DataDog / stratus-red-team Public

Notifications You must be signed in to change notification settings
Fork 291
Star 2.3k

Code
Issues 41
Pull requests 34
Discussions
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights

Pull requests: DataDog/stratus-red-team

Labels 48 Milestones 1

New pull request New

34 Open 576 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

New attack technique: Overwrite a Cloud Function with Malicious Code (gcp.persistence.overwrite-cloud-function)

#809 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Create Workload Identity Federation Pool and Provider (gcp.persistence.create-workload-identity-federation)

#808 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Backdoor a Cloud Function (gcp.persistence.backdoor-cloud-function)

#807 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Delete GCS Objects Individually (gcp.impact.ransomware-gcs-individual-deletion)

#806 opened Mar 26, 2026 by Minosity-VR • Draft

4 of 5 tasks

New attack technique: Encrypt GCS Objects Client-Side (gcp.impact.ransomware-gcs-client-side-encryption)

#805 opened Mar 26, 2026 by Minosity-VR • Draft

4 of 5 tasks

New attack technique: Delete All GCS Objects in Batch (gcp.impact.ransomware-gcs-batch-deletion)

#804 opened Mar 26, 2026 by Minosity-VR • Draft

4 of 5 tasks

New attack technique: Invoke Vertex AI Model (gcp.impact.invoke-vertex-ai-model)

#803 opened Mar 26, 2026 by Minosity-VR • Draft

4 of 5 tasks

New attack technique: Exfiltrate a Cloud SQL Database via GCS Export (gcp.exfiltration.share-cloud-sql-backup)

#802 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Open Ingress Port 22 on a Firewall Rule (gcp.exfiltration.open-port-22-ingress)

#801 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Backdoor a GCS Bucket via Overly Permissive IAM Policy (gcp.exfiltration.backdoor-gcs-bucket)

#800 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Execute Commands on GCE Instances via OS Config Agent (gcp.execution.os-config-run-command)

#799 opened Mar 26, 2026 by Minosity-VR • Draft

4 of 5 tasks

New attack technique: Inject a Malicious Startup Script into a Vertex AI Workbench Instance (gcp.execution.modify-vertex-notebook-startup)

#798 opened Mar 26, 2026 by Minosity-VR • Draft

4 of 5 tasks

New attack technique: Modify a GCE Instance Startup Script (gcp.execution.modify-gce-startup-script)

#797 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Grant IAP Tunnel Access to an External Identity (gcp.execution.iap-tunnel-session)

#796 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Read GCE Instance Metadata via the Compute API (gcp.discovery.download-instance-metadata)

#795 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Disable VPC Flow Logs on a Subnet (gcp.defense-evasion.remove-vpc-flow-logs)

#794 opened Mar 26, 2026 by Minosity-VR • Draft

4 of 5 tasks

New attack technique: Attempt to Remove a GCP Project from its Organization (gcp.defense-evasion.remove-project-from-organization)

#793 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Reduce Log Retention Period on a Cloud Logging Sink Bucket (gcp.defense-evasion.reduce-sink-log-retention)

#792 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Disable a GCP Log Sink (gcp.defense-evasion.disable-logging-sink)

#791 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Disable Data Access Audit Logs for a GCP Service (gcp.defense-evasion.disable-audit-logs)

#790 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Delete a GCP Log Sink (gcp.defense-evasion.delete-logging-sink)

#789 opened Mar 26, 2026 by Minosity-VR • Draft

5 tasks done

New attack technique: Delete a Cloud DNS Logging Policy (gcp.defense-evasion.delete-dns-logs)

#788 opened Mar 26, 2026 by Minosity-VR

Loading…

5 tasks done

docs(contributing): add TraderTraitor roadmap notes

#780 opened Mar 23, 2026 by benogeorge

Loading…

New technique: Exfiltrating S3 via Amazon Bedrock

#705 opened Oct 26, 2025 by myugan

Loading…

3 tasks done

feat(secretsmanager-batch-retrieve-secrets): enable negative filtering through environment variable

#704 opened Oct 10, 2025 by 0x-JP

Loading…

Previous 1 2 Next

Previous Next

ProTip! Filter pull requests by the default branch with base:main.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!