{"id":13509535,"url":"https://github.com/DataDog/stratus-red-team","last_synced_at":"2025-03-30T13:32:22.536Z","repository":{"id":36950183,"uuid":"445524190","full_name":"DataDog/stratus-red-team","owner":"DataDog","description":":cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud","archived":false,"fork":false,"pushed_at":"2025-03-21T22:17:17.000Z","size":3739,"stargazers_count":1962,"open_issues_count":53,"forks_count":234,"subscribers_count":36,"default_branch":"main","last_synced_at":"2025-03-27T06:02:21.190Z","etag":null,"topics":["adversary-emulation","aws","aws-security","azure-security","cloud-native-security","cloud-security","detection-engineering","gcp-security","kubernetes-security","mitre-attack","purple-team","security","threat-detection"],"latest_commit_sha":null,"homepage":"https://stratus-red-team.cloud","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DataDog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-07T13:06:37.000Z","updated_at":"2025-03-25T22:24:27.000Z","dependencies_parsed_at":"2024-01-17T13:13:27.244Z","dependency_job_id":"6bd1ca7e-c1c2-4f71-bf6c-7c7578f6a7a8","html_url":"https://github.com/DataDog/stratus-red-team","commit_stats":{"total_commits":697,"total_committers":33,"mean_commits":21.12121212121212,"dds":0.4088952654232425,"last_synced_commit":"bc97a20781bdfd5c6086493e053e4fa8e092fad8"},"previous_names":[],"tags_count":90,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DataDog%2Fstratus-red-team","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DataDog%2Fstratus-red-team/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DataDog%2Fstratus-red-team/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DataDog%2Fstratus-red-team/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DataDog","download_url":"https://codeload.github.com/DataDog/stratus-red-team/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246324073,"owners_count":20759072,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversary-emulation","aws","aws-security","azure-security","cloud-native-security","cloud-security","detection-engineering","gcp-security","kubernetes-security","mitre-attack","purple-team","security","threat-detection"],"created_at":"2024-08-01T02:01:09.181Z","updated_at":"2025-03-30T13:32:22.530Z","avatar_url":"https://github.com/DataDog.png","language":"Go","readme":"# Stratus Red Team\n\n[![made-with-Go](https://img.shields.io/badge/Made%20with-Go-1f425f.svg)](http://golang.org)  [![Tests](https://github.com/DataDog/stratus-red-team/actions/workflows/test.yml/badge.svg)](https://github.com/DataDog/stratus-red-team/actions/workflows/test.yml) [![static analysis](https://github.com/DataDog/stratus-red-team/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/DataDog/stratus-red-team/actions/workflows/static-analysis.yml) ![Maintainer](https://img.shields.io/badge/maintainer-@christophetd-blue) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/DataDog/stratus-red-team/badge)](https://api.securityscorecards.dev/projects/github.com/DataDog/stratus-red-team) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6530/badge)](https://bestpractices.coreinfrastructure.org/projects/6530)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./docs/logo.png\" alt=\"Stratus Red Team\" width=\"300\" /\u003e\n\u003c/p\u003e\n\nStratus Red Team is \"[Atomic Red Team](https://github.com/redcanaryco/atomic-red-team)™\" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/DataDog/stratus-red-team/raw/main/docs/demo.gif\"\u003e\n    \u003cimg src=\"./docs/demo.gif\" alt=\"Terminal recording\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\nRead the announcement blog posts:\n- https://www.datadoghq.com/blog/cyber-attack-simulation-with-stratus-red-team/\n- https://blog.christophetd.fr/introducing-stratus-red-team-an-adversary-emulation-tool-for-the-cloud/\n\n## Getting Started\n\nStratus Red Team is a self-contained Go binary.\n\nSee the documentation at **[stratus-red-team.cloud](https://stratus-red-team.cloud/)**:\n- [Stratus Red Team Concepts](https://stratus-red-team.cloud/user-guide/getting-started/#concepts)\n\n- [Installing Stratus Red Team](https://stratus-red-team.cloud/user-guide/getting-started/#installation) - Homebrew formula, Docker image and pre-built binaries available\n\n- [Available Attack Techniques](https://stratus-red-team.cloud/attack-techniques/list/), mapped to MITRE ATT\u0026CK\n\n## Installation\n\n### Direct install\n\nRequires Go 1.22+\n\n```\ngo install -v github.com/datadog/stratus-red-team/v2/cmd/stratus@latest\n```\n\n### Homebrew\n\n```\nbrew tap datadog/stratus-red-team https://github.com/DataDog/stratus-red-team\nbrew install datadog/stratus-red-team/stratus-red-team\n```\n\n### Pre-build binaries\n\nFor Linux / Windows / Mac OS: download one of the [pre-built binaries](https://github.com/datadog/stratus-red-team/releases).