From 26ea6d4f060fb8518799da2aa4a96f634a811797 Mon Sep 17 00:00:00 2001
From: Sadie H <30934213+sjhood@users.noreply.github.com>
Date: Tue, 22 Nov 2022 02:09:48 -0800
Subject: [PATCH] Name created resources more consistently (#242)

* add names

* add all renames with local variables and extend necessary random character strings

* terraform fmt
---
 .../ec2-get-password-data/main.tf             |  6 +++++-
 .../ec2-steal-instance-credentials/main.tf    | 10 ++++++---
 .../secretsmanager-retrieve-secrets/main.tf   |  5 +++--
 .../defense-evasion/cloudtrail-delete/main.tf | 21 ++++++++++++-------
 .../cloudtrail-event-selectors/main.tf        | 21 ++++++++++++-------
 .../cloudtrail-lifecycle-rule/main.tf         | 21 ++++++++++++-------
 .../defense-evasion/cloudtrail-stop/main.tf   | 21 ++++++++++++-------
 .../organizations-leave/main.tf               |  6 +++++-
 .../vpc-remove-flow-logs/main.tf              |  8 +++++--
 .../ec2-enumerate-from-instance/main.tf       | 10 ++++++---
 .../aws/discovery/ec2-get-user-data/main.tf   |  6 +++++-
 .../ec2-launch-unusual-instances/main.tf      | 16 ++++++++------
 .../aws/execution/ec2-user-data/main.tf       |  9 +++++---
 .../main.tf                                   |  8 +++++--
 .../aws/exfiltration/ec2-share-ami/main.tf    |  8 +++++--
 .../exfiltration/rds-share-snapshot/main.tf   |  6 +++++-
 .../s3-backdoor-bucket-policy/main.tf         | 10 ++++++---
 .../console-login-without-mfa/main.tf         | 10 ++++++---
 .../aws/persistence/iam-backdoor-role/main.tf |  6 +++++-
 .../aws/persistence/iam-backdoor-user/main.tf |  6 +++++-
 .../iam-create-user-login-profile/main.tf     |  6 +++++-
 .../lambda-backdoor-function/main.tf          | 14 ++++++++-----
 .../persistence/lambda-overwrite-code/main.tf | 14 ++++++++-----
 .../rolesanywhere-create-trust-anchor/main.tf |  6 +++++-
 .../vm-custom-script-extension/main.tf        | 16 ++++++++------
 .../azure/execution/vm-run-command/main.tf    | 18 +++++++++-------
 .../azure/exfiltration/disk-export/main.tf    |  6 +++---
 .../create-admin-service-account/main.tf      |  8 +++++--
 .../create-service-account-key/main.tf        |  6 +++++-
 .../impersonate-service-accounts/main.tf      |  5 +++--
 .../steal-serviceaccount-token/main.tf        |  6 +++---
 .../hostpath-volume/main.tf                   |  6 +++---
 .../privilege-escalation/nodes-proxy/main.tf  |  9 ++++----
 .../privileged-pod/main.tf                    |  2 +-
 34 files changed, 225 insertions(+), 111 deletions(-)

diff --git a/v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf b/v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf
index a0c8a604..d0dd0afb 100644
--- a/v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf
+++ b/v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf
@@ -18,10 +18,14 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-ec2-get-password-data"
+}
+
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "role" {
-  name = "sample-role-used-by-stratus-for-ec2-password-data"
+  name = "${local.resource_prefix}-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
diff --git a/v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf b/v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf
index c7f50389..b6887a6a 100644
--- a/v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf
+++ b/v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf
@@ -19,6 +19,10 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-ec2-steal-credentials"
+}
+
 data "aws_availability_zones" "available" {
   state = "available"
 }
@@ -26,7 +30,7 @@ data "aws_availability_zones" "available" {
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "stratus-red-team-vpc-ec2-credentials"
+  name = "${local.resource_prefix}-vpc"
   cidr = "10.0.0.0/16"
 
   azs             = [data.aws_availability_zones.available.names[0]]
@@ -57,7 +61,7 @@ resource "aws_network_interface" "iface" {
 }
 
 resource "aws_iam_role" "instance-role" {
-  name = "stratus-ec2-credentials-instance-role"
+  name = "${local.resource_prefix}-role"
   path = "/"
 
   assume_role_policy = <<EOF
@@ -98,7 +102,7 @@ resource "aws_iam_role_policy_attachment" "rolepolicy" {
 }
 
 resource "aws_iam_instance_profile" "instance" {
-  name = "stratus-ec2-credentials-instance"
+  name = "${local.resource_prefix}-instance"
   role = aws_iam_role.instance-role.name
 }
 
diff --git a/v2/internal/attacktechniques/aws/credential-access/secretsmanager-retrieve-secrets/main.tf b/v2/internal/attacktechniques/aws/credential-access/secretsmanager-retrieve-secrets/main.tf
index 420526d4..0ccb0c1c 100644
--- a/v2/internal/attacktechniques/aws/credential-access/secretsmanager-retrieve-secrets/main.tf
+++ b/v2/internal/attacktechniques/aws/credential-access/secretsmanager-retrieve-secrets/main.tf
@@ -19,7 +19,8 @@ provider "aws" {
 }
 
 locals {
-  num_secrets = 20
+  num_secrets     = 20
+  resource_prefix = "stratus-red-team-retrieve-secret"
 }
 
 resource "random_string" "secrets" {
@@ -30,7 +31,7 @@ resource "random_string" "secrets" {
 
 resource "aws_secretsmanager_secret" "secrets" {
   count = local.num_secrets
-  name  = "stratus-red-team-secret-${count.index}"
+  name  = "${local.resource_prefix}-${count.index}"
 
   recovery_window_in_days = 0
 }
diff --git a/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-delete/main.tf b/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-delete/main.tf
index d2b105dd..725c7491 100644
--- a/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-delete/main.tf
+++ b/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-delete/main.tf
@@ -18,20 +18,25 @@ provider "aws" {
   }
 }
 
