Coverage matrices: Update styling (#660)

christophetd · web-flow · commit aa4e8d33d92b · 2025-03-18T16:49:13.000+01:00
* Coverage matrices: Update styling

* Make platform order deterministic
diff --git a/docs/attack-techniques/mitre-attack-coverage-matrices.md b/docs/attack-techniques/mitre-attack-coverage-matrices.md
@@ -1,9 +1,7 @@
 
 <style>
     .table-container {
-        overflow-x: auto; /* Enables horizontal scrolling */
         max-width: 80%; /* Ensures it doesn't go beyond the page */
-        border: 1px solid #ddd;
         padding: 10px;
         margin-bottom: 20px;
     }
@@ -26,37 +24,33 @@
 # MITRE ATT&CK Coverage by Platform
 
 This provides coverage matrices of MITRE ATT&CK tactics and techniques currently covered by Stratus Red Team for different cloud platforms.
-<h2 style="text-transform: uppercase;">azure</h2>
+<h2>AWS</h2>
 <div class="table-container"><table>
-<thead><tr><th>Execution</th><th>Persistence</th><th>Exfiltration</th></tr></thead>
-<tbody>
-<tr><td><a href="../Azure/azure.execution.vm-custom-script-extension">Execute Command on Virtual Machine using Custom Script Extension</a></td><td><a href="../Azure/azure.persistence.create-bastion-shareable-link">Create Azure VM Bastion shareable link</a></td><td><a href="../Azure/azure.exfiltration.disk-export">Export Disk Through SAS URL</a></td></tr>
-<tr><td><a href="../Azure/azure.execution.vm-run-command">Execute Commands on Virtual Machine using Run Command</a></td><td></td><td></td></tr>
-</tbody>
-</table>
-</div>
-<h2 style="text-transform: uppercase;">EKS</h2>
-<div class="table-container"><table>
-<thead><tr><th>Persistence</th><th>Privilege Escalation</th><th>Lateral Movement</th></tr></thead>
+<thead><tr><th>Initial Access</th><th>Execution</th><th>Persistence</th><th>Privilege Escalation</th><th>Defense Evasion</th><th>Credential Access</th><th>Discovery</th><th>Lateral Movement</th><th>Exfiltration</th><th>Impact</th></tr></thead>
 <tbody>
-<tr><td><a href="../EKS/eks.persistence.backdoor-aws-auth-configmap">Backdoor aws-auth EKS ConfigMap</a></td><td><a href="../EKS/eks.persistence.backdoor-aws-auth-configmap">Backdoor aws-auth EKS ConfigMap</a></td><td><a href="../EKS/eks.lateral-movement.create-access-entry">Create Admin EKS Access Entry</a></td></tr>
+<tr><td><a href="../AWS/aws.initial-access.console-login-without-mfa">Console Login without MFA</a></td><td><a href="../AWS/aws.execution.ec2-launch-unusual-instances">Launch Unusual EC2 instances</a></td><td><a href="../AWS/aws.persistence.iam-backdoor-role">Backdoor an IAM Role</a></td><td><a href="../AWS/aws.execution.ec2-user-data">Execute Commands on EC2 Instance via User Data</a></td><td><a href="../AWS/aws.defense-evasion.cloudtrail-delete">Delete CloudTrail Trail</a></td><td><a href="../AWS/aws.credential-access.ec2-get-password-data">Retrieve EC2 Password Data</a></td><td><a href="../AWS/aws.discovery.ec2-enumerate-from-instance">Execute Discovery Commands on an EC2 Instance</a></td><td><a href="../AWS/aws.lateral-movement.ec2-serial-console-send-ssh-public-key">Usage of EC2 Serial Console to push SSH public key</a></td><td><a href="../AWS/aws.exfiltration.ec2-security-group-open-port-22-ingress">Open Ingress Port 22 on a Security Group</a></td><td><a href="../AWS/aws.impact.bedrock-invoke-model">Invoke Bedrock Model</a></td></tr>
+<tr><td></td><td><a href="../AWS/aws.execution.ec2-user-data">Execute Commands on EC2 Instance via User Data</a></td><td><a href="../AWS/aws.persistence.iam-backdoor-user">Create an Access Key on an IAM User</a></td><td><a href="../AWS/aws.persistence.iam-backdoor-user">Create an Access Key on an IAM User</a></td><td><a href="../AWS/aws.defense-evasion.cloudtrail-event-selectors">Disable CloudTrail Logging Through Event Selectors</a></td><td><a href="../AWS/aws.credential-access.ec2-steal-instance-credentials">Steal EC2 Instance Credentials</a></td><td><a href="../AWS/aws.discovery.ec2-download-user-data">Download EC2 Instance User Data</a></td><td><a href="../AWS/aws.lateral-movement.ec2-instance-connect">Usage of EC2 Instance Connect on multiple instances</a></td><td><a href="../AWS/aws.exfiltration.ec2-share-ami">Exfiltrate an AMI by Sharing It</a></td><td><a href="../AWS/aws.impact.s3-ransomware-batch-deletion">S3 Ransomware through batch file deletion</a></td></tr>
