Awesome
Stratus Red Team
<p align="center"> <img src="./docs/logo.png" alt="Stratus Red Team" width="300" /> </p>Stratus Red Team is "Atomic Red Team™" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.
<p align="center"> <a href="https://github.com/DataDog/stratus-red-team/raw/main/docs/demo.gif"> <img src="./docs/demo.gif" alt="Terminal recording" /> </a> </p>Read the announcement blog posts:
- https://www.datadoghq.com/blog/cyber-attack-simulation-with-stratus-red-team/
- https://blog.christophetd.fr/introducing-stratus-red-team-an-adversary-emulation-tool-for-the-cloud/
Getting Started
Stratus Red Team is a self-contained Go binary.
See the documentation at stratus-red-team.cloud:
-
Installing Stratus Red Team - Homebrew formula, Docker image and pre-built binaries available
-
Available Attack Techniques, mapped to MITRE ATT&CK
Installation
Direct install
Requires Go 1.21+
go install -v github.com/datadog/stratus-red-team/v2/cmd/stratus@latest
Homebrew
brew tap datadog/stratus-red-team https://github.com/DataDog/stratus-red-team
brew install datadog/stratus-red-team/stratus-red-team
Pre-build binaries
For Linux / Windows / Mac OS: download one of the pre-built binaries.
Docker
IMAGE="ghcr.io/datadog/stratus-red-team"
alias stratus="docker run --rm -v $HOME/.stratus-red-team/:/root/.stratus-red-team/ -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_DEFAULT_REGION $IMAGE"
asdf
You can install specific versions (or latest) of stratus-red-team using asdf and this stratus-red-team plugin:
asdf plugin add stratus-red-team https://github.com/asdf-community/asdf-stratus-red-team.git
asdf install stratus-red-team latest
Community
The following section lists posts and projects from the community leveraging Stratus Red Team.
Open-source projects:
Videos:
- Reproducing common attacks in the cloud with Stratus Red Team
- Stratus Red Team: AWS EC2 Instance Credential Theft | Threat SnapShot
- Automated Attack Simulation in AWS for Red Teaming
Blog posts:
- AWS threat emulation and detection validation with Stratus Red Team and Datadog Cloud SIEM
- Adversary emulation on AWS with Stratus Red Team and Wazuh
- Sky’s the Limit: Stratus Red Team for Azure
- Detecting realistic AWS cloud-attacks using Azure Sentinel
- A Data Driven Comparison of Open Source Adversary Emulation Tools
- Making Security Relevant in the Cloud
- Detonating attacks with Datadog Stratus Red Team
- AWS CloudTrail cheatsheet
- Adversary emulation on GCP with Stratus Red Team and Wazuh
- Automated First-Response in AWS using Sigma and Athena
- AWS Cloud Detection Lab: Cloud Pen-testing with Stratus Red Team
Talks:
- Purple Teaming & Adversary Emulation in the Cloud with Stratus Red Team, DEF CON Cloud Village 2022 (recorded after the event as the talks were not recorded)
- Threat-Driven Development with Stratus Red Team by Ryan Marcotte Cobb
- Cloudy With a Chance of Purple Rain: Leveraging Stratus Red Team - BSides Portland 2022
Papers:
Using Stratus Red Team as a Go Library
See Examples and Programmatic Usage.
Development
Building Locally
make
./bin/stratus --help
Running Locally
go run cmd/stratus/*.go list
Running the Tests
make test
Building the Documentation
For local usage:
pip install mkdocs-material mkdocs-awesome-pages-plugin
make docs
mkdocs serve
Acknowledgments
Maintainer: @christophetd
Similar projects (see how Stratus Red Team compares):
- Atomic Red Team by Red Canary
- Leonidas by F-Secure
- pacu by Rhino Security Labs
- Amazon GuardDuty Tester
- CloudGoat by Rhino Security Labs
Inspiration and relevant resources: