Offensive Security Tool: Stratus Red Team
Reading Time: 3 Minutes
Offensive Security Tool: Stratus Red Team
Stratus Red Team
Cloud computing is crucial for building systems that can perform offensive security. The performance and customization from red team can significantly enhance the outcome, so we will focus on another tool that aims to do that.
Stratus Red Team by DataDog is “Atomic Red Team” for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.
Atomic Red Team is library of tests mapped to the MITRE ATTACK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
Read the announcement blog posts:
- https://www.datadoghq.com/blog/cyber-attack-simulation-with-stratus-red-team/
- https://blog.christophetd.fr/introducing-stratus-red-team-an-adversary-emulation-tool-for-the-cloud/
Some Techniques include:
- Credential access: Steal EC2 instance credentials
- Discovery: Execute discovery commands on an EC2 instance
- Defense evasion: Stop a CloudTrail trail
- Exfiltration: Exfiltrate data from an S3 bucket by backdooring its bucket policy
A core challenge for threat detection engineering is reproducing common attacker behavior. Stratus Red Team will help you do that with ease as part of your Pentesting Assessments or Bug Bounty Hunting.
See Also: Complete Offensive Security and Ethical Hacking Course
Getting Started
Stratus Red Team is a self-contained Go binary.
See the documentation at stratus-red-team.cloud:
- Stratus Red Team Concepts
- Installing Stratus Red Team – Homebrew formula, Docker image and pre-built binaries available
- Available Attack Techniques, mapped to MITRE ATT&CK
See Also: How ILOVEYOU worm became the first global computer virus pandemic
Installation
- Mac OS:
brew tap datadog/stratus-red-team https://github.com/DataDog/stratus-red-team
brew install datadog/stratus-red-team/stratus-red-team
- Linux / Windows / macOS: Download one of the pre-built binaries.
- Docker:
IMAGE="ghcr.io/datadog/stratus-red-team"
alias stratus="docker run --rm -v $HOME/.stratus-red-team/:/root/.stratus-red-team/ -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_DEFAULT_REGION $IMAGE"
Using Stratus Red Team as a Go Library
See Examples and Programmatic Usage.
Development
Building locally
make
./bin/stratus --help
Running locally
go run cmd/stratus/*.go list
Running the tests
make test
Building the documentation
For local usage:
pip install mkdocs-material mkdocs-awesome-pages-plugin
make docs mkdocs serve
See Also: Cisco patches critical vulnerabilities in SMB routers, exploitation available