Autogenerate docs

docs/attack-techniques/AWS/aws.persistence.rolesanywhere-create-trust-anchor.md

@@ -1,8 +1,8 @@
 ---
-title: Create a Trust anchor
+title: Create an IAM Roles Anywhere trust anchor
 ---
 
-# Create a Trust anchor
+# Create an IAM Roles Anywhere trust anchor
 
 
 
@@ -18,13 +18,27 @@ Platform: AWS
 ## Description
 
 
-Establishes persistence by creating a new Trust anchor.
+Establishes persistence by creating an IAM Roles Anywhere trust anchor. 
+The IAM Roles Anywhere service allows workloads that do not run in AWS to assume roles by presenting a client-side 
+X.509 certificate signed by a trusted certificate authority, called a "trust anchor".
 
-<span style="font-variant: small-caps;">Warm-up</span>: None.
+Assuming IAM Roles Anywhere is in use (i.e., that some of the IAM roles in the account have a 
+[trust policy](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/trust-model.html#trust-policy) trusting 
+the IAM Roles Anywhere service), an attacker creating a trust anchor can subsequently assume these roles.
+
+<span style="font-variant: small-caps;">Warm-up</span>:
+
+- Create an IAM role that can be used by IAM Roles Anywhere (see [docs](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/getting-started.html#getting-started-step2))
 
 <span style="font-variant: small-caps;">Detonation</span>: 
 
-- Create the Trust anchor with a fake Certificate Authority (CA).
+- Create an IAM Roles Anywhere trust anchor
+- Create an IAM Roles Anywhere profile
+
+References:
+
+- https://docs.aws.amazon.com/rolesanywhere/latest/userguide/trust-model.html
+- https://docs.aws.amazon.com/rolesanywhere/latest/userguide/getting-started.html
 
 
 ## Instructions
@@ -35,6 +49,6 @@ stratus detonate aws.persistence.rolesanywhere-create-trust-anchor
 ## Detection
 
 
-		Identify when a Trust anchor is created, through CloudTrail's <code>CreateTrustAnchor</code> event.
+Identify when a trust anchor is created, through CloudTrail's <code>CreateTrustAnchor</code> event.
 
 

docs/attack-techniques/AWS/index.md

@@ -76,7 +76,7 @@ Note that some Stratus attack techniques may correspond to more than a single AT
 
 - [Overwrite Lambda Function Code](./aws.persistence.lambda-overwrite-code.md)
 
-- [Create a Trust anchor](./aws.persistence.rolesanywhere-create-trust-anchor.md)
+- [Create an IAM Roles Anywhere trust anchor](./aws.persistence.rolesanywhere-create-trust-anchor.md)
 
 
 ## Privilege Escalation
@@ -89,5 +89,5 @@ Note that some Stratus attack techniques may correspond to more than a single AT
 
 - [Create a Login Profile on an IAM User](./aws.persistence.iam-create-user-login-profile.md)
 
-- [Create a Trust anchor](./aws.persistence.rolesanywhere-create-trust-anchor.md)
+- [Create an IAM Roles Anywhere trust anchor](./aws.persistence.rolesanywhere-create-trust-anchor.md)
 

docs/attack-techniques/list.md

@@ -35,7 +35,7 @@ This page contains the list of all Stratus Attack Techniques.
 | [Create a Login Profile on an IAM User](./AWS/aws.persistence.iam-create-user-login-profile.md) | [AWS](./AWS/index.md) | Persistence, Privilege Escalation |
 | [Backdoor Lambda Function Through Resource-Based Policy](./AWS/aws.persistence.lambda-backdoor-function.md) | [AWS](./AWS/index.md) | Persistence |
 | [Overwrite Lambda Function Code](./AWS/aws.persistence.lambda-overwrite-code.md) | [AWS](./AWS/index.md) | Persistence |
-| [Create a Trust anchor](./AWS/aws.persistence.rolesanywhere-create-trust-anchor.md) | [AWS](./AWS/index.md) | Persistence, Privilege Escalation |
+| [Create an IAM Roles Anywhere trust anchor](./AWS/aws.persistence.rolesanywhere-create-trust-anchor.md) | [AWS](./AWS/index.md) | Persistence, Privilege Escalation |
 | [Execute Command on Virtual Machine using Custom Script Extension](./azure/azure.execution.vm-custom-script-extension.md) | [Azure](./azure/index.md) | Execution |
 | [Execute Commands on Virtual Machine using Run Command](./azure/azure.execution.vm-run-command.md) | [Azure](./azure/index.md) | Execution |
 | [Export Disk Through SAS URL](./azure/azure.exfiltration.disk-export.md) | [Azure](./azure/index.md) | Exfiltration |