New attack technique: Create Workload Identity Federation Pool and Provider (gcp.persistence.create-workload-identity-federation)

docs/attack-techniques/GCP/gcp.persistence.create-workload-identity-federation.md

@@ -0,0 +1,73 @@
+---
+title: Create a Workload Identity Federation Pool and Provider
+---
+
+# Create a Workload Identity Federation Pool and Provider
+
+
+
+
+Platform: GCP
+
+## Mappings
+
+- MITRE ATT&CK
+    - Persistence
+
+
+
+## Description
+
+
+Creates a Workload Identity Federation (WIF) pool and an X.509 provider within it,
+then grants the pool's identities permission to impersonate a target service account.
+This simulates an attacker who has obtained access to a GCP project and establishes
+a persistent backdoor by acting as their own certificate authority: any machine that
+holds a certificate signed by the attacker's CA can silently exchange it for GCP
+access tokens impersonating the target service account, without ever creating a
+service account key.
+
+This is the GCP equivalent of AWS IAM Roles Anywhere.
+
+<span style="font-variant: small-caps;">Warm-up</span>:
+
+- Create a target service account
+
+<span style="font-variant: small-caps;">Detonation</span>:
+
+- Generate an attacker-controlled CA certificate and a client certificate signed by it
+- Create a Workload Identity Pool named <code>stratus-red-team-wif-&lt;suffix&gt;</code>
+- Create an X.509 provider within the pool, trusting the attacker CA
+- Grant <code>roles/iam.workloadIdentityUser</code> on the target service account
+  to all identities in the pool (any cert signed by the attacker CA can impersonate it)
+- Write <code>ca.crt</code>, <code>client.crt</code>, and <code>client.key</code> to the current directory
+
+Revert:
+
+- Remove the <code>roles/iam.workloadIdentityUser</code> binding from the service account
+- Delete the X.509 provider
+- Delete the Workload Identity Pool
+- Remove <code>ca.crt</code>, <code>client.crt</code>, and <code>client.key</code>
+
+References:
+
+- https://cloud.google.com/iam/docs/workload-identity-federation-with-x509-certificates
+- https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools
+- https://www.tenable.com/blog/how-attackers-can-exploit-gcps-multicloud-workload-solution
+
+
+## Instructions
+
+```bash title="Detonate with Stratus Red Team"
+stratus detonate gcp.persistence.create-workload-identity-federation
+```
+## Detection
+
+
+Identify when a Workload Identity Federation pool or provider is created by
+monitoring for <code>google.iam.admin.v1.CreateWorkloadIdentityPool</code> and
+<code>google.iam.admin.v1.CreateWorkloadIdentityPoolProvider</code> events in GCP
+Admin Activity audit logs. Alert on unexpected creation, especially X.509 providers
+which allow certificate-based authentication from outside GCP.
+
+

docs/attack-techniques/GCP/index.md

@@ -28,6 +28,8 @@ Note that some Stratus attack techniques may correspond to more than a single AT
 
   - [Create a GCP Service Account Key](./gcp.persistence.create-service-account-key.md)
 
+  - [Create a Workload Identity Federation Pool and Provider](./gcp.persistence.create-workload-identity-federation.md)
+
   - [Invite an External User to a GCP Project](./gcp.persistence.invite-external-user.md)
 
   - [Backdoor a Cloud Function by Granting Public Invoke Access](./gcp.persistence.backdoor-cloud-function.md)

docs/attack-techniques/list.md

@@ -92,6 +92,7 @@ This page contains the list of all Stratus Attack Techniques.
 | [Backdoor a GCP Service Account through its IAM Policy](./GCP/gcp.persistence.backdoor-service-account-policy.md) | [GCP](./GCP/index.md) | Persistence |
 | [Create an Admin GCP Service Account](./GCP/gcp.persistence.create-admin-service-account.md) | [GCP](./GCP/index.md) | Persistence, Privilege Escalation |
 | [Create a GCP Service Account Key](./GCP/gcp.persistence.create-service-account-key.md) | [GCP](./GCP/index.md) | Persistence, Privilege Escalation |
+| [Create a Workload Identity Federation Pool and Provider](./GCP/gcp.persistence.create-workload-identity-federation.md) | [GCP](./GCP/index.md) | Persistence |
 | [Invite an External User to a GCP Project](./GCP/gcp.persistence.invite-external-user.md) | [GCP](./GCP/index.md) | Persistence |
 | [Dump All Secrets](./kubernetes/k8s.credential-access.dump-secrets.md) | [Kubernetes](./kubernetes/index.md) | Credential Access |
 | [Steal Pod Service Account Token](./kubernetes/k8s.credential-access.steal-serviceaccount-token.md) | [Kubernetes](./kubernetes/index.md) | Credential Access |

