Stratus Red Team Versions Save

Changelog

• b986a31 Bump Terraform Kubernetes provider to support recent K8s versiont that don't create service account token secrets by default (#429)
• 584fd30 Bump actions/checkout from 3.5.3 to 4.1.1 (#425)
• ea64abf Bump actions/setup-go from 4.0.1 to 4.1.0 (#404)
• 0ca9918 Bump alpine from 3.18.2 to 3.18.4 (#415)
• d401f1d Bump github/codeql-action from 2.21.2 to 2.22.5 (#426)
• 4ff659c Bump golang.org/x/net from 0.7.0 to 0.17.0 in /v2 (#422)
• 5ea4572 Bump goreleaser/goreleaser-action from 4.3.0 to 5.0.0 (#417)
• e041684 Bump step-security/harden-runner from 2.5.0 to 2.6.0 (#424)

Changelog

• b986a31 Bump Terraform Kubernetes provider to support recent K8s versiont that don't create service account token secrets by default (#429)
• 584fd30 Bump actions/checkout from 3.5.3 to 4.1.1 (#425)
• ea64abf Bump actions/setup-go from 4.0.1 to 4.1.0 (#404)
• 0ca9918 Bump alpine from 3.18.2 to 3.18.4 (#415)
• d401f1d Bump github/codeql-action from 2.21.2 to 2.22.5 (#426)
• 4ff659c Bump golang.org/x/net from 0.7.0 to 0.17.0 in /v2 (#422)
• 5ea4572 Bump goreleaser/goreleaser-action from 4.3.0 to 5.0.0 (#417)
• e041684 Bump step-security/harden-runner from 2.5.0 to 2.6.0 (#424)

Changelog

• d151fe9 New attack technique: Persistence AWS Lambda Layer Extension (#427) by @adanalvarez

Changelog

New feature: Stratus Red Team now features 3 attack techniques to simulate ransomware activity.

• S3 Ransomware through individual file deletion
• S3 Ransomware through batch file deletion
• S3 Ransomware through client-side encryption

Docs:

• c5521ab Azure run command: add reference to CrowdStrike report (#396)

Chores:

• 6baedec Bump actions/setup-python from 4.6.1 to 4.7.0 (#394)
• e34ab33 Bump docker/build-push-action from 4.0.0 to 4.1.1 (#393)
• b16df30 Bump github/codeql-action from 2.3.5 to 2.21.2 (#391)
• d7b9207 Bump step-security/harden-runner from 2.4.1 to 2.5.0 (#392)

Changelog

Enhancements:

• bb96865 Allow customizing the attacker e-mail in gcp.exfiltration.share-compute-disk (#386)
• Add several community blog posts in the README

Changelog

Bug fixes:

• 2c89c34 [AWS] Catch the appropriate error in aws.execution.ec2-launch-unusual-instances (closes #387) (#390)

Enhancements:

• 7e125a0 Add link to GCP emulation post
• a7f75e9 Add note on logs generated by console logins (#382)
• 9e71abd Add reference to an attack creating IAM access keys (#384)
• 2ba3ec6 Remove unintentional debug output (#388)
• e9da1c0 Update link to blog post

Chores:

• 01ff63b Bump actions/checkout from 3.5.2 to 3.5.3 (#377)
• 99616fd Bump alpine from 3.18.0 to 3.18.2 (#381)
• d27b459 Bump docker/login-action from 2.1.0 to 2.2.0 (#376)
• 9f27a64 Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#379)
• c53781b Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#380)
• 5fd0045 Bump step-security/harden-runner from 2.4.0 to 2.4.1 (#378)

CI fixes:

• f43826a goreleaser: use --clean instead of now unsupported --rm-dist flag
• 3b12231 goreleaser: use name_template instead of the now-deprecated 'replacements'

Changelog

New GCP attack technique: Backdoor a GCP Service Account through its IAM Policy

Changelog

New attack technique for GCP: Invite an External User to a GCP Project

Changelog

New features:

• 2354e0d New GCP attack technique: Exfiltrating a GCP Compute Disk (#370) https://stratus-red-team.cloud/attack-techniques/GCP/gcp.exfiltration.share-compute-disk/

Chores:

• d42bb84 Whitelist sum.golang.org:443 in the release CI pipeline

Changelog

Bug fixes:

• Fixed a bug where Stratus Red Team would not use the EC2 instance role when run from an EC2 instance (#367, thank you @mrugank-canva for the contribution!)
• Fix now unsupported NodeJS Lambda runtime version in aws.persistence.lambda-backdoor-function (#359)

Chores:

• e52490c Brew formula update for stratus-red-team version v2.5.6
• 05a39d9 Bump actions/setup-go from 4.0.0 to 4.0.1 (#361)
• bbf173f Bump actions/setup-python from 4.6.0 to 4.6.1 (#363)
• 185d095 Bump alpine from 3.17.3 to 3.18.0 (#365)
• 18ecdc0 Bump github/codeql-action from 2.3.2 to 2.3.5 (#362)
• b128534 Bump golang from 1.20.3-alpine3.16 to 1.20.4-alpine3.16 (#366)
• 7c641d2 Bump step-security/harden-runner from 2.3.1 to 2.4.0 (#364)