-resource "aws_cloudtrail" "trail" {
-  name           = "my-cloudtrail-trail-2"
-  s3_bucket_name = aws_s3_bucket.cloudtrail.id
-}
-
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 locals {
-  bucket-name = "my-cloudtrail-bucket-${random_string.suffix.result}"
+  resource_prefix = "stratus-red-team-cloudtraild"
+}
+
+locals {
+  bucket-name = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
+}
+
+resource "aws_cloudtrail" "trail" {
+  name           = "${local.resource_prefix}-trail-${random_string.suffix.result}"
+  s3_bucket_name = aws_s3_bucket.cloudtrail.id
 }
+
 resource "aws_s3_bucket" "cloudtrail" {
   bucket        = local.bucket-name
   force_destroy = true
diff --git a/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-event-selectors/main.tf b/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-event-selectors/main.tf
index ba7c5313..0ede22ff 100644
--- a/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-event-selectors/main.tf
+++ b/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-event-selectors/main.tf
@@ -18,20 +18,25 @@ provider "aws" {
   }
 }
 
-resource "aws_cloudtrail" "trail" {
-  name           = "my-cloudtrail-trail-4"
-  s3_bucket_name = aws_s3_bucket.cloudtrail.id
-}
-
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 locals {
-  bucket-name = "my-cloudtrail-bucket-${random_string.suffix.result}"
+  resource_prefix = "stratus-red-team-ctes" # cloudtrail event selectors
+}
+
+locals {
+  bucket-name = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
+}
+
+resource "aws_cloudtrail" "trail" {
+  name           = "${local.resource_prefix}-trail-${random_string.suffix.result}"
+  s3_bucket_name = aws_s3_bucket.cloudtrail.id
 }
+
 resource "aws_s3_bucket" "cloudtrail" {
   bucket        = local.bucket-name
   force_destroy = true
diff --git a/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-lifecycle-rule/main.tf b/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-lifecycle-rule/main.tf
index 97b12770..61057abe 100644
--- a/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-lifecycle-rule/main.tf
+++ b/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-lifecycle-rule/main.tf
@@ -18,20 +18,25 @@ provider "aws" {
   }
 }
 
-resource "aws_cloudtrail" "trail" {
-  name           = "my-cloudtrail-trail-3"
-  s3_bucket_name = aws_s3_bucket.cloudtrail.id
-}
-
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 locals {
-  bucket-name = "my-cloudtrail-bucket-${random_string.suffix.result}"
+  resource_prefix = "stratus-red-team-ctlr" # cloudtrail lifecycle rule
+}
+
+locals {
+  bucket-name = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
+}
+
+resource "aws_cloudtrail" "trail" {
+  name           = "${local.resource_prefix}-trail-${random_string.suffix.result}"
+  s3_bucket_name = aws_s3_bucket.cloudtrail.id
 }
+
 resource "aws_s3_bucket" "cloudtrail" {
   bucket        = local.bucket-name
   force_destroy = true
diff --git a/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-stop/main.tf b/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-stop/main.tf
index 1afa401c..d4b0bfeb 100644
--- a/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-stop/main.tf
+++ b/v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-stop/main.tf
@@ -18,20 +18,25 @@ provider "aws" {
   }
 }
 
-resource "aws_cloudtrail" "trail" {
-  name           = "my-cloudtrail-trail"
-  s3_bucket_name = aws_s3_bucket.cloudtrail.id
-}
-
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 locals {
-  bucket-name = "my-cloudtrail-bucket-${random_string.suffix.result}"
+  resource_prefix = "stratus-red-team-ct-stop"
+}
+
+locals {
+  bucket-name = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
+}
+
+resource "aws_cloudtrail" "trail" {
+  name           = "${local.resource_prefix}-trail-${random_string.suffix.result}"
+  s3_bucket_name = aws_s3_bucket.cloudtrail.id
 }
+
 resource "aws_s3_bucket" "cloudtrail" {
   bucket        = local.bucket-name
   force_destroy = true
diff --git a/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf b/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
index 3ba57ca6..3d07fd81 100644
--- a/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
+++ b/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
@@ -18,10 +18,14 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-leave-org"
+}
+
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "role" {
-  name = "stratus-red-team-role-leave-organization"
+  name = "${local.resource_prefix}-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
diff --git a/v2/internal/attacktechniques/aws/defense-evasion/vpc-remove-flow-logs/main.tf b/v2/internal/attacktechniques/aws/defense-evasion/vpc-remove-flow-logs/main.tf
index 5c493292..348b713e 100644
--- a/v2/internal/attacktechniques/aws/defense-evasion/vpc-remove-flow-logs/main.tf
+++ b/v2/internal/attacktechniques/aws/defense-evasion/vpc-remove-flow-logs/main.tf
@@ -18,6 +18,10 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-remove-flow-logs"
+}
+
 resource "aws_vpc" "vpc" {
   cidr_block = "10.0.0.0/16"
 }
@@ -34,7 +38,7 @@ resource "aws_cloudwatch_log_group" "logs" {
 }
 
