Workshop Rationale¶
Stratus-red-team is excellent for conducting proof of value (PoV) engagements with prospects. The turnkey nature of the tool, with minimal setup and execution instructions, makes it convenient for conducting assessments.
The open-source tool provides broad coverage and can simulate attacks on multiple cloud platforms, including AWS, Azure, and GCP.
Risk¶
Executing individual attack techniques using Stratus may not always lead to account detections. To maximize the detection coverage across the entire cloud kill chain, it is recommended to execute the crafted Attack Simulations. These simulations are specifically designed to trigger a wide range of detections, increasing the chances of identifying potential security threats or vulnerabilities in the AWS environment.
Vectra’s Attack Signal Intelligence¶
Vectra’s Attack Signal Intelligence goes beyond signatures and anomalies by analyzing real-time attacker behavior. In contrast, Stratus attack techniques concentrate on specific end goals rather than simulating an attacker’s complete steps after a compromise. Each technique involves creating vulnerable resources, launching an attack on them, and subsequently removing the resources. However, executing individual attack techniques may not always reflect the complexity of multi-step attacks observed in the real world. To address this limitation, we have developed attack scenarios that incorporate chained techniques and simulate attacker activity, providing a more comprehensive and realistic assessment.
We anticipate that numerous detections will be triggered across the chain of attack by Detect for AWS, regardless of how you choose to execute the attack techniques.