Skip to content

Releases: DataDog/stratus-red-team

v2.0.0

03 Jun 14:12
Compare
Choose a tag to compare

Changelog

  • Stratus Red Team now supports Azure! Thank you to Ryan Marcotte Cobb from Secureworks for the contribution.
  • New attack technique: Azure: Execute Commands on Virtual Machine using Run Command. Thank you to Ryan Marcotte Cobb from Secureworks for the contribution.
  • Upgraded Go version from 1.17 to 1.18 to support the Azure Go SDK
  • Bumped vulnerable dependencies

Note

The major version was bumped (1.8.0 -> 2.0.0) because the Go upgrade to 1.18 may break certain environments using the programmatic interface of Stratus Red Team with Go 1.17.

v1.8.0

30 May 15:55
Compare
Choose a tag to compare

Changelog

New attack technique: AWS Console Login without MFA

v1.7.2

25 May 09:03
Compare
Choose a tag to compare

Changelog

Bug fix: In some cases, the programmatic API couldn't be used because of methods located in the internal package, which can't be used from other packages (#117)

v1.7.1

23 May 09:39
Compare
Choose a tag to compare

Changelog

  • Bug fix: Content-type mismatch when downloading the Terraform binary (#118)

v1.7.0

06 Apr 15:48
Compare
Choose a tag to compare

Changelog

Stratus Red Team now injects an UUID in the User-Agent header when performing requests to the Kubernetes or AWS API. It has the form stratus-red-team_<uuid> and is unique per Stratus Red Team execution. This allows for more advanced use-cases to ensure that a log generated by a detonation corresponds to a specific execution of Stratus Red Team.

v1.6.2

31 Mar 07:34
Compare
Choose a tag to compare

Changelog

Bug fixes and enhancements.

  • 2855978 Exfiltration of EBS snapshots and AMIs: Handle error when EBS encryption by default is enabled (closes #109)
  • 44c83db ec2-steal-instance-credentials: Ensure instance is registered in SSM (closes #108)

v1.6.1

04 Mar 11:43
9b4a515
Compare
Choose a tag to compare

Changelog

v1.5.0

28 Feb 15:49
Compare
Choose a tag to compare

Changelog

Overview:

Complete changelog:

  • ffce76c New attack technique: Dump K8s cluster secrets
  • 64d47fe Use built-in K8s client methods to list secrets
  • cd08430 [bugfix] better error handling at cleanup time
  • 33c370f [bugfix] handle platform authentication checks more smoothly (closes #104)
  • a5b40f8 [docs] Add link to programmatic usage docs (#47)
  • 49ee72c [docs] Fix incorrect information about supported platforms
  • f6eaa89 remove duplicate docs page

v1.4.0

10 Feb 08:20
Compare
Choose a tag to compare

Changelog

Contributors: @christophetd @JulesDT @mchaffe @xen0ldog

Overview:

Complete changelog:

  • d4ac261 Add detection docs for k8s.credential-access.steal-serviceaccount-token
  • ba5b171 Add detection docs for k8s.privilege-escalation.privileged-pod
  • d38be65 Add thirdyparty-licenses target
  • 1245549 Address comments
  • 6f1f1af Customize K8s user-agent
  • 2fd4316 Ensure all attack techniques are properly instantiating the AWS provider (closes #84)
  • 11f8de6 Fix docs
  • 3dc0656 Fix duplicate IAM role name
  • 30e948c Fix typo in PR template
  • 24b1388 Network interfaces not attached to ec2 instances instances
  • f47a4d0 New attack technique: Create ClusterAdmin role
  • 2125cbf New attack technique: Create privileged K8s pod (closes #92)
  • cdce7cc New attack technique: Steal pod service account token (closes #98)
  • c234ca1 Parallelization of commands: Enhance warmup
  • abecfbf Parallelization of commands: Fix cleanup command
  • 6aabb3d Parallelization of commands: Fix warmup
  • e5e40b0 Parallelization of detonate command
  • 5d88ada Parallelization of revert command
  • 02b8784 Parallelization: fix wrong length for error handling
  • f2ce722 Parallelization: fix wrong length for error handling (again)
  • 7bfe8c0 Recategorize 'create-admin-clusterrole' as persistence rather than privesc
  • b03bfbc Recategorize 'create-admin-clusterrole' as privesc rather than persistence
  • 016ecbf Remove thirdparty-dependencies Makefile target from default targets
  • 07ee658 Update philosophy
  • 85bcc7c Update third-party licenses
  • 1ec5983 make commands run in parallel

v1.3.0