v2.2.0

Changelog

• New AWS attack technique by @adanalvarez: Create an IAM Roles Anywhere trust anchor
• New AWS attack technique by @rollwagen: Launch Unusual EC2 Instances
• New K8s attack technique inspired by @raesene: Create Long-Lived Token

v2.1.0

Changelog

• New Azure attack technique: Export Disk Through Shared Access Signature URL
• New Azure attack technique: Execute Command on Virtual Machine using Custom Script Extension by Ryan Marcotte Cobb @rcobb-scwx
• New AWS attack technique: Overwrite Lambda Function Code by @rollwagen
• Add dynamic CLI autocomplete for techniques by @rollwagen

Enhancements:

• bf7a2ab Disable logging when using the programmatic interface (closes #126)
• 947fbb4 Add execution UUID to the Terraform user-agent

v2.0.0

Changelog

• Stratus Red Team now supports Azure! Thank you to Ryan Marcotte Cobb from Secureworks for the contribution.
• New attack technique: Azure: Execute Commands on Virtual Machine using Run Command. Thank you to Ryan Marcotte Cobb from Secureworks for the contribution.
• Upgraded Go version from 1.17 to 1.18 to support the Azure Go SDK
• Bumped vulnerable dependencies

Note

The major version was bumped (1.8.0 -> 2.0.0) because the Go upgrade to 1.18 may break certain environments using the programmatic interface of Stratus Red Team with Go 1.17.

v1.8.0

Changelog

New attack technique: AWS Console Login without MFA

v1.7.2

Changelog

Bug fix: In some cases, the programmatic API couldn't be used because of methods located in the internal package, which can't be used from other packages (#117)

v1.7.1

Changelog

• Bug fix: Content-type mismatch when downloading the Terraform binary (#118)

v1.7.0

Changelog

Stratus Red Team now injects an UUID in the User-Agent header when performing requests to the Kubernetes or AWS API. It has the form stratus-red-team_<uuid> and is unique per Stratus Red Team execution. This allows for more advanced use-cases to ensure that a log generated by a detonation corresponds to a specific execution of Stratus Red Team.

v1.6.2

Changelog

Bug fixes and enhancements.

• 2855978 Exfiltration of EBS snapshots and AMIs: Handle error when EBS encryption by default is enabled (closes #109)
• 44c83db ec2-steal-instance-credentials: Ensure instance is registered in SSM (closes #108)

v1.6.1

Changelog

• New attack technique: K8s privilege escalation through nodes/proxy permissions. Original research by @raesene

v1.5.0

Changelog

Overview:

• New TTP: dumping all secrets of a K8s cluster
• Made AWS/K8s authentication checks more user-friendly
• Bug fixes

Complete changelog:

• ffce76c New attack technique: Dump K8s cluster secrets
• 64d47fe Use built-in K8s client methods to list secrets
• cd08430 [bugfix] better error handling at cleanup time
• 33c370f [bugfix] handle platform authentication checks more smoothly (closes #104)
• a5b40f8 [docs] Add link to programmatic usage docs (#47)
• 49ee72c [docs] Fix incorrect information about supported platforms
• f6eaa89 remove duplicate docs page