 resource "aws_iam_role" "role" {
-  name = "example"
+  name = "${local.resource_prefix}-role"
 
   assume_role_policy = <<EOF
 {
@@ -54,7 +58,7 @@ EOF
 }
 
 resource "aws_iam_role_policy" "example" {
-  name = "allow-writing-to-cloudwatch"
+  name = "${local.resource_prefix}-policy"
   role = aws_iam_role.role.id
 
   policy = <<EOF
diff --git a/v2/internal/attacktechniques/aws/discovery/ec2-enumerate-from-instance/main.tf b/v2/internal/attacktechniques/aws/discovery/ec2-enumerate-from-instance/main.tf
index 8edf7621..1e92ff14 100644
--- a/v2/internal/attacktechniques/aws/discovery/ec2-enumerate-from-instance/main.tf
+++ b/v2/internal/attacktechniques/aws/discovery/ec2-enumerate-from-instance/main.tf
@@ -19,6 +19,10 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-ec2-enumerate"
+}
+
 data "aws_availability_zones" "available" {
   state = "available"
 }
@@ -26,7 +30,7 @@ data "aws_availability_zones" "available" {
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "stratus-red-team-vpc-discovery"
+  name = "${local.resource_prefix}-vpc"
   cidr = "10.0.0.0/16"
 
   azs             = [data.aws_availability_zones.available.names[0]]
@@ -57,7 +61,7 @@ resource "aws_network_interface" "iface" {
 }
 
 resource "aws_iam_role" "instance-role" {
-  name = "stratus-discovery-instance-role"
+  name = "${local.resource_prefix}-role"
   path = "/"
 
   assume_role_policy = <<EOF
@@ -83,7 +87,7 @@ resource "aws_iam_role_policy_attachment" "rolepolicy" {
 }
 
 resource "aws_iam_instance_profile" "instance" {
-  name = "stratus-discovery-instance"
+  name = "${local.resource_prefix}-instance"
   role = aws_iam_role.instance-role.name
 }
 
diff --git a/v2/internal/attacktechniques/aws/discovery/ec2-get-user-data/main.tf b/v2/internal/attacktechniques/aws/discovery/ec2-get-user-data/main.tf
index 33cb94db..37b87f8b 100644
--- a/v2/internal/attacktechniques/aws/discovery/ec2-get-user-data/main.tf
+++ b/v2/internal/attacktechniques/aws/discovery/ec2-get-user-data/main.tf
@@ -18,10 +18,14 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-get-usr-data"
+}
+
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "role" {
-  name = "sample-role-used-by-stratus"
+  name = "${local.resource_prefix}-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
diff --git a/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.tf b/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.tf
index 466e59bd..6cf873c5 100644
--- a/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.tf
+++ b/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.tf
@@ -21,13 +21,17 @@ provider "aws" {
 data "aws_caller_identity" "current" {}
 
 resource "random_string" "suffix" {
-  length    = 8
-  min_lower = 8
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
+locals {
+  resource_prefix = "stratus-red-team-ec2lui" # ec2 launch unusual instance
+}
+
 resource "aws_iam_role" "role" {
-  name = "sample-role-used-by-stratus-${random_string.suffix.result}"
+  name = "${local.resource_prefix}-role-${random_string.suffix.result}"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -44,7 +48,7 @@ resource "aws_iam_role" "role" {
 }
 
 resource "aws_iam_policy" "policy" {
-  name = "inline-policy-${random_string.suffix.result}"
+  name = "${local.resource_prefix}-policy-${random_string.suffix.result}"
   policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -58,7 +62,7 @@ resource "aws_iam_policy" "policy" {
 }
 
 resource "aws_iam_policy_attachment" "attachment" {
-  name       = "iam-policy-attachement-${random_string.suffix.result}"
+  name       = "${local.resource_prefix}-attachment-${random_string.suffix.result}"
   roles      = [aws_iam_role.role.name]
   policy_arn = aws_iam_policy.policy.arn
 }
@@ -70,7 +74,7 @@ data "aws_availability_zones" "available" {
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "stratus-red-team-vpc-unusual-instances"
+  name = "${local.resource_prefix}-vpc"
   cidr = "10.0.0.0/16"
 
   azs             = [data.aws_availability_zones.available.names[0]]
diff --git a/v2/internal/attacktechniques/aws/execution/ec2-user-data/main.tf b/v2/internal/attacktechniques/aws/execution/ec2-user-data/main.tf
index 10403f38..6bb3312d 100644
--- a/v2/internal/attacktechniques/aws/execution/ec2-user-data/main.tf
+++ b/v2/internal/attacktechniques/aws/execution/ec2-user-data/main.tf
@@ -19,6 +19,9 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-usr-data"
+}
 
 data "aws_availability_zones" "available" {
   state = "available"
@@ -27,7 +30,7 @@ data "aws_availability_zones" "available" {
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "stratus-red-team-vpc-discovery"
+  name = "${local.resource_prefix}-vpc"
   cidr = "10.0.0.0/16"
 
   azs             = [data.aws_availability_zones.available.names[0]]
@@ -58,7 +61,7 @@ resource "aws_network_interface" "iface" {
 }
 
 resource "aws_iam_role" "instance-role" {
-  name = "stratus-ec2-privilege-escalation-instance-role"
+  name = "${local.resource_prefix}-role"
   path = "/"
 
