search

DataDog / stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
https://stratus-red-team.cloud
Apache License 2.0
1.83k stars 215 forks source link

Updating technique references for Unit42 VM Attack Path article. #539

Closed siigil closed 4 months ago

siigil commented 4 months ago

What does this PR do?

Adds references to https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/ for applicable techniques mentioned in this writeup:

Cloud Writeup Technique Writeup Name Stratus Technique
AWS Direct Code Execution Use SSM Run Command to Execute Code /AWS/aws.execution.ssm-send-command.md
AWS SSH Key Push Use EC2 Instance Connect to Push SSH Keys /AWS/aws.lateral-movement.ec2-instance-connect.md
AWS Startup Script Manipulation Modify Startup Scripts in User Data /AWS/aws.execution.ec2-user-data.md
AWS SSH Over Middleware Use SSM Session Manager to Log into a VM /AWS/aws.execution.ssm-start-session.md
Azure Direct Code Execution Use Virtual Machine Run Command to Execute Code /azure/azure.execution.vm-run-command.md
Azure Direct Code Execution Use a Custom Script Extension to Run Scripts /azure/azure.execution.vm-custom-script-extension.md

Motivation

Adding references to Unit42 VM techniques article in support of #527.

Checklist

N/A as documentation update.