Purple Teaming Like Sky’s the Limit – Adversary Emulation in the Cloud with Stratus Red Team - Christophe Tafani-Dereeper, Datadog
Abstract
Engineering and Security teams are increasingly operating in the cloud. With that comes the need to identify malicious activity in cloud-native environments such as AWS or Kubernetes. In this context, it’s critical that we ask ourselves: what does malicious activity look like in the cloud? What are common attacker and malware tactics we should prioritize detecting? How do we reproduce these against a live cloud environment, in order to validate our logging and threat detection pipelines? In this talk, we’ll present Stratus Red Team: an open-source project for adversary emulation and validation of threat detection in the cloud. We’ll discuss the motivation behind the project, the journey and design decisions behind it, but also the philosophy we stand for: focusing on documenting and emulating real-world, documented, and sighted attack techniques. We’ll conclude by a live demo where we use Stratus Red Team to detonate attack techniques against a live AWS account. https://github.com/DataDog/stratus-red-teamClick here to view captioning/translation in the MeetingPlay platform!