   assume_role_policy = <<EOF
@@ -84,7 +87,7 @@ resource "aws_iam_role_policy_attachment" "rolepolicy" {
 }
 
 resource "aws_iam_instance_profile" "instance" {
-  name = "stratus-ec2-privilege-escalation-instance"
+  name = "${local.resource_prefix}-instance"
   role = aws_iam_role.instance-role.name
 }
 
diff --git a/v2/internal/attacktechniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/main.tf b/v2/internal/attacktechniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/main.tf
index 3040588a..af9e6afc 100644
--- a/v2/internal/attacktechniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/main.tf
+++ b/v2/internal/attacktechniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/main.tf
@@ -18,6 +18,10 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-open-sg"
+}
+
 resource "aws_vpc" "vpc" {
   cidr_block = "10.0.0.0/16"
   tags = {
@@ -26,7 +30,7 @@ resource "aws_vpc" "vpc" {
 }
 
 resource "aws_security_group" "allow_tls" {
-  name        = "allow_tls"
+  name        = "${local.resource_prefix}-sg"
   description = "Allow TLS inbound traffic"
   vpc_id      = aws_vpc.vpc.id
 
@@ -47,7 +51,7 @@ resource "aws_security_group" "allow_tls" {
   }
 
   tags = {
-    Name = "allow_tls",
+    Name = "${local.resource_prefix}-sg",
   }
 }
 
diff --git a/v2/internal/attacktechniques/aws/exfiltration/ec2-share-ami/main.tf b/v2/internal/attacktechniques/aws/exfiltration/ec2-share-ami/main.tf
index a044939a..e3d11be8 100644
--- a/v2/internal/attacktechniques/aws/exfiltration/ec2-share-ami/main.tf
+++ b/v2/internal/attacktechniques/aws/exfiltration/ec2-share-ami/main.tf
@@ -18,6 +18,10 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-share-ami"
+}
+
 data "aws_availability_zones" "available" {
   state = "available"
 }
@@ -27,7 +31,7 @@ resource "aws_ebs_volume" "volume" {
   size              = 1
 
   tags = {
-    Name = "StratusRedTeamVolumeForAmi"
+    Name = "${local.resource_prefix}-ami"
   }
 }
 
@@ -37,7 +41,7 @@ resource "aws_ebs_snapshot" "snapshot" {
 
 
 resource "aws_ami" "ami" {
-  name                = "stratus-red-team-ami"
+  name                = "${local.resource_prefix}-ami"
   virtualization_type = "hvm"
   root_device_name    = "/dev/xvda"
 
diff --git a/v2/internal/attacktechniques/aws/exfiltration/rds-share-snapshot/main.tf b/v2/internal/attacktechniques/aws/exfiltration/rds-share-snapshot/main.tf
index 4f816827..638b6d67 100644
--- a/v2/internal/attacktechniques/aws/exfiltration/rds-share-snapshot/main.tf
+++ b/v2/internal/attacktechniques/aws/exfiltration/rds-share-snapshot/main.tf
@@ -24,12 +24,16 @@ resource "random_password" "password" {
   special   = false
 }
 
+locals {
+  resource_prefix = "stratus-red-team-share-snap"
+}
+
 resource "aws_db_instance" "default" {
   allocated_storage       = 10 // minimum size
   engine                  = "mysql"
   engine_version          = "8.0"
   instance_class          = "db.t3.micro"
-  name                    = "samplerdsdatabase"
+  name                    = "${local.resource_prefix}-db"
   backup_retention_period = 0
   username                = "admin"
   password                = random_password.password.result
diff --git a/v2/internal/attacktechniques/aws/exfiltration/s3-backdoor-bucket-policy/main.tf b/v2/internal/attacktechniques/aws/exfiltration/s3-backdoor-bucket-policy/main.tf
index 33c832f0..8731b6c0 100644
--- a/v2/internal/attacktechniques/aws/exfiltration/s3-backdoor-bucket-policy/main.tf
+++ b/v2/internal/attacktechniques/aws/exfiltration/s3-backdoor-bucket-policy/main.tf
@@ -19,13 +19,17 @@ provider "aws" {
 }
 
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
+locals {
+  resource_prefix = "stratus-red-team-bdbp" # backdoor bucket policy
+}
+
 resource "aws_s3_bucket" "bucket" {
-  bucket = "stratus-red-team-${random_string.suffix.result}"
+  bucket = "${local.resource_prefix}-${random_string.suffix.result}"
   acl    = "private"
 }
 
diff --git a/v2/internal/attacktechniques/aws/initial-access/console-login-without-mfa/main.tf b/v2/internal/attacktechniques/aws/initial-access/console-login-without-mfa/main.tf
index 2b17927d..0be76a38 100644
--- a/v2/internal/attacktechniques/aws/initial-access/console-login-without-mfa/main.tf
+++ b/v2/internal/attacktechniques/aws/initial-access/console-login-without-mfa/main.tf
@@ -16,13 +16,17 @@ provider "aws" {
 data "aws_caller_identity" "current" {}
 
 resource "random_string" "suffix" {
-  length    = 8
-  min_lower = 8
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
+locals {
+  resource_prefix = "stratus-red-team-nmfalu" # non-mfa login user
+}
+
 resource "aws_iam_user" "console-user" {
-  name          = "console-user-${random_string.suffix.result}"
+  name          = "${local.resource_prefix}-${random_string.suffix.result}"
   force_destroy = true
 }
 
diff --git a/v2/internal/attacktechniques/aws/persistence/iam-backdoor-role/main.tf b/v2/internal/attacktechniques/aws/persistence/iam-backdoor-role/main.tf
index 3c482ccb..e43cfb86 100644
--- a/v2/internal/attacktechniques/aws/persistence/iam-backdoor-role/main.tf
+++ b/v2/internal/attacktechniques/aws/persistence/iam-backdoor-role/main.tf
@@ -13,8 +13,12 @@ provider "aws" {
   skip_metadata_api_check     = true
 }
 
