Properly encapsulate providers to allow for different detonation UUIDs

examples/custom/detonate_custom_technique.go

@@ -31,9 +31,9 @@ func buildCustomAttackTechnique() *stratus.AttackTechnique {
 	}
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	iamUserName := params["iam_user_name"]
-	iamClient := iam.NewFromConfig(stratus.AWSProvider().GetConnection())
+	iamClient := iam.NewFromConfig(providers.AWS().GetConnection())
 
 	userResponse, err := iamClient.GetUser(context.Background(), &iam.GetUserInput{
 		UserName: &iamUserName,

v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.go

@@ -8,7 +8,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/internal/utils"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
@@ -49,7 +48,7 @@ Detonation:
 
 const numCalls = 30
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	roleArn := params["role_arn"]
 
 	awsConnection := providers.AWS().GetConnection()

v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.go

@@ -10,7 +10,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/ssm"
 	"github.com/aws/aws-sdk-go-v2/service/ssm/types"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/internal/utils"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
@@ -57,7 +56,7 @@ See also: [Known detection bypasses](https://hackingthe.cloud/aws/avoiding-detec
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	ssmClient := ssm.NewFromConfig(providers.AWS().GetConnection())
 	instanceId := params["instance_id"]
 	instanceRoleName := params["instance_role_name"]

v2/internal/attacktechniques/aws/credential-access/secretsmanager-retrieve-secrets/main.go

@@ -7,7 +7,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -47,7 +46,7 @@ The following may be use to tune the detection, or validate findings:
 	})
 }
 
-func detonate(map[string]string) error {
+func detonate(_ map[string]string, providers stratus.CloudProviders) error {
 	secretsManagerClient := secretsmanager.NewFromConfig(providers.AWS().GetConnection())
 
 	secretsResponse, err := secretsManagerClient.ListSecrets(context.Background(), &secretsmanager.ListSecretsInput{

v2/internal/attacktechniques/aws/credential-access/ssm-retrieve-securestring-parameters/main.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ssm"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -52,7 +51,7 @@ The following may be use to tune the detection, or validate findings:
 	})
 }
 
-func detonate(map[string]string) error {
+func detonate(_ map[string]string, providers stratus.CloudProviders) error {
 	ssmClient := ssm.NewFromConfig(providers.AWS().GetConnection())
 
 	log.Println("Running ssm:DescribeParameters and ssm:GetParameters by batch of 10 to find all SSM Parameters in the current region")

v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-delete/main.go

@@ -5,7 +5,6 @@ import (
 	_ "embed"
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -42,7 +41,7 @@ GuardDuty also provides a dedicated finding type, [Stealth:IAMUser/CloudTrailLog
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	cloudtrailClient := cloudtrail.NewFromConfig(providers.AWS().GetConnection())
 	trailName := params["cloudtrail_trail_name"]
 

v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-event-selectors/main.go

@@ -7,7 +7,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail/types"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -45,7 +44,7 @@ Identify when event selectors of a CloudTrail trail are updated, through CloudTr
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	cloudtrailClient := cloudtrail.NewFromConfig(providers.AWS().GetConnection())
 	trailName := params["cloudtrail_trail_name"]
 
@@ -72,7 +71,7 @@ func detonate(params map[string]string) error {
 	return nil
 }
 
-func revert(params map[string]string) error {
+func revert(params map[string]string, providers stratus.CloudProviders) error {
 	cloudtrailClient := cloudtrail.NewFromConfig(providers.AWS().GetConnection())
 	trailName := params["cloudtrail_trail_name"]
 

v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-lifecycle-rule/main.go

@@ -7,7 +7,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -48,7 +47,7 @@ The CloudTrail event <code>PutBucketLifecycle</code> and its attribute
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	s3Client := s3.NewFromConfig(providers.AWS().GetConnection())
 	bucketName := params["s3_bucket_name"]
 
@@ -75,7 +74,7 @@ func detonate(params map[string]string) error {
 	return nil
 }
 
-func revert(params map[string]string) error {
+func revert(params map[string]string, providers stratus.CloudProviders) error {
 	s3Client := s3.NewFromConfig(providers.AWS().GetConnection())
 	bucketName := params["s3_bucket_name"]
 

v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-stop/main.go

@@ -5,7 +5,6 @@ import (
 	_ "embed"
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -43,7 +42,7 @@ GuardDuty also provides a dedicated finding type, [Stealth:IAMUser/CloudTrailLog
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	cloudtrailClient := cloudtrail.NewFromConfig(providers.AWS().GetConnection())
 	trailName := params["cloudtrail_trail_name"]
 
@@ -60,7 +59,7 @@ func detonate(params map[string]string) error {
 	return nil
 }
 
