Stratus Red Team | DataDog

Offensive & Pentesting

Cloud‑native adversary emulation tool that emulates offensive attack techniques granularly, similar to Atomic Red Team but for cloud environments

Track releases GitHub Website

Go Latest v2.32.1 · 14d ago Security brief →

Features

Emulates fine‑grained cloud attack techniques mapped to MITRE ATT&CK
Self‑contained Go binary with Docker, Homebrew, pre‑built binaries and asdf install options
Supports multiple clouds (AWS, Azure, GCP) for realistic threat simulation

Recent releases

View all 13 releases →

No immediate action

v2.32.1 New feature 14d

Binary size cut + config templating

Open

Review required

v2.32.0 New feature 14d

Dependencies

GCP attacks + K8s labeling + annotations

Open

v2.31.1 Bug fix 1mo

Fixed expired Terraform public key issue when downloading hc-install.

Full changelog

Bugfix

Bumping the hc-install library version to fix a expired pubkey issue when downloading Terraform

Changelog

ab1e2f9ce93428e8e1fca7f4d2d4a13fdca29280 Brew formula update for stratus-red-team version v2.31.0
c1b051836478233386778e1ace599dd658c5945c Bump hc-install to o.9.4 to fix tf pubkey expired issue (#839)
2fc0e0413d1e0e7ceb264d4286fc17deec0a3fa1 Merge pull request #836 from DataDog/homebrew-update-2.31.0
e2cd34b27aed63d4c48ca3476aae14b08ab75a56 Update maintainer list (#840)

View release on GitHub

v2.31.0 New feature 1mo

Notable features

Support for using an S3 bucket to store internal and Terraform state
Ability to launch the runner with custom StateManager, TerraformManager, ProviderFactory, Config, and CorrelationID options
Option to use an existing Terraform binary instead of auto‑downloading one

Full changelog

Changelog

New attack techniques:

Backdoor Azure Managed Identity with Federated Identity Credential (FIC) (Azure) by @siigil
Backdoor Entra ID application with Federated Identity Credential (FIC) (EntraID) by @siigil
Attempt to Remove a GCP Project from its Organization (GCP) by @Minosity-VR
Delete a Cloud DNS Logging Policy (GCP) by @Minosity-VR
Disable Data Access Audit Logs for a GCP Service (GCP) by @Minosity-VR
Disable VPC Flow Logs on a Subnet (GCP) by @Minosity-VR
Disable a GCP Log Sink (GCP) by @Minosity-VR
Read GCE Instance Metadata via the Compute API (GCP) by @Minosity-VR
Reduce Log Retention Period on a Cloud Logging Sink Bucket (GCP) by @Minosity-VR

New features:

e26e2c6779ee1a0d5f35c0252605a1f3a5eb6565 Programatic usage now supports using a S3 bucket for internal and terraform state (#834)
09d59fa3da9ce8730e79c07b76e177cf6da6b0db Programmatic usage now supports options to launch the runner with custom StateManager, TerraformManager, ProviderFactory, Config, and CorrelationID (#817)
23d67d2456cb602b9439256b8a93831ed3c7d19c Programmatic usage now supports using an existing terraform binary instead of downloading its own (#819)
8b93c93b6d41fb9d01376a88a362fb9f7449c1dd Programmatic usage now supports running the runner with configurable cloud credentials rather than relying on the environment (#832)

Chores

eb00e09d05c10dc5d863caf2e665f5a1885bda6b Brew formula update for stratus-red-team version v2.30.0 (#816)
d6e0077f54b5ed8a5354a483680fe46dcc41c959 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#812)
30c4576acfd24e3651043aeadd5087a6717590f3 Bump dominikh/staticcheck-action from 1.4.0 to 1.4.1 (#811)
bd72c7bc3e18c9e3792736fe89d982b31b11ebfb Bump github/codeql-action from 3.30.5 to 4.34.1 (#813)
3ea7acb86fb1a310f757498f6288f3e82bf30bf3 Bump hashicorp/setup-terraform from 3.1.2 to 4.0.0 (#814)
4aaaa8b2c11a4798781df3778711ad80dcb33df9 Bump step-security/harden-runner from 2.15.0 to 2.16.0 (#815)

View release on GitHub

v2.30.0 New feature 2mo

Notable features

Support for YAML configuration files

Full changelog

Changelog

New features:

53c92120cddf8851deaba184632c14a0bada0f6b Stratus Red Team now supports a YAML configuration file (#721). See the documentation: https://stratus-red-team.cloud/user-guide/getting-started/#configuration-file

Docs enhancements:

67045a5b598b8204ca28b93f260898071f96194b [cmd] - Add example for CLI expand (#763)

Bug fixes:

1ec5593b8a6c791bce11b8511839b4555c640621 Use DisassociateLifecycleConfig instead of setting name to empty string (#781)

Chores:

18ffc8007bec0ce91c684d2765b0f6f0249b4f1a (fix)[CI] - Allow release-assets.githubusercontent.com in harden runner (#782)
c5a0a89f925557456c097763f126d076ce53d6bf Fix static analysis CI by using actions/setup-go (#785)

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.