+locals {
+  resource_prefix = "stratus-red-team-backdoor-r"
+}
+
 resource "aws_iam_role" "legit-role" {
-  name = "sample-legit-role" # TODO parametrize
+  name = "${local.resource_prefix}-role" # TODO parametrize
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
diff --git a/v2/internal/attacktechniques/aws/persistence/iam-backdoor-user/main.tf b/v2/internal/attacktechniques/aws/persistence/iam-backdoor-user/main.tf
index 31f3b840..dbe6e837 100644
--- a/v2/internal/attacktechniques/aws/persistence/iam-backdoor-user/main.tf
+++ b/v2/internal/attacktechniques/aws/persistence/iam-backdoor-user/main.tf
@@ -18,8 +18,12 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-backdoor-u"
+}
+
 resource "aws_iam_user" "legit-user" {
-  name          = "sample-legit-user" # TODO parametrize
+  name          = "${local.resource_prefix}-user" # TODO parametrize
   force_destroy = true
 }
 
diff --git a/v2/internal/attacktechniques/aws/persistence/iam-create-user-login-profile/main.tf b/v2/internal/attacktechniques/aws/persistence/iam-create-user-login-profile/main.tf
index ec66772d..73281526 100644
--- a/v2/internal/attacktechniques/aws/persistence/iam-create-user-login-profile/main.tf
+++ b/v2/internal/attacktechniques/aws/persistence/iam-create-user-login-profile/main.tf
@@ -18,8 +18,12 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-login-profile"
+}
+
 resource "aws_iam_user" "legit-user" {
-  name          = "sample-iam-user"
+  name          = "${local.resource_prefix}-user"
   force_destroy = true
 }
 
diff --git a/v2/internal/attacktechniques/aws/persistence/lambda-backdoor-function/main.tf b/v2/internal/attacktechniques/aws/persistence/lambda-backdoor-function/main.tf
index c8fff8ad..3969b4cc 100644
--- a/v2/internal/attacktechniques/aws/persistence/lambda-backdoor-function/main.tf
+++ b/v2/internal/attacktechniques/aws/persistence/lambda-backdoor-function/main.tf
@@ -18,8 +18,12 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-backdoor-f"
+}
+
 resource "aws_iam_role" "lambda" {
-  name = "lambda-function-role-stratus-red-team"
+  name = "${local.resource_prefix}-lambda"
 
   assume_role_policy = <<EOF
 {
@@ -39,13 +43,13 @@ EOF
 }
 
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 resource "aws_s3_bucket" "bucket" {
-  bucket        = "stratus-red-team-lambda-function-code-${random_string.suffix.result}"
+  bucket        = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
   acl           = "private"
   force_destroy = true
 }
@@ -56,7 +60,7 @@ resource "aws_s3_bucket_object" "code" {
 }
 
 resource "aws_lambda_function" "lambda" {
-  function_name = "stratus-sample-lambda-function"
+  function_name = "${local.resource_prefix}-func"
   s3_bucket     = aws_s3_bucket.bucket.id
   s3_key        = aws_s3_bucket_object.code.key
   role          = aws_iam_role.lambda.arn
diff --git a/v2/internal/attacktechniques/aws/persistence/lambda-overwrite-code/main.tf b/v2/internal/attacktechniques/aws/persistence/lambda-overwrite-code/main.tf
index 0b3ee826..fe564eff 100644
--- a/v2/internal/attacktechniques/aws/persistence/lambda-overwrite-code/main.tf
+++ b/v2/internal/attacktechniques/aws/persistence/lambda-overwrite-code/main.tf
@@ -19,13 +19,17 @@ provider "aws" {
 }
 
 resource "random_string" "suffix" {
-  length    = 8
-  min_lower = 8
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
+locals {
+  resource_prefix = "stratus-red-team-olc" # stratus red team overwrite lambda code 
+}
+
 resource "aws_iam_role" "lambda-update" {
-  name = "lambda-function-role-stratus-red-team-${random_string.suffix.result}"
+  name = "${local.resource_prefix}-lambda-${random_string.suffix.result}"
   assume_role_policy = jsonencode({
     "Version" : "2012-10-17",
     "Statement" : [
@@ -44,7 +48,7 @@ resource "aws_iam_role" "lambda-update" {
 
 
 resource "aws_s3_bucket" "bucket" {
-  bucket        = "stratus-red-team-lambda-function-code-${random_string.suffix.result}"
+  bucket        = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
   force_destroy = true
 }
 
