DataDog/stratus-red-team issues and pull requests

#526 - New attack technique: ImportKeyPair on an EC2 instance

Issue - State: closed - Opened by christophetd 8 months ago - 1 comment
Labels: kind/new-technique, platform/aws

#525 - Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.1.0 to 1.6.0 in /v2

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, go

#524 - Bump alpine from 3.19.1 to 3.20.0

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, docker

#523 - Bump step-security/harden-runner from 2.7.0 to 2.8.0

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, github_actions

#522 - Bump github/codeql-action from 3.24.9 to 3.25.7

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, github_actions

#521 - Bump hashicorp/setup-terraform from 3.0.0 to 3.1.1

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#520 - Bump actions/upload-artifact from 4.3.1 to 4.3.3

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#519 - Bump step-security/harden-runner from 2.7.0 to 2.7.1

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, github_actions

#519 - Bump step-security/harden-runner from 2.7.0 to 2.7.1

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, github_actions

#518 - Bump hashicorp/setup-terraform from 3.0.0 to 3.1.0

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, github_actions

#517 - Bump github/codeql-action from 3.24.9 to 3.25.3

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, github_actions

#517 - Bump github/codeql-action from 3.24.9 to 3.25.3

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, github_actions

#516 - Bump dominikh/staticcheck-action from 1.3.0 to 1.3.1

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, github_actions

#515 - Update aws.defense-evasion.dns-delete-logs.md with current CloudTrail event name

Pull Request - State: closed - Opened by ax-hsmith 9 months ago - 1 comment

#514 - Bump golang.org/x/net from 0.17.0 to 0.23.0 in /examples/custom

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, go

#513 - Bump golang.org/x/net from 0.17.0 to 0.23.0 in /examples/detonate-and-dump-cloudtrail-logs

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, go

#512 - Bump golang.org/x/net from 0.17.0 to 0.23.0 in /examples/basic

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, go

#511 - Bump golang.org/x/net from 0.17.0 to 0.23.0 in /v2

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, go

#510 - New attack technnique: Exfiltrate disk of Azure VM by snapshotting it

Issue - State: open - Opened by christophetd 10 months ago
Labels: kind/new-technique, platform/azure, priority/seen-in-the-wild

#509 - Brew formula update for stratus-red-team version v2.15.0

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago

#509 - Brew formula update for stratus-red-team version v2.15.0

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago

#508 - [AWS] Add boundary support

Issue - State: closed - Opened by Renizmy 10 months ago - 5 comments
Labels: kind/question

#507 - Implement better error message when the AWS region or AWS default region is missing

Pull Request - State: closed - Opened by christophetd 10 months ago

#507 - Implement better error message when the AWS region or AWS default region is missing

Pull Request - State: closed - Opened by christophetd 10 months ago

#506 - Display nicer error when AWS_REGION is not set

Issue - State: closed - Opened by christophetd 10 months ago
Labels: kind/enhancement, good first issue, platform/aws

#506 - Display nicer error when AWS_REGION is not set

Issue - State: closed - Opened by christophetd 10 months ago
Labels: kind/enhancement, good first issue, platform/aws

#503 - Bump actions/setup-python from 4.7.1 to 5.1.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#502 - Bump github/codeql-action from 3.23.2 to 3.24.9

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#501 - New attack technique: SES enumeration activities

Pull Request - State: closed - Opened by loresuso 11 months ago - 8 comments
Labels: kind/new-technique, platform/aws

#501 - New attack technique: SES enumeration activities

Pull Request - State: closed - Opened by loresuso 11 months ago - 8 comments
Labels: kind/new-technique, platform/aws

#500 - Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /examples/basic

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago - 2 comments
Labels: dependencies, go

#499 - Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /examples/detonate-and-dump-cloudtrail-logs

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago - 2 comments
Labels: dependencies, go

#499 - Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /examples/detonate-and-dump-cloudtrail-logs

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago - 2 comments
Labels: dependencies, go

#498 - Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /examples/custom

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago - 2 comments
Labels: dependencies, go

#498 - Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /examples/custom

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago - 2 comments
Labels: dependencies, go

#497 - Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /v2

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago
Labels: dependencies, go

