Stratus Red Team

July 7, 2026 · View on GitHub

made-with-Go Tests static analysis OpenSSF Scorecard CII Best Practices

Stratus Red Team

Stratus Red Team is "Atomic Red Team™" for the cloud, providing granular and self-contained emulation of offensive attack techniques.

Terminal recording

Announcement blog posts:

Getting Started

Stratus Red Team is a self-contained Go binary.

See the documentation at stratus-red-team.cloud:

Installation

Direct install

Requires Go 1.23+

go install -v github.com/datadog/stratus-red-team/v2/cmd/stratus@latest

Homebrew

brew tap datadog/stratus-red-team https://github.com/DataDog/stratus-red-team
brew install datadog/stratus-red-team/stratus-red-team

Pre-built binaries

For Linux, Windows, and macOS: download one of the pre-built binaries.

Docker

IMAGE="ghcr.io/datadog/stratus-red-team"
alias stratus="docker run --rm -v $HOME/.stratus-red-team/:/root/.stratus-red-team/ -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_DEFAULT_REGION $IMAGE"

asdf

Install specific versions of stratus-red-team using asdf and the stratus-red-team plugin:

asdf plugin add stratus-red-team https://github.com/asdf-community/asdf-stratus-red-team.git
asdf install stratus-red-team latest

Community

Posts and projects from the community:

Open-source projects:

Videos:

Blog posts:

Talks:

Papers:

Using Stratus Red Team as a Go Library

See Examples and Programmatic Usage.

Development

Building Locally

make
./bin/stratus --help

Running Locally

go run cmd/stratus/*.go list

Running the Tests

make test

Building the Documentation

For local usage:

pip install mkdocs-material mkdocs-awesome-pages-plugin

make docs
mkdocs serve

Acknowledgments

Core maintainers: Christophe Tafani-Dereeper (@christophetd), Simon Maréchal (@Minosity-VR).

Similar projects (see how Stratus Red Team compares):

Inspiration and relevant resources:

Skills

The following agent skills are available in this repository:

  • create-attack-technique - Scaffolds and reviews new attack techniques for AWS, Azure, GCP, Entra ID, and Kubernetes, following the project's style and structure guidelines.
  • test-attack-technique - Runs warmup, detonation, and cleanup phases for a given technique ID, validates cloud credentials, and produces an HTML report of results.
  • map-threat-intel-coverage - Fetches a threat-intelligence report, extracts cloud TTPs, classifies each against existing Stratus Red Team coverage, and drafts GitHub issues for gaps.