\n\n### Docker\n\n```bash\nIMAGE=\"ghcr.io/datadog/stratus-red-team\"\nalias stratus=\"docker run --rm -v $HOME/.stratus-red-team/:/root/.stratus-red-team/ -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_DEFAULT_REGION $IMAGE\"\n```\n\n### asdf\n\nYou can install specific versions (or latest) of stratus-red-team using [asdf](https://asdf-vm.com/) and this [stratus-red-team plugin](https://github.com/asdf-community/asdf-stratus-red-team):\n\n```bash\nasdf plugin add stratus-red-team https://github.com/asdf-community/asdf-stratus-red-team.git\nasdf install stratus-red-team latest\n```\n\n## Community\n\nThe following section lists posts and projects from the community leveraging Stratus Red Team.\n\nOpen-source projects:\n- [Threatest](https://github.com/DataDog/threatest)\n- [AWS Threat Detection with Stratus Red Team](https://github.com/sbasu7241/AWS-Threat-Simulation-and-Detection)\n\n\nVideos:\n- [Reproducing common attacks in the cloud with Stratus Red Team](https://www.youtube.com/watch?v=M5DGXWF2ld0)\n- [Stratus Red Team: AWS EC2 Instance Credential Theft | Threat SnapShot](https://www.youtube.com/watch?v=TVS-M6DrSPw)\n- [Automated Attack Simulation in AWS for Red Teaming](https://www.youtube.com/watch?v=O_vNAKLnSc0)\n\nBlog posts:\n- [AWS threat emulation and detection validation with Stratus Red Team and Datadog Cloud SIEM](https://www.datadoghq.com/blog/aws-threat-emulation-detection-validation-datadog/)\n- [Adversary emulation on AWS with Stratus Red Team and Wazuh](https://wazuh.com/blog/adversary-emulation-on-aws-with-stratus-red-team-and-wazuh/)\n- [Sky’s the Limit: Stratus Red Team for Azure](https://blog.detect.dev/posts/azure_for_stratus.html)\n- [Detecting realistic AWS cloud-attacks using Azure Sentinel](https://medium.com/falconforce/falconfriday-detecting-realistic-aws-cloud-attacks-using-azure-sentinel-0xff1c-b62fd45c87dc)\n- [A Data Driven Comparison of Open Source Adversary Emulation Tools](https://www.picussecurity.com/resource/blog/data-driven-comparison-between-open-source-adversary-emulation-tools)\n- [Making Security Relevant in the Cloud](https://www.cloudreach.com/en/technical-blog/making-security-relevant-in-the-cloud/)\n- [Detonating attacks with Datadog Stratus Red Team](https://chrisdunne.com/post/detonating-attacks-with-datadog-stratus-red-team)\n- [AWS CloudTrail cheatsheet](https://invictus-ir.medium.com/aws-cloudtrail-cheat-sheet-dcf2b92e37e2)\n- [Adversary emulation on GCP with Stratus Red Team and Wazuh](https://wazuh.com/blog/adversary-emulation-on-gcp-with-stratus-red-team-and-wazuh/)\n- [Automated First-Response in AWS using Sigma and Athena](https://invictus-ir.medium.com/automated-first-response-in-aws-using-sigma-and-athena-615940bedc56)\n- [AWS Cloud Detection Lab: Cloud Pen-testing with Stratus Red Team](https://medium.com/@goodycyb/aws-cloud-detection-lab-1%EF%B8%8F%E2%83%A3-%EF%B8%8F-cloud-pen-testing-with-stratus-red-team-tool-69b4fab24743)\n\nTalks:\n- [Purple Teaming \u0026 Adversary Emulation in the Cloud with Stratus Red Team, DEF CON Cloud Village 2022](https://www.youtube.com/watch?v=rXFFuYbkntU) (recorded after the event as the talks were not recorded)\n- [Threat-Driven Development with Stratus Red Team](https://www.youtube.com/watch?v=AbWwcqLwcYI) by Ryan Marcotte Cobb\n- [Cloudy With a Chance of Purple Rain: Leveraging Stratus Red Team - BSides Portland 2022](https://www.youtube.com/watch?v=Oq9ObzATZDI)\n\nPapers:\n- [A Purple Team Approach to Attack Automation in the Cloud Native Environment](https://aaltodoc.aalto.fi/bitstream/handle/123456789/116425/master_Chaplinska_Svitlana_2022.pdf?sequence=1\u0026isAllowed=y)\n\n## Using Stratus Red Team as a Go Library\n\nSee [Examples](./examples) and [Programmatic Usage](https://stratus-red-team.cloud/user-guide/programmatic-usage/).\n\n## Development\n\n### Building Locally\n\n``` bash\nmake\n./bin/stratus --help\n```\n\n### Running Locally\n\n```bash\ngo run cmd/stratus/*.go list\n```\n\n### Running the Tests\n\n```bash\nmake test\n```\n\n### Building the Documentation\n\nFor local usage:\n```\npip install mkdocs-material mkdocs-awesome-pages-plugin\n\nmake docs\nmkdocs serve\n```\n\n### Acknowledgments\n\nMaintainer: [@christophetd](https://twitter.com/christophetd)\n\nSimilar projects (see [how Stratus Red Team compares](https://stratus-red-team.cloud/comparison/)):\n- [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team) by Red Canary\n- [Leonidas](https://github.com/FSecureLABS/leonidas) by F-Secure\n- [pacu](https://github.com/RhinoSecurityLabs/pacu) by Rhino Security Labs\n- [Amazon GuardDuty Tester](https://github.com/awslabs/amazon-guardduty-tester)\n- [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat) by Rhino Security Labs\n\nInspiration and relevant resources:\n- https://expel.io/blog/mind-map-for-aws-investigations/\n- https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/\n- https://github.com/elastic/detection-rules/tree/main/rules/integrations/aws\n","funding_links":[],"categories":["Go","aws","Tools","Uncategorized"],"sub_categories":["Simulation / Experimentation","Uncategorized"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDataDog%2Fstratus-red-team","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDataDog%2Fstratus-red-team","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDataDog%2Fstratus-red-team/lists"}