-func revert(params map[string]string) error {
+func revert(params map[string]string, providers stratus.CloudProviders) error {
 	cloudtrailClient := cloudtrail.NewFromConfig(providers.AWS().GetConnection())
 	trailName := params["cloudtrail_trail_name"]
 

v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.go

@@ -8,7 +8,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
 	"github.com/aws/aws-sdk-go-v2/service/organizations"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -48,7 +47,7 @@ Use the CloudTrail event <code>LeaveOrganization</code>.`,
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	roleArn := params["role_arn"]
 
 	awsConnection := providers.AWS().GetConnection()

v2/internal/attacktechniques/aws/defense-evasion/vpc-remove-flow-logs/main.go

@@ -5,7 +5,6 @@ import (
 	_ "embed"
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -43,7 +42,7 @@ only when <code>DeleteFlowLogs</code> is not closely followed by <code>DeleteVpc
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
 
 	vpcId := params["vpc_id"]

v2/internal/attacktechniques/aws/discovery/ec2-enumerate-from-instance/main.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ssm"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -63,7 +62,7 @@ arn:aws:sts::012345678901:assumed-role/my-instance-role/i-0adc17a5acb70d9ae
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	ssmClient := ssm.NewFromConfig(providers.AWS().GetConnection())
 	instanceId := params["instance_id"]
 	commands := []string{

v2/internal/attacktechniques/aws/discovery/ec2-get-user-data/main.go

@@ -3,7 +3,6 @@ package aws
 import (
 	"context"
 	_ "embed"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/internal/utils"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
@@ -58,7 +57,7 @@ See:
 
 const numCalls = 15
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 
 	awsConnection := providers.AWS().GetConnection()
 	stsClient := sts.NewFromConfig(awsConnection)

v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go

@@ -9,7 +9,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -50,7 +49,7 @@ Depending on your account limits you might also see <code>VcpuLimitExceeded</cod
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	ctx := context.Background()
 	awsConnection := providers.AWS().GetConnection()
 

v2/internal/attacktechniques/aws/execution/ec2-user-data/main.go

@@ -7,7 +7,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -62,11 +61,11 @@ provisioned before instantiation.
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
 	instanceId := params["instance_id"]
 
-	err := stopInstance(instanceId)
+	err := stopInstance(instanceId, ec2Client)
 	if err != nil {
 		return err
 	}
@@ -80,7 +79,7 @@ func detonate(params map[string]string) error {
 		return errors.New("unable to update user data: " + err.Error())
 	}
 
-	err = startInstance(instanceId)
+	err = startInstance(instanceId, ec2Client)
 	if err != nil {
 		return err
 	}
@@ -93,8 +92,7 @@ func detonate(params map[string]string) error {
 const maxWaitDuration = 2 * time.Minute
 
 // Stops an EC2 instance, and synchronously returns only when it is stopped
-func stopInstance(instanceId string) error {
-	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
+func stopInstance(instanceId string, ec2Client *ec2.Client) error {
 	log.Println("Stopping instance " + instanceId)
 	_, err := ec2Client.StopInstances(context.Background(), &ec2.StopInstancesInput{
 		InstanceIds: []string{instanceId},
@@ -121,8 +119,7 @@ func stopInstance(instanceId string) error {
 }
 
 // Starts an EC2 instance, and synchronously returns only when it is running
-func startInstance(instanceId string) error {
-	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
+func startInstance(instanceId string, ec2Client *ec2.Client) error {
 	log.Println("Starting instance")
 	_, err := ec2Client.StartInstances(context.Background(), &ec2.StartInstancesInput{
 		InstanceIds: []string{instanceId},

v2/internal/attacktechniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/main.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
 	"log"
@@ -45,7 +44,7 @@ You can use the CloudTrail event <code>AuthorizeSecurityGroupIngress</code> when
 	})
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
 
 	// Find the snapshot to exfiltrate
@@ -69,7 +68,7 @@ func detonate(params map[string]string) error {
 	return nil
 }
 
-func revert(params map[string]string) error {
+func revert(params map[string]string, providers stratus.CloudProviders) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
 
 	// Find the snapshot to exfiltrate

v2/internal/attacktechniques/aws/exfiltration/ec2-share-ami/main.go

@@ -7,7 +7,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/internal/utils"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
@@ -62,7 +61,7 @@ var amiPermissions = []types.LaunchPermission{
 	{UserId: aws.String("012345678901")},
 }
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
 	amiId := params["ami_id"]
 
@@ -88,7 +87,7 @@ func detonate(params map[string]string) error {
 	return nil
 }
 
-func revert(params map[string]string) error {
+func revert(params map[string]string, providers stratus.CloudProviders) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
 	amiId := params["ami_id"]
 

v2/internal/attacktechniques/aws/exfiltration/ec2-share-ebs-snapshot/main.go

@@ -5,7 +5,6 @@ import (
 	_ "embed"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
-	"github.com/datadog/stratus-red-team/v2/internal/providers"
 	"github.com/datadog/stratus-red-team/v2/internal/utils"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus"
 	"github.com/datadog/stratus-red-team/v2/pkg/stratus/mitreattack"
@@ -86,7 +85,7 @@ In that case, <code>userIdentity.accountId</code> contains the attacker's accoun
 
 var ShareWithAccountId = "012345678912"
 
-func detonate(params map[string]string) error {
+func detonate(params map[string]string, providers stratus.CloudProviders) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
 
 	// Find the snapshot to exfiltrate
@@ -113,7 +112,7 @@ func detonate(params map[string]string) error {
 	return err
 }
 
-func revert(params map[string]string) error {
+func revert(params map[string]string, providers stratus.CloudProviders) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
 	ourSnapshotId := params["snapshot_id"]