@@ -60,7 +64,7 @@ resource "aws_s3_object" "lambda_zip" {
 }
 
 resource "aws_lambda_function" "lambda" {
-  function_name = "stratus-sample-lambda-function-${random_string.suffix.result}"
+  function_name = "${local.resource_prefix}-func-${random_string.suffix.result}"
   s3_bucket     = aws_s3_bucket.bucket.id
   s3_key        = aws_s3_object.lambda_zip.key
   role          = aws_iam_role.lambda-update.arn
diff --git a/v2/internal/attacktechniques/aws/persistence/rolesanywhere-create-trust-anchor/main.tf b/v2/internal/attacktechniques/aws/persistence/rolesanywhere-create-trust-anchor/main.tf
index b28d0828..9c51a911 100644
--- a/v2/internal/attacktechniques/aws/persistence/rolesanywhere-create-trust-anchor/main.tf
+++ b/v2/internal/attacktechniques/aws/persistence/rolesanywhere-create-trust-anchor/main.tf
@@ -18,8 +18,12 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-trust-anchor"
+}
+
 resource "aws_iam_role" "role" {
-  name = "sample-rolesanywhere-role-stratus-red-team"
+  name = "${local.resource_prefix}-role"
 
   assume_role_policy = <<EOF
 {
diff --git a/v2/internal/attacktechniques/azure/execution/vm-custom-script-extension/main.tf b/v2/internal/attacktechniques/azure/execution/vm-custom-script-extension/main.tf
index c97b73b0..ff5ed1d5 100644
--- a/v2/internal/attacktechniques/azure/execution/vm-custom-script-extension/main.tf
+++ b/v2/internal/attacktechniques/azure/execution/vm-custom-script-extension/main.tf
@@ -11,6 +11,10 @@ provider "azurerm" {
   features {}
 }
 
+locals {
+  resource_prefix = "stratus-red-team-vmcse" # stratus red team vm custom script extension
+}
+
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 # Random
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@@ -32,7 +36,7 @@ resource "random_password" "password" {
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
 resource "azurerm_resource_group" "lab_environment" {
-  name     = "rg-${random_string.lab_name.result}"
+  name     = "${local.resource_prefix}-rg-${random_string.lab_name.result}"
   location = "West US"
 }
 
@@ -41,26 +45,26 @@ resource "azurerm_resource_group" "lab_environment" {
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
 resource "azurerm_virtual_network" "lab_vnet" {
-  name                = "vnet-${random_string.lab_name.result}"
+  name                = "${local.resource_prefix}-vnet-${random_string.lab_name.result}"
   address_space       = ["10.0.0.0/16"]
   location            = azurerm_resource_group.lab_environment.location
   resource_group_name = azurerm_resource_group.lab_environment.name
 }
 
 resource "azurerm_subnet" "lab_subnet" {
-  name                 = "subnet-${random_string.lab_name.result}"
+  name                 = "${local.resource_prefix}-subnet-${random_string.lab_name.result}"
   resource_group_name  = azurerm_resource_group.lab_environment.name
   virtual_network_name = azurerm_virtual_network.lab_vnet.name
   address_prefixes     = ["10.0.2.0/24"]
 }
 
 resource "azurerm_network_interface" "lab_nic" {
-  name                = "nic-${random_string.lab_name.result}"
+  name                = "${local.resource_prefix}-nic-${random_string.lab_name.result}"
   location            = azurerm_resource_group.lab_environment.location
   resource_group_name = azurerm_resource_group.lab_environment.name
 
   ip_configuration {
-    name                          = "ip-${random_string.lab_name.result}"
+    name                          = "${local.resource_prefix}-ip-${random_string.lab_name.result}"
     subnet_id                     = azurerm_subnet.lab_subnet.id
     private_ip_address_allocation = "Dynamic"
   }
@@ -71,7 +75,7 @@ resource "azurerm_network_interface" "lab_nic" {
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
 resource "azurerm_windows_virtual_machine" "lab_windows_vm" {
-  name                = "vm-${random_string.lab_name.result}"
+  name                = "${local.resource_prefix}-vm-${random_string.lab_name.result}"
   resource_group_name = azurerm_resource_group.lab_environment.name
   location            = azurerm_resource_group.lab_environment.location
   size                = "Standard_F2"
diff --git a/v2/internal/attacktechniques/azure/execution/vm-run-command/main.tf b/v2/internal/attacktechniques/azure/execution/vm-run-command/main.tf
index a2109c06..9f6ab1cc 100644
--- a/v2/internal/attacktechniques/azure/execution/vm-run-command/main.tf
+++ b/v2/internal/attacktechniques/azure/execution/vm-run-command/main.tf
@@ -11,12 +11,16 @@ provider "azurerm" {
   features {}
 }
 
+locals {
+  resource_prefix = "stratus-red-team-vmrc" # stratus red team vm run commant
+}
+
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 # Random
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
 resource "random_string" "lab_name" {
-  length  = 8
+  length  = 4
   special = false
   upper   = false
 }
@@ -32,7 +36,7 @@ resource "random_password" "password" {
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
 resource "azurerm_resource_group" "lab_environment" {
-  name     = "rg-${random_string.lab_name.result}"
+  name     = "${local.resource_prefix}-rg-${random_string.lab_name.result}"
   location = "West US"
 }
 
