Contributing
We welcome pull requests, contributions and feedback! For any bug report or feedback, open an issue.
Contributing to a new attack technique
Stratus Red Team is opinionated in the attack techniques it packages - see Philosophy. Feel free to open an issue to discuss ideas about new attack techniques. You can see the current backlog using the GitHub issue label new-technique
.
To create a new attack technique:
1. Create a new folder under v2/internal/attacktechniques/your-cloud/your-mitre-attack-tactic/your-attack-name
2. Create a main.go
file that contains the detonation (and optionally, the revert) behavior. See for example cloudtrail-stop/main.go
3. If your attack technique contains pre-requisites, create a main.tf
file
4. Add your attack technique to the imports of v2/internal/attacktechniques/main.go
To generate the logs dataset using Grimoire: 1. Install Grimoire 2. Run the following to detonate the attack and retrieve CloudTrail logs:
# Build your local Stratus Red Team version
make
# Generate cloud audit logs
./bin/stratus warmup your-attack
grimoire shell --command 'export STRATUS_RED_TEAM_DETONATION_ID=$GRIMOIRE_DETONATION_ID; ./bin/stratus detonate your-attack' -o /tmp/your-attack.json
# Press Ctrl+C once you see the expected events
./bin/stratus cleanup your-attack
- Anonymize the logs using LogLicker:
# Note: see https://github.com/Permiso-io-tools/LogLicker/issues/5 for a currently necessary patch
../LogLicker/venv/bin/python ../LogLicker/RunLogLicker.py rawtext -ifp /tmp/your-attack.json -ofp ./docs/detonation-logs/your-attack.json
- Generate the docs:
Contributing to the core of Stratus Red Team
When contributing to the core of Stratus Red Team (i.e. anything that is not a new attack technique), include unit tests if applicable.