Skip to content

List of all Attack Techniques

This page contains the list of all Stratus Attack Techniques.

Name Platform MITRE ATT&CK Tactics
Retrieve EC2 Password Data AWS Credential Access
Steal EC2 Instance Credentials AWS Credential Access
Retrieve a High Number of Secrets Manager secrets AWS Credential Access
Retrieve And Decrypt SSM Parameters AWS Credential Access
Delete CloudTrail Trail AWS Defense Evasion
Disable CloudTrail Logging Through Event Selectors AWS Defense Evasion
CloudTrail Logs Impairment Through S3 Lifecycle Rule AWS Defense Evasion
Stop CloudTrail Trail AWS Defense Evasion
Attempt to Leave the AWS Organization AWS Defense Evasion
Remove VPC Flow Logs AWS Defense Evasion
Execute Discovery Commands on an EC2 Instance AWS Discovery
Download EC2 Instance User Data AWS Discovery
Launch Unusual EC2 instances AWS Execution
Execute Commands on EC2 Instance via User Data AWS Execution, Privilege Escalation
Open Ingress Port 22 on a Security Group AWS Exfiltration
Exfiltrate an AMI by Sharing It AWS Exfiltration
Exfiltrate EBS Snapshot by Sharing It AWS Exfiltration
Exfiltrate RDS Snapshot by Sharing AWS Exfiltration
Backdoor an S3 Bucket via its Bucket Policy AWS Exfiltration
Console Login without MFA AWS Initial Access
Backdoor an IAM Role AWS Persistence
Create an Access Key on an IAM User AWS Persistence, Privilege Escalation
Create an administrative IAM User AWS Persistence, Privilege Escalation
Create a Login Profile on an IAM User AWS Persistence, Privilege Escalation
Backdoor Lambda Function Through Resource-Based Policy AWS Persistence
Overwrite Lambda Function Code AWS Persistence
Create an IAM Roles Anywhere trust anchor AWS Persistence, Privilege Escalation
Execute Command on Virtual Machine using Custom Script Extension Azure Execution
Execute Commands on Virtual Machine using Run Command Azure Execution
Export Disk Through SAS URL Azure Exfiltration
Create an Admin GCP Service Account GCP Persistence, Privilege Escalation
Create a GCP Service Account Key GCP Persistence, Privilege Escalation
Impersonate GCP Service Accounts GCP Privilege Escalation
Dump All Secrets Kubernetes Credential Access
Steal Pod Service Account Token Kubernetes Credential Access
Create Admin ClusterRole Kubernetes Persistence, Privilege Escalation
Create Long-Lived Token Kubernetes Persistence
Container breakout via hostPath volume mount Kubernetes Privilege Escalation
Privilege escalation through node/proxy permissions Kubernetes Privilege Escalation
Run a Privileged Pod Kubernetes Privilege Escalation