stratus

package

v2.4.6 Latest Latest Go to latest Published: Sep 30, 2022 License: Apache-2.0 Imports: 4 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/datadog/stratus-red-team

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AWSProvider() *providers.AWSProvider
func EnsureAuthenticated(platform Platform) error
func K8sProvider() *providers.K8sProvider
type AttackTechnique
- func (m AttackTechnique) String() string
type AttackTechniqueFilter
type AttackTechniqueState
type Platform
- func PlatformFromString(name string) (Platform, error)
type Registry
- func GetRegistry() *Registry
- func NewRegistry() Registry

Constants ¶

View Source

const (
	AttackTechniqueStatusCold      = "COLD"
	AttackTechniqueStatusWarm      = "WARM"
	AttackTechniqueStatusDetonated = "DETONATED"
)

View Source

const (
	AWS        = "AWS"
	Kubernetes = "kubernetes"
	Azure      = "azure"
	GCP        = "GCP"
)

Variables ¶

This section is empty.

Functions ¶

func AWSProvider ¶

func AWSProvider() *providers.AWSProvider

func EnsureAuthenticated ¶

func EnsureAuthenticated(platform Platform) error

EnsureAuthenticated ensures that the current user is properly authenticated against a specific platform

func K8sProvider ¶

func K8sProvider() *providers.K8sProvider

Types ¶

type AttackTechnique ¶

type AttackTechnique struct {
	// Short identifier, e.g. aws.persistence.create-iam-user
	ID string

	// Friendly-looking short name
	FriendlyName string

	// Full description (multi-line)
	Description string

	// Pointer and leads for detection opportunities (multi-line)
	Detection string

	// Indicates if the technique is expected to be slow to warm-up or detonate
	IsSlow bool

	// MITRE ATT&CK Tactics to which this technique maps
	// see https://attack.mitre.org/techniques/enterprise/
	MitreAttackTactics []mitreattack.Tactic

	// The platform of the technique, e.g. AWS
	Platform Platform

	// Terraform code to apply to create the necessary prerequisites for the technique to be detonated
	PrerequisitesTerraformCode []byte

	// Detonation function
	// Parameters are the Terraform outputs
	Detonate func(params map[string]string) error

	// Indicates if the detonation function is idempotent, i.e. if it can be run multiple times without reverting it
	IsIdempotent bool

	// Reversion function, to revert the side effects of a detonation
	Revert func(params map[string]string) error
}

func (AttackTechnique) String ¶

func (m AttackTechnique) String() string

type AttackTechniqueFilter ¶

type AttackTechniqueFilter struct {
	Platform Platform
	Tactic   mitreattack.Tactic
}

type AttackTechniqueState ¶

type AttackTechniqueState string

type Platform ¶

type Platform string

func PlatformFromString ¶

func PlatformFromString(name string) (Platform, error)

type Registry ¶

type Registry struct {
	// contains filtered or unexported fields
}

func GetRegistry ¶

func GetRegistry() *Registry

func NewRegistry ¶

func NewRegistry() Registry

func (*Registry) GetAttackTechniqueByName ¶

func (m *Registry) GetAttackTechniqueByName(name string) *AttackTechnique

func (*Registry) GetAttackTechniques ¶

func (m *Registry) GetAttackTechniques(filter *AttackTechniqueFilter) []*AttackTechnique

func (*Registry) ListAttackTechniques ¶

func (m *Registry) ListAttackTechniques() []*AttackTechnique

func (*Registry) RegisterAttackTechnique ¶

func (m *Registry) RegisterAttackTechnique(technique *AttackTechnique)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
loader
mitreattack
runner
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL