Stratus Red Team
July 7, 2026 · View on GitHub
Stratus Red Team is "Atomic Red Team™" for the cloud, providing granular and self-contained emulation of offensive attack techniques.
Announcement blog posts:
- https://www.datadoghq.com/blog/cyber-attack-simulation-with-stratus-red-team/
- https://blog.christophetd.fr/introducing-stratus-red-team-an-adversary-emulation-tool-for-the-cloud/
Getting Started
Stratus Red Team is a self-contained Go binary.
See the documentation at stratus-red-team.cloud:
- Stratus Red Team Concepts
- Installing Stratus Red Team - Homebrew formula, Docker image, and pre-built binaries available
- Available Attack Techniques, mapped to MITRE ATT&CK
Installation
Direct install
Requires Go 1.23+
go install -v github.com/datadog/stratus-red-team/v2/cmd/stratus@latest
Homebrew
brew tap datadog/stratus-red-team https://github.com/DataDog/stratus-red-team
brew install datadog/stratus-red-team/stratus-red-team
Pre-built binaries
For Linux, Windows, and macOS: download one of the pre-built binaries.
Docker
IMAGE="ghcr.io/datadog/stratus-red-team"
alias stratus="docker run --rm -v $HOME/.stratus-red-team/:/root/.stratus-red-team/ -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_DEFAULT_REGION $IMAGE"
asdf
Install specific versions of stratus-red-team using asdf and the stratus-red-team plugin:
asdf plugin add stratus-red-team https://github.com/asdf-community/asdf-stratus-red-team.git
asdf install stratus-red-team latest
Community
Posts and projects from the community:
Open-source projects:
Videos:
- Reproducing common attacks in the cloud with Stratus Red Team
- Stratus Red Team: AWS EC2 Instance Credential Theft | Threat SnapShot
- Automated Attack Simulation in AWS for Red Teaming
Blog posts:
- AWS threat emulation and detection validation with Stratus Red Team and Datadog Cloud SIEM
- Adversary emulation on AWS with Stratus Red Team and Wazuh
- Sky's the Limit: Stratus Red Team for Azure
- Detecting realistic AWS cloud-attacks using Azure Sentinel
- A Data Driven Comparison of Open Source Adversary Emulation Tools
- Making Security Relevant in the Cloud
- Detonating attacks with Datadog Stratus Red Team
- AWS CloudTrail cheatsheet
- Adversary emulation on GCP with Stratus Red Team and Wazuh
- Automated First-Response in AWS using Sigma and Athena
- AWS Cloud Detection Lab: Cloud Pen-testing with Stratus Red Team
Talks:
- Purple Teaming & Adversary Emulation in the Cloud with Stratus Red Team, DEF CON Cloud Village 2022
- Threat-Driven Development with Stratus Red Team by Ryan Marcotte Cobb
- Cloudy With a Chance of Purple Rain: Leveraging Stratus Red Team - BSides Portland 2022
Papers:
Using Stratus Red Team as a Go Library
See Examples and Programmatic Usage.
Development
Building Locally
make
./bin/stratus --help
Running Locally
go run cmd/stratus/*.go list
Running the Tests
make test
Building the Documentation
For local usage:
pip install mkdocs-material mkdocs-awesome-pages-plugin
make docs
mkdocs serve
Acknowledgments
Core maintainers: Christophe Tafani-Dereeper (@christophetd), Simon Maréchal (@Minosity-VR).
Similar projects (see how Stratus Red Team compares):
- Atomic Red Team by Red Canary
- Leonidas by F-Secure
- pacu by Rhino Security Labs
- Amazon GuardDuty Tester
- CloudGoat by Rhino Security Labs
Inspiration and relevant resources:
- https://expel.io/blog/mind-map-for-aws-investigations/
- https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
- https://github.com/elastic/detection-rules/tree/main/rules/integrations/aws
Skills
The following agent skills are available in this repository:
- create-attack-technique - Scaffolds and reviews new attack techniques for AWS, Azure, GCP, Entra ID, and Kubernetes, following the project's style and structure guidelines.
- test-attack-technique - Runs warmup, detonation, and cleanup phases for a given technique ID, validates cloud credentials, and produces an HTML report of results.
- map-threat-intel-coverage - Fetches a threat-intelligence report, extracts cloud TTPs, classifies each against existing Stratus Red Team coverage, and drafts GitHub issues for gaps.