Stratus Red Team Versions Save

Changelog

Bug fixes and improvements:

• a6351e3 Implement retry mechanism when creating and assuming an IAM role (#358), solves #353

Changelog

Bug fixes:

• c70d758 Avoid setting bucket ACLs which now cause errors since AWS started blocking ACLs by default on new buckets in April 2023 (#355, closes #354)

Changelog

Enhancements:

• 28461cc Homebrew: Automatically install shell completions for bash/zsh/fish (#352) by @craSH

Chores:

• a44b693 Bump actions/checkout from 3.5.0 to 3.5.2 (#349)
• a34b979 Bump actions/setup-go from 3.5.0 to 4.0.0 (#347)
• 6bd2d62 Bump actions/setup-python from 4.5.0 to 4.6.0 (#351)
• 8b2ed13 Bump github/codeql-action from 2.2.9 to 2.3.2 (#348)
• 6b50f17 Bump golang from 1.20.2-alpine3.16 to 1.20.3-alpine3.16 (#346)
• 9b7e1ab Bump step-security/harden-runner from 2.2.1 to 2.3.1 (#350)

What's Changed

Bug fixes:

• Pin the version of the terraform-aws-vpc module used to avoid unresolvable constraints (closes #173) by @christophetd in https://github.com/DataDog/stratus-red-team/pull/342

Improvements:

• Add comparison to AWS Cloud Saga by @christophetd in https://github.com/DataDog/stratus-red-team/pull/345

Chores:

• Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in https://github.com/DataDog/stratus-red-team/pull/339
• Bump github/codeql-action from 2.2.5 to 2.2.9 by @dependabot in https://github.com/DataDog/stratus-red-team/pull/338
• Bump actions/checkout from 3.3.0 to 3.5.0 by @dependabot in https://github.com/DataDog/stratus-red-team/pull/337
• Bump goreleaser/goreleaser-action from 3.1.0 to 4.2.0 by @dependabot in https://github.com/DataDog/stratus-red-team/pull/336
• Bump step-security/harden-runner from 2.2.0 to 2.2.1 by @dependabot in https://github.com/DataDog/stratus-red-team/pull/335
• Bump alpine from 3.17.2 to 3.17.3 by @dependabot in https://github.com/DataDog/stratus-red-team/pull/334
• Bump golang from 1.20.1-alpine3.16 to 1.20.2-alpine3.16 by @dependabot in https://github.com/DataDog/stratus-red-team/pull/333

Full Changelog: https://github.com/DataDog/stratus-red-team/compare/v2.5.2...v2.5.3

Changelog

Bug fixes:

• c6e1f68 Fix max duration parameter of RolesAnywhere attack technique (closes #331) (#332)

Docs:

• 370a454 Add references to aws.persistence.iam-create-admin-user
• c098e26 Add references to aws.persistence.iam-create-user-login-profile

Chores:

• fad1e4a Brew formula update for stratus-red-team version v2.5.1
• bb3b3e3 Bump actions/checkout from 3.2.0 to 3.3.0 (#328)
• ca0ad37 Bump actions/upload-artifact from 3.1.0 to 3.1.2 (#329)
• c513cfe Bump alpine from 3.17.1 to 3.17.2 (#325)
• d1fd5a3 Bump dominikh/staticcheck-action from 1.2.0 to 1.3.0 (#326)
• d4ac89a Bump github/codeql-action from 2.2.1 to 2.2.5 (#330)
• 590516a Bump golang from 1.19.5-alpine3.16 to 1.20.1-alpine3.16 (#324)
• eb63922 Bump golang.org/x/net in /v2 (#320)
• efc8da3 Bump golang.org/x/text from 0.3.7 to 0.3.8 in /v2 (#316)
• 48f0fe5 Bump step-security/harden-runner from 2.1.0 to 2.2.0 (#327)

Changelog

Bug fixes:

• b61e0bc Cleanup AWS resources in case of warm up error (#315) by @rollwagen

Documentation:

• 52e2381 Added a "Community" section in README

Chores:

• c8dbe33 Brew formula update for stratus-red-team version v2.5.0
• 3e1d65c Bump actions/setup-python from 4.4.0 to 4.5.0 (#311)
• 6ac9945 Bump alpine from 3.17.0 to 3.17.1 (#306)
• 05b51d2 Bump docker/build-push-action from 3.2.0 to 4.0.0 (#307)
• a4eea38 Bump github/codeql-action from 2.1.37 to 2.2.1 (#309)
• 5dfc3b4 Bump golang from 1.19.4-alpine3.16 to 1.19.5-alpine3.16 (#312)
• a7bf413 Bump ossf/scorecard-action from 2.0.4 to 2.1.2 (#308)
• 51e58b8 Bump step-security/harden-runner from 2.0.0 to 2.1.0 (#310)

Changelog

Enhancements:

• bedcae3 Properly encapsulate providers to allow for different detonation UUIDs (#295)

Bug fixes:

• fad7958 Fix GCP attack technique failing to impersonate service accounts (clo… (#304)
• f74f1d2 Fix GCP attack technique name length (closes #294) (#303)
• b08d3b9 Fix broken GCP technique (#305)
• f969b77 Fix incorrect length in name generation of gcp.privilege-escalation.impersonate-service-accounts (closes #296) (#297)
• 106b04f Fix resource name lengths in Azure attack techniques (closes #301) (#302)

Chores and minor changes:

• 8e86722 Bump actions/checkout from 3.1.0 to 3.2.0 (#288)
• 29a132e Bump actions/setup-go from 3.3.0 to 3.5.0 (#287)
• cbb315f Bump actions/setup-python from 4.3.0 to 4.4.0 (#289)
• 176333c Bump github/codeql-action from 2.1.29 to 2.1.37 (#286)
• 1ebed0a Bump golang from 1.19.3-alpine3.16 to 1.19.4-alpine3.16 (#285)
• 0021dc2 Bump step-security/harden-runner from 1.5.0 to 2.0.0 (#290)
• c76e8d9 Update revert log message in Azure disk exfiltration attack technique (#300)

Changelog

Bug fixes:

• f193d0a Remove requirement for default VPC and default subnets from aws.exfiltration.rds-share-snapshot. Add output indicating if an attack technique is slow (#284). Thanks @briandefiant for the contribution!

Misc:

• cc6941e Bump alpine from 3.16.2 to 3.17.0 (#281)
• 8c82f31 Bump golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16 (#282)
• 685f847 Bump hashicorp/setup-terraform from 2.0.2 to 2.0.3 (#283)

Changelog

Bug fixes:

• Fix roles trust policy in some edge cases for 4 attack techniques (#224), thanks @mario-areias!

Enhancements:

• Align resource names created (#242), thanks @sjhood!

Other:

• Bump dependencies
• Add Terraform linting in CI
• make docs now generates a YAML file with all available attack techniques (#218), thanks @mario-areias!)

Changelog

• 4898e6b Allow dependabot to open up to 20 PRs for Go dependencies
• f70e4c5 Brew formula update for stratus-red-team version v2.4.6
• 1d95a22 Bump actions/setup-go from 2.2.0 to 3.3.0 (#197)
• 26d4979 Bump actions/setup-python from 2.3.2 to 4.2.0 (#196)
• 4e52781 Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#199)
• e3bb532 Bump github.com/Azure/azure-sdk-for-go/sdk/azcore in /v2 (#206)
• 42cb865 Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity in /v2 (#215)
• a969f83 Bump github.com/aws/aws-sdk-go-v2/service/ec2 in /v2 (#203)
• 1929d18 Bump github.com/aws/aws-sdk-go-v2/service/lambda in /v2 (#216)
• 695caa9 Bump github.com/aws/aws-sdk-go-v2/service/organizations in /v2 (#209)
• 36974bb Bump github.com/aws/aws-sdk-go-v2/service/rds in /v2 (#205)
• 6675a2a Bump github.com/aws/aws-sdk-go-v2/service/rolesanywhere in /v2 (#200)
• 021f27f Bump github.com/aws/aws-sdk-go-v2/service/s3 in /v2 (#212)
• 7aeb23d Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager in /v2 (#204)
• 9179402 Bump github.com/aws/aws-sdk-go-v2/service/ssm from 1.20.0 to 1.30.0 in /v2 (#201)
• 347550c Bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 in /v2 (#217)
• 2f573b9 Bump github.com/hashicorp/hc-install from 0.3.2 to 0.4.0 in /v2 (#202)
• b05d1ad Bump github.com/hashicorp/terraform-exec from 0.15.0 to 0.17.3 in /v2 (#214)
• ff3e281 Bump github.com/jedib0t/go-pretty/v6 from 6.2.4 to 6.3.9 in /v2 (#211)
• 6b920a4 Bump github.com/stretchr/testify from 1.7.0 to 1.8.0 in /v2 (#213)
• 7449f32 Bump github/codeql-action from 1.0.26 to 2.1.26 (#198)
• 3671957 Bump google.golang.org/api from 0.63.0 to 0.98.0 in /v2 (#207)
• 4050fd7 Bump k8s.io/apimachinery from 0.23.3 to 0.25.2 in /v2 (#208)
• 1b12ae5 Change badge order in README
• 9f614af Change dependabot interval to 'daily'