
Stratus Red Team is "Atomic Red Team™" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.
Read the announcement blog posts: - https://www.datadoghq.com/blog/cyber-attack-simulation-with-stratus-red-team/ - https://blog.christophetd.fr/introducing-stratus-red-team-an-adversary-emulation-tool-for-the-cloud/
Stratus Red Team is a self-contained Go binary.
See the documentation at stratus-red-team.cloud: - Stratus Red Team Concepts
Installing Stratus Red Team - Homebrew formula, Docker image and pre-built binaries available
Available Attack Techniques, mapped to MITRE ATT&CK
Requires Go 1.23+
go install -v github.com/datadog/stratus-red-team/v2/cmd/stratus@latest
brew tap datadog/stratus-red-team https://github.com/DataDog/stratus-red-team
brew install datadog/stratus-red-team/stratus-red-team
For Linux / Windows / Mac OS: download one of the pre-built binaries.
IMAGE="ghcr.io/datadog/stratus-red-team"
alias stratus="docker run --rm -v $HOME/.stratus-red-team/:/root/.stratus-red-team/ -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_DEFAULT_REGION $IMAGE"
You can install specific versions (or latest) of stratus-red-team using asdf and this stratus-red-team plugin:
asdf plugin add stratus-red-team https://github.com/asdf-community/asdf-stratus-red-team.git
asdf install stratus-red-team latest
The following section lists posts and projects from the community leveraging Stratus Red Team.
Open-source projects: - Threatest - AWS Threat Detection with Stratus Red Team
Videos: - Reproducing common attacks in the cloud with Stratus Red Team - Stratus Red Team: AWS EC2 Instance Credential Theft | Threat SnapShot - Automated Attack Simulation in AWS for Red Teaming
Blog posts: - AWS threat emulation and detection validation with Stratus Red Team and Datadog Cloud SIEM - Adversary emulation on AWS with Stratus Red Team and Wazuh - Sky’s the Limit: Stratus Red Team for Azure - Detecting realistic AWS cloud-attacks using Azure Sentinel - A Data Driven Comparison of Open Source Adversary Emulation Tools - Making Security Relevant in the Cloud - Detonating attacks with Datadog Stratus Red Team - AWS CloudTrail cheatsheet - Adversary emulation on GCP with Stratus Red Team and Wazuh - Automated First-Response in AWS using Sigma and Athena - AWS Cloud Detection Lab: Cloud Pen-testing with Stratus Red Team
Talks: - Purple Teaming & Adversary Emulation in the Cloud with Stratus Red Team, DEF CON Cloud Village 2022 (recorded after the event as the talks were not recorded) - Threat-Driven Development with Stratus Red Team by Ryan Marcotte Cobb - Cloudy With a Chance of Purple Rain: Leveraging Stratus Red Team - BSides Portland 2022
Papers: - A Purple Team Approach to Attack Automation in the Cloud Native Environment
See Examples and Programmatic Usage.
make
./bin/stratus --help
go run cmd/stratus/*.go list
make test
For local usage:
pip install mkdocs-material mkdocs-awesome-pages-plugin
make docs
mkdocs serve
Core maintainers: Christophe Tafani-Dereeper (@christophetd), Simon Maréchal (@Minosity-VR).
Similar projects (see how Stratus Red Team compares): - Atomic Red Team by Red Canary - Leonidas by F-Secure - pacu by Rhino Security Labs - Amazon GuardDuty Tester - CloudGoat by Rhino Security Labs
Inspiration and relevant resources: - https://expel.io/blog/mind-map-for-aws-investigations/ - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/ - https://github.com/elastic/detection-rules/tree/main/rules/integrations/aws
$ claude mcp add stratus-red-team \
-- python -m otcore.mcp_server <graph>