.0/16" azs = [data.aws_availability_zones.available.names[0]] @@ -57,7 +61,7 @@ resource "aws_network_interface" "iface" { } resource "aws_iam_role" "instance-role" { - name = "stratus-ec2-credentials-instance-role" + name = "${local.resource_prefix}-role" path = "/" assume_role_policy = <