Releases: DataDog/stratus-red-team
Releases · DataDog/stratus-red-team
v2.0.0
Changelog
- Stratus Red Team now supports Azure! Thank you to Ryan Marcotte Cobb from Secureworks for the contribution.
- New attack technique: Azure: Execute Commands on Virtual Machine using Run Command. Thank you to Ryan Marcotte Cobb from Secureworks for the contribution.
- Upgraded Go version from 1.17 to 1.18 to support the Azure Go SDK
- Bumped vulnerable dependencies
Note
The major version was bumped (1.8.0 -> 2.0.0) because the Go upgrade to 1.18 may break certain environments using the programmatic interface of Stratus Red Team with Go 1.17.
v1.8.0
Changelog
New attack technique: AWS Console Login without MFA
v1.7.2
v1.7.1
v1.7.0
Changelog
Stratus Red Team now injects an UUID in the User-Agent
header when performing requests to the Kubernetes or AWS API. It has the form stratus-red-team_<uuid>
and is unique per Stratus Red Team execution. This allows for more advanced use-cases to ensure that a log generated by a detonation corresponds to a specific execution of Stratus Red Team.
v1.6.2
v1.6.1
Changelog
- New attack technique: K8s privilege escalation through nodes/proxy permissions. Original research by @raesene
v1.5.0
Changelog
Overview:
- New TTP: dumping all secrets of a K8s cluster
- Made AWS/K8s authentication checks more user-friendly
- Bug fixes
Complete changelog:
- ffce76c New attack technique: Dump K8s cluster secrets
- 64d47fe Use built-in K8s client methods to list secrets
- cd08430 [bugfix] better error handling at cleanup time
- 33c370f [bugfix] handle platform authentication checks more smoothly (closes #104)
- a5b40f8 [docs] Add link to programmatic usage docs (#47)
- 49ee72c [docs] Fix incorrect information about supported platforms
- f6eaa89 remove duplicate docs page
v1.4.0
Changelog
Contributors: @christophetd @JulesDT @mchaffe @xen0ldog
Overview:
- Enhance Kubernetes support
- 3 new Kubernetes attack techniques: Run a Privileged Pod, Create Admin ClusterRole, Steal Pod Service Account Token
- Parallelize commands when running
stratus (warmup|detonate|cleanup)
on multiple attack techniques
Complete changelog:
- d4ac261 Add detection docs for k8s.credential-access.steal-serviceaccount-token
- ba5b171 Add detection docs for k8s.privilege-escalation.privileged-pod
- d38be65 Add thirdyparty-licenses target
- 1245549 Address comments
- 6f1f1af Customize K8s user-agent
- 2fd4316 Ensure all attack techniques are properly instantiating the AWS provider (closes #84)
- 11f8de6 Fix docs
- 3dc0656 Fix duplicate IAM role name
- 30e948c Fix typo in PR template
- 24b1388 Network interfaces not attached to ec2 instances instances
- f47a4d0 New attack technique: Create ClusterAdmin role
- 2125cbf New attack technique: Create privileged K8s pod (closes #92)
- cdce7cc New attack technique: Steal pod service account token (closes #98)
- c234ca1 Parallelization of commands: Enhance warmup
- abecfbf Parallelization of commands: Fix cleanup command
- 6aabb3d Parallelization of commands: Fix warmup
- e5e40b0 Parallelization of detonate command
- 5d88ada Parallelization of revert command
- 02b8784 Parallelization: fix wrong length for error handling
- f2ce722 Parallelization: fix wrong length for error handling (again)
- 7bfe8c0 Recategorize 'create-admin-clusterrole' as persistence rather than privesc
- b03bfbc Recategorize 'create-admin-clusterrole' as privesc rather than persistence
- 016ecbf Remove thirdparty-dependencies Makefile target from default targets
- 07ee658 Update philosophy
- 85bcc7c Update third-party licenses
- 1ec5983 make commands run in parallel