docs/attack-techniques/mitre-attack-coverage-matrices.md

@@ -59,9 +59,9 @@ This provides coverage matrices of MITRE ATT&CK tactics and techniques currently
 <tr><td></td><td><a href="../GCP/gcp.execution.modify-vertex-notebook-startup">Inject a Malicious Startup Script into a Vertex AI Workbench Instance</a></td><td><a href="../GCP/gcp.persistence.backdoor-service-account-policy">Backdoor a GCP Service Account through its IAM Policy</a></td><td><a href="../GCP/gcp.persistence.create-admin-service-account">Create an Admin GCP Service Account</a></td><td><a href="../GCP/gcp.defense-evasion.disable-audit-logs">Disable Data Access Audit Logs for a GCP Service</a></td><td><a href="../GCP/gcp.initial-access.use-compute-sa-outside-gcp">Steal and Use the GCE Default Service Account Token from Outside Google Cloud</a></td><td><a href="../GCP/gcp.discovery.enumerate-permissions">Enumerate Permissions of a GCP Service Account</a></td><td></td><td><a href="../GCP/gcp.exfiltration.share-compute-disk">Exfiltrate Compute Disk by sharing it</a></td><td><a href="../GCP/gcp.impact.create-instances-in-multiple-zones">Create GCE Instances in Multiple Zones</a></td></tr>
 <tr><td></td><td><a href="../GCP/gcp.execution.os-config-run-command">Execute Commands on GCE Instances via OS Config Agent</a></td><td><a href="../GCP/gcp.persistence.create-admin-service-account">Create an Admin GCP Service Account</a></td><td><a href="../GCP/gcp.persistence.create-service-account-key">Create a GCP Service Account Key</a></td><td><a href="../GCP/gcp.defense-evasion.remove-project-from-organization">Attempt to Remove a GCP Project from its Organization</a></td><td></td><td></td><td></td><td><a href="../GCP/gcp.exfiltration.share-compute-image">Exfiltrate Compute Image by sharing it</a></td><td><a href="../GCP/gcp.impact.invoke-vertex-ai-model">Invoke a Vertex AI Model</a></td></tr>
 <tr><td></td><td></td><td><a href="../GCP/gcp.persistence.create-service-account-key">Create a GCP Service Account Key</a></td><td><a href="../GCP/gcp.privilege-escalation.impersonate-service-accounts">Impersonate GCP Service Accounts</a></td><td><a href="../GCP/gcp.defense-evasion.remove-vpc-flow-logs">Disable VPC Flow Logs on a Subnet</a></td><td></td><td></td><td></td><td><a href="../GCP/gcp.exfiltration.share-compute-snapshot">Exfiltrate Compute Disk by sharing a snapshot</a></td><td><a href="../GCP/gcp.impact.ransomware-gcs-batch-deletion">Ransomware Simulation — Delete All GCS Objects in Batch</a></td></tr>
-<tr><td></td><td></td><td><a href="../GCP/gcp.persistence.invite-external-user">Invite an External User to a GCP Project</a></td><td><a href="../GCP/gcp.execution.modify-vertex-notebook-startup">Inject a Malicious Startup Script into a Vertex AI Workbench Instance</a></td><td><a href="../GCP/gcp.defense-evasion.delete-logging-sink">Delete a GCP Log Sink</a></td><td></td><td></td><td></td><td><a href="../GCP/gcp.exfiltration.backdoor-gcs-bucket">Backdoor a GCS Bucket via Overly Permissive IAM Policy</a></td><td><a href="../GCP/gcp.impact.ransomware-gcs-client-side-encryption">Ransomware Simulation — Encrypt GCS Objects Client-Side</a></td></tr>
-<tr><td></td><td></td><td><a href="../GCP/gcp.persistence.backdoor-cloud-function">Backdoor a Cloud Function by Granting Public Invoke Access</a></td><td></td><td><a href="../GCP/gcp.defense-evasion.disable-logging-sink">Disable a GCP Log Sink</a></td><td></td><td></td><td></td><td></td><td><a href="../GCP/gcp.impact.ransomware-gcs-individual-deletion">Ransomware Simulation — Delete GCS Objects Individually</a></td></tr>
-<tr><td></td><td></td><td></td><td></td><td><a href="../GCP/gcp.defense-evasion.reduce-sink-log-retention">Reduce Log Retention Period on a Cloud Logging Sink Bucket</a></td><td></td><td></td><td></td><td></td><td></td></tr>
+<tr><td></td><td></td><td><a href="../GCP/gcp.persistence.create-workload-identity-federation">Create a Workload Identity Federation Pool and Provider</a></td><td><a href="../GCP/gcp.execution.modify-vertex-notebook-startup">Inject a Malicious Startup Script into a Vertex AI Workbench Instance</a></td><td><a href="../GCP/gcp.defense-evasion.delete-logging-sink">Delete a GCP Log Sink</a></td><td></td><td></td><td></td><td><a href="../GCP/gcp.exfiltration.backdoor-gcs-bucket">Backdoor a GCS Bucket via Overly Permissive IAM Policy</a></td><td><a href="../GCP/gcp.impact.ransomware-gcs-client-side-encryption">Ransomware Simulation — Encrypt GCS Objects Client-Side</a></td></tr>
+<tr><td></td><td></td><td><a href="../GCP/gcp.persistence.invite-external-user">Invite an External User to a GCP Project</a></td><td></td><td><a href="../GCP/gcp.defense-evasion.disable-logging-sink">Disable a GCP Log Sink</a></td><td></td><td></td><td></td><td></td><td><a href="../GCP/gcp.impact.ransomware-gcs-individual-deletion">Ransomware Simulation — Delete GCS Objects Individually</a></td></tr>
+<tr><td></td><td></td><td><a href="../GCP/gcp.persistence.backdoor-cloud-function">Backdoor a Cloud Function by Granting Public Invoke Access</a></td><td></td><td><a href="../GCP/gcp.defense-evasion.reduce-sink-log-retention">Reduce Log Retention Period on a Cloud Logging Sink Bucket</a></td><td></td><td></td><td></td><td></td><td></td></tr>
 </tbody>
 </table>
 </div>

