Stratus Red Team

Stratus Red Team manages reproducing and validating cloud-specific attack techniques, a necessity for robust threat detection in cloud environments. This tool is designed to emulate common attacker behaviors directly within your cloud infrastructure, primarily focusing on AWS, with plans to expand to Kubernetes and Azure.

Technically, Stratus Red Team is a lightweight Go binary that manages the full lifecycle of each attack technique, including warming up, detonating, and cleaning up the infrastructure and configurations required for the simulation. It uses the AWS SDK for Go V2 to execute these techniques in an imperative manner, ensuring each attack is granular, self-sufficient, and aligned with the MITRE ATT&CK framework. The tool can be used via a command-line interface or programmatically, allowing for automation and integration into continuous integration systems.

Operationally, Stratus Red Team requires prior authentication against the target cloud account, typically using tools like aws-vault or the AWS CLI with AdministratorAccess permissions. It is essential to use Stratus Red Team against a non-production AWS sandbox account to avoid disrupting live workloads. The tool also includes Terraform code to create and remove prerequisite infrastructure, ensuring a clean and controlled environment for simulations.

Key considerations include the potential to hit resource limits in the AWS account, especially when detonating multiple attack techniques simultaneously. Additionally, the cleanup process is crucial to remove any deployed resources after the simulation, which can be done individually or for all techniques at once. The tool's documentation and automated cleanup mechanisms help in managing these operational aspects efficiently.