@@ -41,26 +45,26 @@ resource "azurerm_resource_group" "lab_environment" {
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
 resource "azurerm_virtual_network" "lab_vnet" {
-  name                = "vnet-${random_string.lab_name.result}"
+  name                = "${local.resource_prefix}-vnet-${random_string.lab_name.result}"
   address_space       = ["10.0.0.0/16"]
   location            = azurerm_resource_group.lab_environment.location
   resource_group_name = azurerm_resource_group.lab_environment.name
 }
 
 resource "azurerm_subnet" "lab_subnet" {
-  name                 = "subnet-${random_string.lab_name.result}"
+  name                 = "${local.resource_prefix}-subnet-${random_string.lab_name.result}"
   resource_group_name  = azurerm_resource_group.lab_environment.name
   virtual_network_name = azurerm_virtual_network.lab_vnet.name
   address_prefixes     = ["10.0.2.0/24"]
 }
 
 resource "azurerm_network_interface" "lab_nic" {
-  name                = "nic-${random_string.lab_name.result}"
+  name                = "${local.resource_prefix}-nic-${random_string.lab_name.result}"
   location            = azurerm_resource_group.lab_environment.location
   resource_group_name = azurerm_resource_group.lab_environment.name
 
   ip_configuration {
-    name                          = "ip-${random_string.lab_name.result}"
+    name                          = "${local.resource_prefix}-ip-${random_string.lab_name.result}"
     subnet_id                     = azurerm_subnet.lab_subnet.id
     private_ip_address_allocation = "Dynamic"
   }
@@ -71,7 +75,7 @@ resource "azurerm_network_interface" "lab_nic" {
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
 resource "azurerm_windows_virtual_machine" "lab_windows_vm" {
-  name                = "vm-${random_string.lab_name.result}"
+  name                = "${local.resource_prefix}-vm-${random_string.lab_name.result}"
   resource_group_name = azurerm_resource_group.lab_environment.name
   location            = azurerm_resource_group.lab_environment.location
   size                = "Standard_F2"
diff --git a/v2/internal/attacktechniques/azure/exfiltration/disk-export/main.tf b/v2/internal/attacktechniques/azure/exfiltration/disk-export/main.tf
index 8fc99ca1..06eb5e77 100644
--- a/v2/internal/attacktechniques/azure/exfiltration/disk-export/main.tf
+++ b/v2/internal/attacktechniques/azure/exfiltration/disk-export/main.tf
@@ -12,18 +12,18 @@ provider "azurerm" {
 }
 
 resource "random_string" "suffix" {
-  length  = 8
+  length  = 4
   special = false
   upper   = false
 }
 
 resource "azurerm_resource_group" "rg" {
-  name     = "rg-${random_string.suffix.result}"
+  name     = "stratus-red-team-disk-export-rg-${random_string.suffix.result}"
   location = "West US"
 }
 
 resource "azurerm_managed_disk" "disk" {
-  name                 = "stratus-red-team-disk"
+  name                 = "stratus-red-team-disk-export-disk"
   location             = azurerm_resource_group.rg.location
   resource_group_name  = azurerm_resource_group.rg.name
   storage_account_type = "Standard_LRS"
diff --git a/v2/internal/attacktechniques/gcp/persistence/create-admin-service-account/main.tf b/v2/internal/attacktechniques/gcp/persistence/create-admin-service-account/main.tf
index afed8f25..4e3369a9 100644
--- a/v2/internal/attacktechniques/gcp/persistence/create-admin-service-account/main.tf
+++ b/v2/internal/attacktechniques/gcp/persistence/create-admin-service-account/main.tf
@@ -7,6 +7,10 @@ terraform {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-casa" # stratus red team create admin service account
+}
+
 resource "random_string" "suffix" {
   length      = 6
   special     = false
@@ -15,5 +19,5 @@ resource "random_string" "suffix" {
 }
 
 output "service_account_name" {
-  value = format("stratus-red-team-sa-%s", random_string.suffix.result)
-}
\ No newline at end of file
+  value = format("%s-sa-%s", local.resource_prefix, random_string.suffix.result)
+}
diff --git a/v2/internal/attacktechniques/gcp/persistence/create-service-account-key/main.tf b/v2/internal/attacktechniques/gcp/persistence/create-service-account-key/main.tf
index 2a30cf4b..33f5ddd9 100644
--- a/v2/internal/attacktechniques/gcp/persistence/create-service-account-key/main.tf
+++ b/v2/internal/attacktechniques/gcp/persistence/create-service-account-key/main.tf
@@ -7,8 +7,12 @@ terraform {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-csak" # stratus red team create service account key
+}
+
 resource "google_service_account" "service_account" {
-  account_id = "target-sa-stratus-red-team"
+  account_id = format("%s-sa", local.resource_prefix)
 }
 
 output "sa_email" {
diff --git a/v2/internal/attacktechniques/gcp/privilege-escalation/impersonate-service-accounts/main.tf b/v2/internal/attacktechniques/gcp/privilege-escalation/impersonate-service-accounts/main.tf
index c0ce9366..29da00d6 100644
--- a/v2/internal/attacktechniques/gcp/privilege-escalation/impersonate-service-accounts/main.tf
+++ b/v2/internal/attacktechniques/gcp/privilege-escalation/impersonate-service-accounts/main.tf
@@ -11,11 +11,12 @@ data "google_client_openid_userinfo" "whoami" {}
 
 locals {
   num-service-accounts = 10
+  resource_prefix      = "stratus-red-team-isa" # stratus red team impersonate service accounts
 }
 
 resource "random_string" "suffix" {
   count       = local.num-service-accounts
-  length      = 8
+  length      = 4
   special     = false
   min_lower   = 4
   min_numeric = 4
@@ -24,7 +25,7 @@ resource "random_string" "suffix" {
 // Create N service accounts
 resource "google_service_account" "service_account" {
   count       = local.num-service-accounts
-  account_id  = format("stratus-red-team-%s", random_string.suffix[count.index].result)
+  account_id  = format("%s-sa-%s", local.resource_prefix, random_string.suffix[count.index].result)
   description = "Service account used by Stratus Red Team for gcp.privilege-escalation.impersonate-service-accounts"
 }
 
