Git Product home page Git Product logo

aws-threat-simulation-and-detection's Introduction

AWS Threat Detection with Stratus Red Team

This repository is a documentation of my adventures with Stratus Red Team - a tool for adversary emulation for the cloud.

Stratus Red Team is "Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.

We run the attacks covered in the Stratus Red Team repository one by one on our AWS account. In order to monitor them, we will use CloudTrail and CloudWatch for logging and ingest these logs into SumoLogic for further analysis.

Attack Description Link
aws.credential-access.ec2-get-password-data Retrieve EC2 Password Data Link
aws.credential-access.ec2-steal-instance-credentials Steal EC2 Instance Credentials Link
aws.credential-access.secretsmanager-retrieve-secrets Retrieve a High Number of Secrets Manager secrets Link
aws.credential-access.ssm-retrieve-securestring-parameters Retrieve And Decrypt SSM Parameters Link
aws.defense-evasion.cloudtrail-delete Delete CloudTrail Trail Link
aws.defense-evasion.cloudtrail-event-selectors Disable CloudTrail Logging Through Event Selectors Link
aws.defense-evasion.cloudtrail-lifecycle-rule CloudTrail Logs Impairment Through S3 Lifecycle Rule Link
aws.defense-evasion.cloudtrail-stop Stop CloudTrail Trail Link
aws.defense-evasion.organizations-leave Attempt to Leave the AWS Organization Link
aws.defense-evasion.vpc-remove-flow-logs Remove VPC Flow Logs Link
aws.discovery.ec2-enumerate-from-instance Execute Discovery Commands on an EC2 Instance Link
aws.exfiltration.ec2-security-group-open-port-22-ingress Open Ingress Port 22 on a Security Group Link
aws.exfiltration.ec2-share-ami Exfiltrate an AMI by Sharing It Link
aws.exfiltration.ec2-share-ebs-snapshot Exfiltrate EBS Snapshot by Sharing It Link
aws.exfiltration.rds-share-snapshot Exfiltrate RDS Snapshot by Sharing Link
aws.exfiltration.s3-backdoor-bucket-policy Backdoor an S3 Bucket via its Bucket Policy Link
aws.persistence.iam-backdoor-role Backdoor an IAM Role Link
aws.persistence.iam-backdoor-user Create an Access Key on an IAM User TBD
aws.persistence.iam-create-admin-user Create an administrative IAM User TBD
aws.persistence.iam-create-user-login-profile Create a Login Profile on an IAM User TBD
aws.persistence.lambda-backdoor-function Backdoor Lambda Function Through Resource-Based Policy TBD

Credits

  1. Awesome team at Datadog, Inc. for Stratus Red Team here
  2. Hacking the Cloud AWS
  3. Falcon Force team blog

aws-threat-simulation-and-detection's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.