docs/index.yaml

@@ -770,6 +770,13 @@ GCP:
             - Privilege Escalation
           platform: GCP
           isIdempotent: false
+        - id: gcp.persistence.create-workload-identity-federation
+          name: Create a Workload Identity Federation Pool and Provider
+          isSlow: false
+          mitreAttackTactics:
+            - Persistence
+          platform: GCP
+          isIdempotent: false
         - id: gcp.persistence.invite-external-user
           name: Invite an External User to a GCP Project
           isSlow: false

v2/go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.5.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.3.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armlocks v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0
@@ -50,10 +51,11 @@ require (
 	github.com/jedib0t/go-pretty/v6 v6.4.0
 	github.com/microsoftgraph/msgraph-beta-sdk-go v0.108.0
 	github.com/microsoftgraph/msgraph-sdk-go-core v1.2.1
+	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/spf13/cobra v1.6.0
 	github.com/spf13/viper v1.21.0
 	github.com/stretchr/testify v1.11.1
-	golang.org/x/oauth2 v0.27.0
+	golang.org/x/oauth2 v0.29.0
 	golang.org/x/sync v0.16.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.25.3
@@ -64,14 +66,12 @@ require (
 require (
 	cloud.google.com/go v0.118.0 // indirect
 	cloud.google.com/go/aiplatform v1.70.0 // indirect
-	cloud.google.com/go/auth v0.14.0 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
+	cloud.google.com/go/auth v0.16.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	cloud.google.com/go/iam v1.3.1 // indirect
 	cloud.google.com/go/longrunning v0.6.4 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect
@@ -108,7 +108,7 @@ require (
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
 	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
@@ -135,7 +135,6 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/sagikazarmark/locafero v0.11.0 // indirect
-	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
 	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
@@ -144,20 +143,20 @@ require (
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
-	go.opentelemetry.io/otel v1.34.0 // indirect
-	go.opentelemetry.io/otel/metric v1.34.0 // indirect
-	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
+	go.opentelemetry.io/otel v1.35.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/trace v1.35.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/mod v0.26.0 // indirect
 	golang.org/x/net v0.43.0 // indirect
 	golang.org/x/term v0.34.0 // indirect
-	golang.org/x/time v0.9.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
 	google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect
-	google.golang.org/protobuf v1.36.4 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/klog/v2 v2.70.1 // indirect
@@ -178,6 +177,6 @@ require (
 	golang.org/x/crypto v0.41.0
 	golang.org/x/sys v0.35.0 // indirect
 	golang.org/x/text v0.28.0 // indirect
-	google.golang.org/api v0.218.0
-	google.golang.org/grpc v1.70.0 // indirect
+	google.golang.org/api v0.230.0
+	google.golang.org/grpc v1.72.0 // indirect
 )