diff --git a/v2/internal/attacktechniques/k8s/credential-access/steal-serviceaccount-token/main.tf b/v2/internal/attacktechniques/k8s/credential-access/steal-serviceaccount-token/main.tf
index 7bee7c5a..4aefa6d7 100644
--- a/v2/internal/attacktechniques/k8s/credential-access/steal-serviceaccount-token/main.tf
+++ b/v2/internal/attacktechniques/k8s/credential-access/steal-serviceaccount-token/main.tf
@@ -13,7 +13,7 @@ locals {
   labels = {
     "datadoghq.com/stratus-red-team" : true
   }
-  pod_name = "stratus-red-team-sample-pod"
+  resource_prefix = "stratus-red-team-ssat" # stratus red team steal service account token
 }
 
 # Use ~/.kube/config as a configuration file if it exists (with current context).
@@ -37,7 +37,7 @@ resource "kubernetes_namespace" "namespace" {
 
 resource "kubernetes_service_account" "serviceaccount" {
   metadata {
-    name      = "stratus-red-team-sa"
+    name      = format("%s-sa", local.resource_prefix)
     labels    = local.labels
     namespace = kubernetes_namespace.namespace.metadata[0].name
   }
@@ -45,7 +45,7 @@ resource "kubernetes_service_account" "serviceaccount" {
 
 resource "kubernetes_pod" "pod" {
   metadata {
-    name      = local.pod_name
+    name      = format("%s-pod", local.resource_prefix)
     labels    = local.labels
     namespace = local.namespace
   }
diff --git a/v2/internal/attacktechniques/k8s/privilege-escalation/hostpath-volume/main.tf b/v2/internal/attacktechniques/k8s/privilege-escalation/hostpath-volume/main.tf
index c449c165..d751edc3 100644
--- a/v2/internal/attacktechniques/k8s/privilege-escalation/hostpath-volume/main.tf
+++ b/v2/internal/attacktechniques/k8s/privilege-escalation/hostpath-volume/main.tf
@@ -9,7 +9,7 @@ terraform {
 
 locals {
   kubeconfig_path = pathexpand("~/.kube/config")
-  namespace       = format("stratus-red-team-%s", random_string.suffix.result)
+  namespace       = format("stratus-red-team-hpns-%s", random_string.suffix.result)
 }
 
 # Use ~/.kube/config as a configuration file if it exists (with current context).
@@ -20,8 +20,8 @@ provider "kubernetes" {
 }
 
 resource "random_string" "suffix" {
-  length    = 8
-  min_lower = 8
+  length    = 4
+  min_lower = 4
 }
 
 resource "kubernetes_namespace" "namespace" {
diff --git a/v2/internal/attacktechniques/k8s/privilege-escalation/nodes-proxy/main.tf b/v2/internal/attacktechniques/k8s/privilege-escalation/nodes-proxy/main.tf
index 8070961d..2d9ee973 100644
--- a/v2/internal/attacktechniques/k8s/privilege-escalation/nodes-proxy/main.tf
+++ b/v2/internal/attacktechniques/k8s/privilege-escalation/nodes-proxy/main.tf
@@ -9,7 +9,8 @@ terraform {
 
 locals {
   kubeconfig_path = pathexpand("~/.kube/config")
-  namespace       = format("stratus-red-team-%s", random_string.suffix.result)
+  namespace       = format("stratus-red-team-np-name-%s", random_string.suffix.result)
+  resource_prefix = "stratus-red-team-np"
 }
 
 # Use ~/.kube/config as a configuration file if it exists (with current context).
@@ -37,7 +38,7 @@ output "namespace" {
 
 resource "kubernetes_cluster_role" "clusterrole" {
   metadata {
-    name = "stratus-red-team-node-proxy-clusterrole"
+    name = format("%s-clusterrole", local.resource_prefix)
   }
 
   rule {
@@ -49,14 +50,14 @@ resource "kubernetes_cluster_role" "clusterrole" {
 
 resource "kubernetes_service_account" "sa" {
   metadata {
-    name      = "stratus-red-team-node-proxy-sa"
+    name      = format("%s-sa", local.resource_prefix)
     namespace = kubernetes_namespace.namespace.metadata[0].name
   }
 }
 
 resource "kubernetes_cluster_role_binding" "crb" {
   metadata {
-    name = "stratus-red-team-node-proxy-crb"
+    name = format("%s-crb", local.resource_prefix)
   }
 
   role_ref {
diff --git a/v2/internal/attacktechniques/k8s/privilege-escalation/privileged-pod/main.tf b/v2/internal/attacktechniques/k8s/privilege-escalation/privileged-pod/main.tf
index c449c165..bf2c4eff 100644
--- a/v2/internal/attacktechniques/k8s/privilege-escalation/privileged-pod/main.tf
+++ b/v2/internal/attacktechniques/k8s/privilege-escalation/privileged-pod/main.tf
@@ -9,7 +9,7 @@ terraform {
 
 locals {
   kubeconfig_path = pathexpand("~/.kube/config")
-  namespace       = format("stratus-red-team-%s", random_string.suffix.result)
+  namespace       = format("stratus-red-team-privileged-name-%s", random_string.suffix.result)
 }
 
 # Use ~/.kube/config as a configuration file if it exists (with current context).