Christophe Tafani-Dereeper
Christophe Tafani-Dereeper
e.g. https://github.com/tucommenceapousser/CVE-2023-24489-PoC/blob/34a1ef0eba9bec14067efdd255680b028d954432/CVE-2023-24489-RCE.py perhaps just "very long hex string" is good enough and more generic than matching on a pyarmor import?
Such as 999.9.9, very large numbers (more than 4 digits without a dot)
As searching for logs can take some time, it would be nice to print something regularily to show the program isn't stuck.
``` WARN[2024-08-03 23:49:49] You have %d events in the exclude list0 INFO[2024-08-03 23:49:49] Warming up Stratus Red Team attack technique aws.persistence.iam-create-admin-user INFO[2024-08-03 23:49:49] Detonating Stratus Red Team attack technique aws.persistence.iam-create-admin-user...
As searching for logs can take some time, it would be nice to print something regularily to show the program isn't stuck.
For attack techniques that have a `revert` function in Stratus Red Team, this function is called before cleaning up: https://github.com/DataDog/stratus-red-team/blob/main/v2/pkg/stratus/runner/runner.go#L182-L192 This causes these logs to have the same UA as...
This would likely require using something like CloudTrail Lake to have more granularity on events logged. Using a plain CloudTrail trail is impractical considering logs go to S3.
https://aws.amazon.com/blogs/security/unauthorized-tactic-spotlight-initial-access-through-a-third-party-identity-provider/
###### Automated with [GoReleaser](https://goreleaser.com)