Comments (4)
christofort
commented on June 21, 2024
PR raised here :)
from stratus-red-team.
christophetd
commented on June 21, 2024
Thanks for reporting! I can't seem to reproduce this in my AWS account:
$ stratus detonate aws.defense-evasion.organizations-leave
2024/01/04 13:54:07 Checking your authentication against AWS
2024/01/04 13:54:07 Warming up aws.defense-evasion.organizations-leave
2024/01/04 13:54:07 Applying Terraform to spin up technique prerequisites
2024/01/04 13:54:22 Attempting to leave the AWS organization (will trigger an Access Denied error)
2024/01/04 13:54:23 Got an access denied error as expected
Any idea what could be causing your issue? There's no harm adding that permission, but I'd like to understand the underlying cause if possible
from stratus-red-team.
christofort
commented on June 21, 2024
I think this is because we assume our own role which contains session tags, then with this role we try to assume the stratus role. When you do that in AWS, the session tags are propagated from one session to the other: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
So it will only work for us with that extra permission unfortunately
from stratus-red-team.
christophetd
commented on June 21, 2024
Merged #463, will be available shortly under v2.12.2
from stratus-red-team.
Related Issues (20)
- Migrate from using deprecated GCP SDK APIs
- Investigate the possibility of an Azure AD platform
- Azure storage account ransomware
- Azure execution through serial console
- Failure to detonate k8s.privilege-escalation.nodes-proxy HOT 5
- [QUESTION] [k8s] Circumventing the privileged pod technique HOT 1
- [QUESTION] [k8s] Cluster admin binding HOT 3
- Add attack technique about AWS Secrets Manager's new BatchGetSecrets
- Backdoor AWS account using "guest" role in Cognito Identity Pool HOT 1
- Azure AD: Backdoor tenant through new application
- Create new backdoor IAM role HOT 1
- AWS Route53: disable DNS query logging HOT 1
- AWS SNS: delete topic HOT 1
- Usage of ssm:SendCommand on multiple instances #60 HOT 1
- Add references to S3 ransomware in the wild to existing S3 attack techniques
- New attack technique: Snapshot existing volume and attach to compromised EC2 instance
- New attack technique: VMAccess Extension to add SSH keys to VMs
- New attack technique: SendSerialConsoleSSHPublicKey HOT 1
- Analyze LUCR-3 TTPs and suggest new attack techniques
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stratus-red-team.