Skip to content

Contributing

We welcome pull requests, contributions and feedback! For any bug report or feedback, open an issue.

Contributing to a new attack technique

Stratus Red Team is opinionated in the attack techniques it packages - see Philosophy. Feel free to open an issue to discuss ideas about new attack techniques. You can see the current backlog using the GitHub issue label new-technique.

To create a new attack technique: 1. Create a new folder under v2/internal/attacktechniques/your-cloud/your-mitre-attack-tactic/your-attack-name 2. Create a main.go file that contains the detonation (and optionally, the revert) behavior. See for example cloudtrail-stop/main.go 3. If your attack technique contains pre-requisites, create a main.tf file 4. Add your attack technique to the imports of v2/internal/attacktechniques/main.go

To generate the logs dataset using Grimoire: 1. Install Grimoire 2. Run the following to detonate the attack and retrieve CloudTrail logs:

# Build your local Stratus Red Team version
make

# Generate cloud audit logs
./bin/stratus warmup your-attack
grimoire shell --command 'export STRATUS_RED_TEAM_DETONATION_ID=$GRIMOIRE_DETONATION_ID; ./bin/stratus detonate your-attack' -o /tmp/your-attack.json
# Press Ctrl+C once you see the expected events
./bin/stratus cleanup your-attack
  1. Anonymize the logs using LogLicker:
# Note: see https://github.com/Permiso-io-tools/LogLicker/issues/5 for a currently necessary patch
../LogLicker/venv/bin/python ../LogLicker/RunLogLicker.py rawtext -ifp /tmp/your-attack.json -ofp ./docs/detonation-logs/your-attack.json
  1. Generate the docs:
make docs

Contributing to the core of Stratus Red Team

When contributing to the core of Stratus Red Team (i.e. anything that is not a new attack technique), include unit tests if applicable.