Releases: DataDog/stratus-red-team
Releases · DataDog/stratus-red-team
v2.2.2
v2.2.1
v2.2.0
94780f8
This commit was signed with the committer’s verified signature.
christophetd
Christophe Tafani-Dereeper
Changelog
- New AWS attack technique by @adanalvarez: Create an IAM Roles Anywhere trust anchor
- New AWS attack technique by @rollwagen: Launch Unusual EC2 Instances
- New K8s attack technique inspired by @raesene: Create Long-Lived Token
Contributors
raesene, adanalvarez, and rollwagen
Assets 11
v2.1.0
Changelog
- New Azure attack technique: Export Disk Through Shared Access Signature URL
- New Azure attack technique: Execute Command on Virtual Machine using Custom Script Extension by Ryan Marcotte Cobb @rcobb-scwx
- New AWS attack technique: Overwrite Lambda Function Code by @rollwagen
- Add dynamic CLI autocomplete for techniques by @rollwagen
Enhancements:
Contributors
rollwagen and rcobb-scwx
Assets 11
v2.0.0
Changelog
- Stratus Red Team now supports Azure! Thank you to Ryan Marcotte Cobb from Secureworks for the contribution.
- New attack technique: Azure: Execute Commands on Virtual Machine using Run Command. Thank you to Ryan Marcotte Cobb from Secureworks for the contribution.
- Upgraded Go version from 1.17 to 1.18 to support the Azure Go SDK
- Bumped vulnerable dependencies
Note
The major version was bumped (1.8.0 -> 2.0.0) because the Go upgrade to 1.18 may break certain environments using the programmatic interface of Stratus Red Team with Go 1.17.
v1.8.0
Changelog
New attack technique: AWS Console Login without MFA
v1.7.2
v1.7.1
v1.7.0
Changelog
Stratus Red Team now injects an UUID in the User-Agent header when performing requests to the Kubernetes or AWS API. It has the form stratus-red-team_<uuid> and is unique per Stratus Red Team execution. This allows for more advanced use-cases to ensure that a log generated by a detonation corresponds to a specific execution of Stratus Red Team.