Contributing
We welcome pull requests, contributions and feedback! For any bug report or feedback, open an issue.
Contributing to a new attack technique
Stratus Red Team is opinionated in the attack techniques it packages - see Philosophy. Feel free to open an issue to discuss ideas about new attack techniques. You can see the current backlog using the GitHub issue label new-technique.
To create a new attack technique:
- Create a new folder under
v2/internal/attacktechniques/your-cloud/your-mitre-attack-tactic/your-attack-name - Create a
main.gofile that contains the detonation (and optionally, the revert) behavior. See for example cloudtrail-stop/main.go - If your attack technique contains pre-requisites, create a
main.tffile - Add your attack technique to the imports of
v2/internal/attacktechniques/main.go
To generate the logs dataset using Grimoire:
- Install Grimoire
- Run the following to detonate the attack and retrieve CloudTrail logs:
# Build your local Stratus Red Team version
make
# Generate cloud audit logs
./bin/stratus warmup your-attack
grimoire shell --command 'export STRATUS_RED_TEAM_DETONATION_ID=$GRIMOIRE_DETONATION_ID; ./bin/stratus detonate your-attack' -o /tmp/your-attack.json
# Press Ctrl+C once you see the expected events
./bin/stratus cleanup your-attack
- Anonymize the logs using LogLicker:
# Note: see https://github.com/Permiso-io-tools/LogLicker/issues/5 for a currently necessary patch
../LogLicker/venv/bin/python ../LogLicker/RunLogLicker.py rawtext -ifp /tmp/your-attack.json -ofp ./docs/detonation-logs/your-attack.json
- Generate the docs:
Contributing to the core of Stratus Red Team
When contributing to the core of Stratus Red Team (i.e. anything that is not a new attack technique), include unit tests if applicable.