Monday, June 6, 2022
HomeHackerRisk-Simulation-and-Detection - Enjoying Round With Stratus Purple Group (Cloud Assault Simulation Software)...

Risk-Simulation-and-Detection – Enjoying Round With Stratus Purple Group (Cloud Assault Simulation Software) And SumoLogic




This repository is a documentation of my adventures with Stratus Purple Group – a device for adversary emulation for the cloud.

Stratus Purple Group is “Atomic Purple Group for the cloud, permitting to emulate offensive assault methods in a granular and self-contained method.

We run the assaults coated within the Stratus Purple Group repository one after the other on our AWS account. As a way to monitor them, we’ll use CloudTrail and CloudWatch for logging and ingest these logs into SumoLogic for additional evaluation.

Assault Description Hyperlink
aws.credential-access.ec2-get-password-data Retrieve EC2 Password Knowledge Hyperlink
aws.credential-access.ec2-steal-instance-credentials Steal EC2 Occasion Credentials Hyperlink
aws.credential-access.secretsmanager-retrieve-secrets Retrieve a Excessive Variety of Secrets and techniques Supervisor secrets and techniques Hyperlink
aws.credential-access.ssm-retrieve-securestring-parameters Retrieve And Decrypt SSM Parameters Hyperlink
aws.defense-evasion.cloudtrail-delete Delete CloudTrail Path Hyperlink
aws.defense-evasion.cloudtrail-event-selectors Disable CloudTrail Logging By Occasion Selectors Hyperlink
aws.defense-evasion.cloudtrail-lifecycle-rule CloudTrail Logs Impairment By S3 Lifecycle Rule Hyperlink
aws.defense-evasion.cloudtrail-stop Cease CloudTrail Path Hyperlink
aws.defense-evasion.organizations-leave Try and Depart the AWS Group Hyperlink
aws.defense-evasion.vpc-remove-flow-logs Take away VPC Stream Logs Hyperlink
aws.discovery.ec2-enumerate-from-instance Execute Discovery Instructions on an EC2 Occasion Hyperlink
aws.discovery.ec2-download-user-data Obtain EC2 Occasion Person Knowledge TBD
aws.exfiltration.ec2-security-group-open-port-22-ingress Open Ingress Port 22 on a Safety Group Hyperlink
aws.exfiltration.ec2-share-ami Exfiltrate an AMI by Sharing It Hyperlink
aws.exfiltration.ec2-share-ebs-snapshot Exfiltrate EBS Snapshot by Sharing It Hyperlink
aws.exfiltration.rds-share-snapshot Exfiltrate RDS Snapshot by Sharing Hyperlink
aws.exfiltration.s3-backdoor-bucket-policy Backdoor an S3 Bucket through its Bucket Coverage Hyperlink
aws.persistence.iam-backdoor-role Backdoor an IAM Function Hyperlink
aws.persistence.iam-backdoor-user Create an Entry Key on an IAM Person TBD
aws.persistence.iam-create-admin-user Create an administrative IAM Person TBD
aws.persistence.iam-create-user-login-profile Create a Login Profile on an IAM Person TBD
aws.persistence.lambda-backdoor-function Backdoor Lambda Perform By Useful resource-Based mostly Coverage TBD

Credit

  1. Superior group at Datadog, Inc. for Stratus Purple Group right here
  2. Hacking the Cloud AWS
  3. Falcon Power group weblog



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments