Skip to content
Stratus Red Team
Commands reference
Initializing search
datadog/stratus-red-team
Stratus Red Team
User Guide
Attack Techniques Reference
Stratus Red Team
datadog/stratus-red-team
Stratus Red Team
Stratus Red Team
Frequently Asked Questions
Stratus Red Team vs. Other Tools
Contributing
User Guide
User Guide
Getting Started
Examples
Usage
Command Reference
Command Reference
CLI Autocompletion
list
status
show
warmup
detonate
revert
cleanup
Troubleshooting
Programmatic Usage
Attack Techniques Reference
Attack Techniques Reference
All Attack Techniques
Philosophy
Supported Platforms
MITRE ATT&CK Coverage Matrices
Attack techniques
Attack techniques
AWS
AWS
Retrieve EC2 Password Data
Steal EC2 Instance Credentials
Retrieve a High Number of Secrets Manager secrets (Batch)
Retrieve a High Number of Secrets Manager secrets
Retrieve And Decrypt SSM Parameters
Delete CloudTrail Trail
Disable CloudTrail Logging Through Event Selectors
CloudTrail Logs Impairment Through S3 Lifecycle Rule
Stop CloudTrail Trail
Delete DNS query logs
Attempt to Leave the AWS Organization
Remove VPC Flow Logs
Download EC2 Instance User Data
Execute Discovery Commands on an EC2 Instance
Enumerate SES
Launch Unusual EC2 instances
Execute Commands on EC2 Instance via User Data
Usage of ssm:SendCommand on multiple instances
Usage of ssm:StartSession on multiple instances
Open Ingress Port 22 on a Security Group
Exfiltrate an AMI by Sharing It
Exfiltrate EBS Snapshot by Sharing It
Exfiltrate RDS Snapshot by Sharing
Backdoor an S3 Bucket via its Bucket Policy
Invoke Bedrock Model
S3 Ransomware through batch file deletion
S3 Ransomware through client-side encryption
S3 Ransomware through individual file deletion
Console Login without MFA
Usage of EC2 Instance Connect on multiple instances
Usage of EC2 Serial Console to push SSH public key
Backdoor an IAM Role
Create an Access Key on an IAM User
Create an administrative IAM User
Create a backdoored IAM Role
Create a Login Profile on an IAM User
Backdoor Lambda Function Through Resource-Based Policy
Add a Malicious Lambda Extension
Overwrite Lambda Function Code
Create an IAM Roles Anywhere trust anchor
Generate temporary AWS credentials using GetFederationToken
Change IAM user password
EKS
EKS
Create Admin EKS Access Entry
Backdoor aws-auth EKS ConfigMap
GCP
GCP
Retrieve a High Number of Secret Manager secrets
Exfiltrate Compute Disk by sharing it
Exfiltrate Compute Image by sharing it
Exfiltrate Compute Disk by sharing a snapshot
Backdoor a GCP Service Account through its IAM Policy
Create an Admin GCP Service Account
Create a GCP Service Account Key
Invite an External User to a GCP Project
Impersonate GCP Service Accounts
Azure
Azure
Execute Command on Virtual Machine using Custom Script Extension
Execute Commands on Virtual Machine using Run Command
Export Disk Through SAS URL
Create Azure VM Bastion shareable link
Entra id
Entra id
Backdoor Entra ID application through service principal
Backdoor Entra ID application
Create Guest User
Create Hidden Scoped Role Assignment Through HiddenMembership AU
Create Application
Create Sticky Backdoor User Through Restricted Management AU
Kubernetes
Kubernetes
Dump All Secrets
Steal Pod Service Account Token
Create Admin ClusterRole
Create Client Certificate Credential
Create Long-Lived Token
Container breakout via hostPath volume mount
Privilege escalation through node/proxy permissions
Run a Privileged Pod
Commands reference
Autocompletion
list
status
show
warmup
detonate
revert
cleanup
Back to top