+<tr><td></td><td><a href="../AWS/aws.execution.ssm-send-command">Usage of ssm:SendCommand on multiple instances</a></td><td><a href="../AWS/aws.persistence.iam-create-admin-user">Create an administrative IAM User</a></td><td><a href="../AWS/aws.persistence.iam-create-admin-user">Create an administrative IAM User</a></td><td><a href="../AWS/aws.defense-evasion.cloudtrail-lifecycle-rule">CloudTrail Logs Impairment Through S3 Lifecycle Rule</a></td><td><a href="../AWS/aws.credential-access.secretsmanager-batch-retrieve-secrets">Retrieve a High Number of Secrets Manager secrets (Batch)</a></td><td><a href="../AWS/aws.discovery.ses-enumerate">Enumerate SES</a></td><td></td><td><a href="../AWS/aws.exfiltration.ec2-share-ebs-snapshot">Exfiltrate EBS Snapshot by Sharing It</a></td><td><a href="../AWS/aws.impact.s3-ransomware-client-side-encryption">S3 Ransomware through client-side encryption</a></td></tr>
+<tr><td></td><td><a href="../AWS/aws.execution.ssm-start-session">Usage of ssm:StartSession on multiple instances</a></td><td><a href="../AWS/aws.persistence.iam-create-backdoor-role">Create a backdoored IAM Role</a></td><td><a href="../AWS/aws.persistence.iam-create-user-login-profile">Create a Login Profile on an IAM User</a></td><td><a href="../AWS/aws.defense-evasion.cloudtrail-stop">Stop CloudTrail Trail</a></td><td><a href="../AWS/aws.credential-access.secretsmanager-retrieve-secrets">Retrieve a High Number of Secrets Manager secrets</a></td><td></td><td></td><td><a href="../AWS/aws.exfiltration.rds-share-snapshot">Exfiltrate RDS Snapshot by Sharing</a></td><td><a href="../AWS/aws.impact.s3-ransomware-individual-deletion">S3 Ransomware through individual file deletion</a></td></tr>
+<tr><td></td><td></td><td><a href="../AWS/aws.persistence.iam-create-user-login-profile">Create a Login Profile on an IAM User</a></td><td><a href="../AWS/aws.persistence.lambda-layer-extension">Add a Malicious Lambda Extension</a></td><td><a href="../AWS/aws.defense-evasion.dns-delete-logs">Delete DNS query logs</a></td><td><a href="../AWS/aws.credential-access.ssm-retrieve-securestring-parameters">Retrieve And Decrypt SSM Parameters</a></td><td></td><td></td><td><a href="../AWS/aws.exfiltration.s3-backdoor-bucket-policy">Backdoor an S3 Bucket via its Bucket Policy</a></td><td></td></tr>
+<tr><td></td><td></td><td><a href="../AWS/aws.persistence.lambda-backdoor-function">Backdoor Lambda Function Through Resource-Based Policy</a></td><td><a href="../AWS/aws.persistence.rolesanywhere-create-trust-anchor">Create an IAM Roles Anywhere trust anchor</a></td><td><a href="../AWS/aws.defense-evasion.organizations-leave">Attempt to Leave the AWS Organization</a></td><td></td><td></td><td></td><td></td><td></td></tr>
+<tr><td></td><td></td><td><a href="../AWS/aws.persistence.lambda-layer-extension">Add a Malicious Lambda Extension</a></td><td><a href="../AWS/aws.privilege-escalation.iam-update-user-login-profile">Change IAM user password</a></td><td><a href="../AWS/aws.defense-evasion.vpc-remove-flow-logs">Remove VPC Flow Logs</a></td><td></td><td></td><td></td><td></td><td></td></tr>
+<tr><td></td><td></td><td><a href="../AWS/aws.persistence.lambda-overwrite-code">Overwrite Lambda Function Code</a></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
+<tr><td></td><td></td><td><a href="../AWS/aws.persistence.rolesanywhere-create-trust-anchor">Create an IAM Roles Anywhere trust anchor</a></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
+<tr><td></td><td></td><td><a href="../AWS/aws.persistence.sts-federation-token">Generate temporary AWS credentials using GetFederationToken</a></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
 </tbody>
 </table>
 </div>
-<h2 style="text-transform: uppercase;">entra-id</h2>
+<h2>Azure</h2>
 <div class="table-container"><table>
-<thead><tr><th>Persistence</th><th>Privilege Escalation</th></tr></thead>
+<thead><tr><th>Execution</th><th>Persistence</th><th>Exfiltration</th></tr></thead>
