v1.8.0

Changelog

New attack technique: AWS Console Login without MFA

v1.7.2

Changelog

Bug fix: In some cases, the programmatic API couldn't be used because of methods located in the internal package, which can't be used from other packages (#117)

v1.7.1

Changelog

• Bug fix: Content-type mismatch when downloading the Terraform binary (#118)

v1.7.0

Changelog

Stratus Red Team now injects an UUID in the User-Agent header when performing requests to the Kubernetes or AWS API. It has the form stratus-red-team_<uuid> and is unique per Stratus Red Team execution. This allows for more advanced use-cases to ensure that a log generated by a detonation corresponds to a specific execution of Stratus Red Team.

v1.6.2

Changelog

Bug fixes and enhancements.

• 2855978 Exfiltration of EBS snapshots and AMIs: Handle error when EBS encryption by default is enabled (closes #109)
• 44c83db ec2-steal-instance-credentials: Ensure instance is registered in SSM (closes #108)

v1.6.1

Changelog

• New attack technique: K8s privilege escalation through nodes/proxy permissions. Original research by @raesene

v1.5.0

Changelog

Overview:

• New TTP: dumping all secrets of a K8s cluster
• Made AWS/K8s authentication checks more user-friendly
• Bug fixes

Complete changelog:

• ffce76c New attack technique: Dump K8s cluster secrets
• 64d47fe Use built-in K8s client methods to list secrets
• cd08430 [bugfix] better error handling at cleanup time
• 33c370f [bugfix] handle platform authentication checks more smoothly (closes #104)
• a5b40f8 [docs] Add link to programmatic usage docs (#47)
• 49ee72c [docs] Fix incorrect information about supported platforms
• f6eaa89 remove duplicate docs page

v1.4.0

Changelog

Contributors: @christophetd @JulesDT @mchaffe @xen0ldog

Overview:

• Enhance Kubernetes support
• 3 new Kubernetes attack techniques: Run a Privileged Pod, Create Admin ClusterRole, Steal Pod Service Account Token
• Parallelize commands when running stratus (warmup|detonate|cleanup) on multiple attack techniques

Complete changelog:

• d4ac261 Add detection docs for k8s.credential-access.steal-serviceaccount-token
• ba5b171 Add detection docs for k8s.privilege-escalation.privileged-pod
• d38be65 Add thirdyparty-licenses target
• 1245549 Address comments
• 6f1f1af Customize K8s user-agent
• 2fd4316 Ensure all attack techniques are properly instantiating the AWS provider (closes #84)
• 11f8de6 Fix docs
• 3dc0656 Fix duplicate IAM role name
• 30e948c Fix typo in PR template
• 24b1388 Network interfaces not attached to ec2 instances instances
• f47a4d0 New attack technique: Create ClusterAdmin role
• 2125cbf New attack technique: Create privileged K8s pod (closes #92)
• cdce7cc New attack technique: Steal pod service account token (closes #98)
• c234ca1 Parallelization of commands: Enhance warmup
• abecfbf Parallelization of commands: Fix cleanup command
• 6aabb3d Parallelization of commands: Fix warmup
• e5e40b0 Parallelization of detonate command
• 5d88ada Parallelization of revert command
• 02b8784 Parallelization: fix wrong length for error handling
• f2ce722 Parallelization: fix wrong length for error handling (again)
• 7bfe8c0 Recategorize 'create-admin-clusterrole' as persistence rather than privesc
• b03bfbc Recategorize 'create-admin-clusterrole' as privesc rather than persistence
• 016ecbf Remove thirdparty-dependencies Makefile target from default targets
• 07ee658 Update philosophy
• 85bcc7c Update third-party licenses
• 1ec5983 make commands run in parallel

v1.3.0

Changelog

Kubernetes support!

https://stratus-red-team.cloud/attack-techniques/kubernetes/

https://stratus-red-team.cloud/attack-techniques/supported-platforms/#kubernetes

v1.2.0

Changelog

• New! The auto-generated documentation page of every attack technique now contains detection documentation.
• Added aws.discovery.ec2-download-user-data