#497 - Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /v2

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago
Labels: dependencies, go

#496 - Analyze LUCR-3 TTPs and suggest new attack techniques

Issue - State: closed - Opened by christophetd 11 months ago - 2 comments
Labels: platform/aws, kind/research

#495 - docs: add asdf as way to install

Pull Request - State: closed - Opened by vthiery 11 months ago - 11 comments

#494 - Update main.tf

Pull Request - State: closed - Opened by Adelabumowe 11 months ago - 2 comments

#494 - Update main.tf

Pull Request - State: closed - Opened by Adelabumowe 11 months ago - 2 comments

#492 - Bump step-security/harden-runner from 2.6.0 to 2.7.0

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago - 1 comment
Labels: dependencies, github_actions

#492 - Bump step-security/harden-runner from 2.6.0 to 2.7.0

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago - 1 comment
Labels: dependencies, github_actions

#491 - Bump actions/upload-artifact from 4.3.0 to 4.3.1

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago - 1 comment
Labels: dependencies, github_actions

#487 - New attack technique: SendSerialConsoleSSHPublicKey

Issue - State: open - Opened by christophetd 11 months ago - 2 comments
Labels: kind/new-technique, platform/aws, priority/seen-in-the-wild

#484 - Add references to S3 ransomware in the wild to existing S3 attack techniques

Issue - State: open - Opened by christophetd 12 months ago
Labels: kind/documentation, kind/enhancement, good first issue, platform/aws

#484 - Add references to S3 ransomware in the wild to existing S3 attack techniques

Issue - State: open - Opened by christophetd 12 months ago - 2 comments
Labels: kind/documentation, kind/enhancement, good first issue, platform/aws

#451 - Azure AD: Backdoor tenant through new application

Issue - State: closed - Opened by christophetd about 1 year ago - 1 comment
Labels: kind/new-technique, priority/seen-in-the-wild, platform/entra-id

#450 - Backdoor AWS account using "guest" role in Cognito Identity Pool

Issue - State: open - Opened by christophetd about 1 year ago - 1 comment
Labels: kind/new-technique, platform/aws

#450 - Backdoor AWS account using "guest" role in Cognito Identity Pool

Issue - State: open - Opened by christophetd about 1 year ago - 1 comment
Labels: kind/new-technique, platform/aws

#430 - [QUESTION] [k8s] Circumventing the privileged pod technique

Issue - State: closed - Opened by loresuso about 1 year ago - 1 comment
Labels: kind/new-technique, platform/k8s

#410 - Azure execution through serial console

Issue - State: open - Opened by christophetd over 1 year ago
Labels: kind/new-technique, platform/azure, priority/seen-in-the-wild

#408 - Azure storage account ransomware

Issue - State: open - Opened by christophetd over 1 year ago - 1 comment
Labels: kind/new-technique, platform/azure, priority/seen-in-the-wild

#398 - Investigate the possibility of an Azure AD platform

Issue - State: closed - Opened by christophetd over 1 year ago - 1 comment
Labels: kind/new-platform

#389 - Migrate from using deprecated GCP SDK APIs

Issue - State: open - Opened by christophetd over 1 year ago
Labels: kind/enhancement, good first issue, kind/tech-debt

#387 - aws.execution.ec2-launch-unusual-instances working

Issue - State: closed - Opened by agroyz over 1 year ago - 3 comments
Labels: kind/bug, platform/aws, status/confirmed

#375 - New EKS attack technique: backdooring the aws-auth configmap

Issue - State: closed - Opened by christophetd over 1 year ago - 1 comment
Labels: kind/new-technique, platform/eks

#374 - Add support for EKS

Issue - State: closed - Opened by christophetd over 1 year ago
Labels: kind/new-platform

#371 - Investigate additional GCP exfiltration techniques

Issue - State: open - Opened by christophetd over 1 year ago
Labels: good first issue, platform/gcp, kind/research

#356 - cleanup for aws.persistence.lambda-overwrite-code not working

Issue - State: closed - Opened by agroyz over 1 year ago

#355 - Don't set S3 bucket ACLs

Pull Request - State: closed - Opened by christophetd over 1 year ago
Labels: kind/bug, platform/aws

