v2.15.0

What's Changed

Features:

• New attack technique: SES enumeration activities by @loresuso in #501

Enhancements:

• Implement better error message when the AWS region or AWS default region is missing by @christophetd in #507

Chores:

• Bump goreleaser/goreleaser-action from 14707cd26fbb4b6c8abf03fb8ea4eb6c59711a62 to c21f56a7bc891b5f73bec61233c4102ef8273150 by @dependabot in #504
• Bump actions/setup-python from 4.7.1 to 5.1.0 by @dependabot in #503
• Bump github/codeql-action from 3.23.2 to 3.24.9 by @dependabot in #502
• Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /v2 by @dependabot in #497
• Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #491
• Bump step-security/harden-runner from 2.6.0 to 2.7.0 by @dependabot in #492

New Contributors

• @loresuso made their first contribution in #501

Full Changelog: v2.14.0...v2.15.0

v2.14.0

Changelog

Features:

• New AWS attack technique: Delete DNS query logs by @will-giraldo-d (#479)
• New AWS attack technique: Usage of SSM StartSession on multiple instances by @adanalvarez (#477)
• New AWS attack technique: Create a backdoored IAM Role by @adanalvarez (#478)
• New AWS attack technique: Usage of ssm:SendCommand on multiple instances by @christophetd (#482)

Chores:

• Bump alpine from 3.18.5 to 3.19.1 by @dependabot in #475
• Bump actions/upload-artifact from 3.1.2 to 4.3.0 by @dependabot in #474
• Bump goreleaser/goreleaser-action from 44dd9927f499a126e26ae024981569ce889f15aa to 14707cd26fbb4b6c8abf03fb8ea4eb6c59711a62 by @dependabot in #473
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /v2 by @dependabot in #455
• Bump github/codeql-action from 2.22.8 to 3.23.2 by @dependabot in #472
• Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #459
• Bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in #458

Full Changelog: v2.13.0...v2.14.0

v2.13.0

Changelog

New attack techniques:

• Usage of ec2instanceconnect:SendSSHPublicKey on multiple instances by @adanalvarez (#467)

v2.12.3

Changelog

Bug fix:

• 96088a5 Ensure that S3 bucket names are globally unique for aws.persistence.lambda-layer-extension (#465)

v2.12.2

Changelog

Enhancements:

• Add sts:TagSession permission to Stratus role by @christofort in #463

New Contributors

• @christofort made their first contribution in #463

Full Changelog: v2.12.1...v2.12.2

v2.12.1

Changelog

Bug fixes:

• e936adc Fix broken attack techniques due to AWS ignoring Semver and pushing cross-services breaking changes in minor versions. This caused several attack techniques to be broken since the last release.

Chores:

• 1237d68 Brew formula update for stratus-red-team version v2.12.0 (#441)
• 43765f2 Bump actions/setup-python from 4.7.0 to 4.7.1 (#446)
• b0722ef Bump alpine from 3.18.4 to 3.18.5 (#442)
• 22b152a Bump docker/build-push-action from 4.1.1 to 5.1.0 (#447)
• 0d44134 Bump docker/login-action from 2.2.0 to 3.0.0 (#444)
• 9442429 Bump github/codeql-action from 2.22.5 to 2.22.8 (#445)
• 246c250 Bump hashicorp/setup-terraform from 2.0.3 to 3.0.0 (#443)

v2.12.0

Changelog

New GCP attack techniques by @vthiery:

• Exfiltrate Compute Image by sharing it
• Exfiltrate Compute Disk by sharing a snapshot

v2.11.2

Changelog

• 1a5eb9e Bump goreleaser-action version
• 01e7211 Fix goreleaser permissions (#437)
• 6178c7e Specify goreleaser version
• 3836a89 Update .goreleaser.yaml
• 5dd9ea0 Update .goreleaser.yaml
• 92d9596 Update .goreleaser.yaml
• 971a4aa Update .goreleaser.yaml (#436)

v2.11.1

Changelog

• 65fdf7d Brew formula update for stratus-red-team version v2.11.0
• 5fe7da0 Have GoReleaser send a PR for homebrew updates (#435)

v2.11.0

Changelog

• 790feb6 AWS: Dump secrets through Secret Manager's new BatchGetSecretValue (#434) - https://stratus-red-team.cloud/attack-techniques/AWS/aws.credential-access.secretsmanager-batch-retrieve-secrets/
• 39e6b46 Improve Makefile for better maintanability (#432)