#354 - terraform error for detonate aws.persistence.lambda-overwrite-code technique

Issue - State: closed - Opened by agroyz over 1 year ago - 3 comments
Labels: kind/bug, platform/aws, status/confirmed

#353 - Download EC2 Instance User Data technique does request userdata properly

Issue - State: open - Opened by agroyz almost 2 years ago - 13 comments
Labels: kind/bug, platform/aws, status/could-not-reproduce

#352 - Goreleaser/Homebrew: Install shell completions

Pull Request - State: closed - Opened by craSH almost 2 years ago - 5 comments

#351 - Bump actions/setup-python from 4.5.0 to 4.6.0

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#350 - Bump step-security/harden-runner from 2.2.1 to 2.3.1

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#349 - Bump actions/checkout from 3.5.0 to 3.5.2

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#348 - Bump github/codeql-action from 2.2.9 to 2.3.2

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#347 - Bump actions/setup-go from 3.5.0 to 4.0.0

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#346 - Bump golang from 1.20.2-alpine3.16 to 1.20.3-alpine3.16

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, docker

#345 - Add short comparison to Cloud Saga

Pull Request - State: closed - Opened by christophetd almost 2 years ago
Labels: kind/documentation

#344 - EKS: Create service account token for pod and exchange for AWS credentials (IRSA)

Issue - State: open - Opened by christophetd almost 2 years ago - 1 comment
Labels: kind/new-technique, platform/aws, platform/eks

#343 - Add new TTP on S3 ransomware

Issue - State: open - Opened by christophetd almost 2 years ago - 1 comment
Labels: kind/new-technique, platform/aws

#342 - Pin the version of the terraform-aws-vpc module used to avoid unresolvable constraints (closes #173)

Pull Request - State: closed - Opened by christophetd almost 2 years ago

#341 - Not working on Apple M1

Issue - State: closed - Opened by thibon almost 2 years ago - 8 comments
Labels: kind/bug, status/could-not-reproduce

#339 - Bump ossf/scorecard-action from 2.1.2 to 2.1.3

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#338 - Bump github/codeql-action from 2.2.5 to 2.2.9

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#337 - Bump actions/checkout from 3.3.0 to 3.5.0

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#336 - Bump goreleaser/goreleaser-action from 3.1.0 to 4.2.0

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#335 - Bump step-security/harden-runner from 2.2.0 to 2.2.1

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#334 - Bump alpine from 3.17.2 to 3.17.3

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, docker

#333 - Bump golang from 1.20.1-alpine3.16 to 1.20.2-alpine3.16

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, docker

#332 - Fix max duration parameter of RolesAnywhere attack technique

Pull Request - State: closed - Opened by christophetd almost 2 years ago

#331 - aws.persistence.rolesanywhere-create-trust-anchor does not give out proper result

Issue - State: closed - Opened by sboonyakiatACR almost 2 years ago - 2 comments
Labels: kind/bug, platform/aws, status/confirmed

#330 - Bump github/codeql-action from 2.2.1 to 2.2.5

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#329 - Bump actions/upload-artifact from 3.1.0 to 3.1.2

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#328 - Bump actions/checkout from 3.2.0 to 3.3.0

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#327 - Bump step-security/harden-runner from 2.1.0 to 2.2.0

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#326 - Bump dominikh/staticcheck-action from 1.2.0 to 1.3.0

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, github_actions

#325 - Bump alpine from 3.17.1 to 3.17.2

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, docker

#324 - Bump golang from 1.19.5-alpine3.16 to 1.20.1-alpine3.16

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, docker

#323 - Bump golang.org/x/net from 0.0.0-20220425223048-2871e0cb64e4 to 0.7.0 in /examples/custom

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago - 1 comment
Labels: dependencies, go

#322 - Bump golang.org/x/net from 0.0.0-20220425223048-2871e0cb64e4 to 0.7.0 in /examples/basic

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago - 1 comment
Labels: dependencies, go

#321 - Bump golang.org/x/net from 0.0.0-20220425223048-2871e0cb64e4 to 0.7.0 in /examples/detonate-and-dump-cloudtrail-logs

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago - 1 comment
Labels: dependencies, go

GitHub / DataDog/stratus-red-team issues and pull requests