 <tbody>
-<tr><td><a href="../Entra ID/entra-id.persistence.backdoor-application-sp">Backdoor Entra ID application through service principal</a></td><td><a href="../Entra ID/entra-id.persistence.backdoor-application-sp">Backdoor Entra ID application through service principal</a></td></tr>
-<tr><td><a href="../Entra ID/entra-id.persistence.backdoor-application">Backdoor Entra ID application</a></td><td><a href="../Entra ID/entra-id.persistence.backdoor-application">Backdoor Entra ID application</a></td></tr>
-<tr><td><a href="../Entra ID/entra-id.persistence.guest-user">Create Guest User</a></td><td><a href="../Entra ID/entra-id.persistence.new-application">Create Application</a></td></tr>
-<tr><td><a href="../Entra ID/entra-id.persistence.hidden-au">Create Hidden Scoped Role Assignment Through HiddenMembership AU</a></td><td></td></tr>
-<tr><td><a href="../Entra ID/entra-id.persistence.new-application">Create Application</a></td><td></td></tr>
-<tr><td><a href="../Entra ID/entra-id.persistence.restricted-au">Create Sticky Backdoor User Through Restricted Management AU</a></td><td></td></tr>
+<tr><td><a href="../Azure/azure.execution.vm-custom-script-extension">Execute Command on Virtual Machine using Custom Script Extension</a></td><td><a href="../Azure/azure.persistence.create-bastion-shareable-link">Create Azure VM Bastion shareable link</a></td><td><a href="../Azure/azure.exfiltration.disk-export">Export Disk Through SAS URL</a></td></tr>
+<tr><td><a href="../Azure/azure.execution.vm-run-command">Execute Commands on Virtual Machine using Run Command</a></td><td></td><td></td></tr>
 </tbody>
 </table>
 </div>
-<h2 style="text-transform: uppercase;">GCP</h2>
+<h2>GCP</h2>
 <div class="table-container"><table>
 <thead><tr><th>Persistence</th><th>Privilege Escalation</th><th>Credential Access</th><th>Exfiltration</th></tr></thead>
 <tbody>
@@ -67,7 +61,7 @@ This provides coverage matrices of MITRE ATT&CK tactics and techniques currently
 </tbody>
 </table>
 </div>
-<h2 style="text-transform: uppercase;">kubernetes</h2>
+<h2>Kubernetes</h2>
 <div class="table-container"><table>
 <thead><tr><th>Persistence</th><th>Privilege Escalation</th><th>Credential Access</th></tr></thead>
 <tbody>
@@ -78,20 +72,24 @@ This provides coverage matrices of MITRE ATT&CK tactics and techniques currently
 </tbody>
 </table>
 </div>
-<h2 style="text-transform: uppercase;">AWS</h2>
+<h2>Entra ID</h2>
 <div class="table-container"><table>
-<thead><tr><th>Initial Access</th><th>Execution</th><th>Persistence</th><th>Privilege Escalation</th><th>Defense Evasion</th><th>Credential Access</th><th>Discovery</th><th>Lateral Movement</th><th>Exfiltration</th><th>Impact</th></tr></thead>
+<thead><tr><th>Persistence</th><th>Privilege Escalation</th></tr></thead>
 <tbody>
-<tr><td><a href="../AWS/aws.initial-access.console-login-without-mfa">Console Login without MFA</a></td><td><a href="../AWS/aws.execution.ec2-launch-unusual-instances">Launch Unusual EC2 instances</a></td><td><a href="../AWS/aws.persistence.iam-backdoor-role">Backdoor an IAM Role</a></td><td><a href="../AWS/aws.execution.ec2-user-data">Execute Commands on EC2 Instance via User Data</a></td><td><a href="../AWS/aws.defense-evasion.cloudtrail-delete">Delete CloudTrail Trail</a></td><td><a href="../AWS/aws.credential-access.ec2-get-password-data">Retrieve EC2 Password Data</a></td><td><a href="../AWS/aws.discovery.ec2-enumerate-from-instance">Execute Discovery Commands on an EC2 Instance</a></td><td><a href="../AWS/aws.lateral-movement.ec2-serial-console-send-ssh-public-key">Usage of EC2 Serial Console to push SSH public key</a></td><td><a href="../AWS/aws.exfiltration.ec2-security-group-open-port-22-ingress">Open Ingress Port 22 on a Security Group</a></td><td><a href="../AWS/aws.impact.bedrock-invoke-model">Invoke Bedrock Model</a></td></tr>
-<tr><td></td><td><a href="../AWS/aws.execution.ec2-user-data">Execute Commands on EC2 Instance via User Data</a></td><td><a href="../AWS/aws.persistence.iam-backdoor-user">Create an Access Key on an IAM User</a></td><td><a href="../AWS/aws.persistence.iam-backdoor-user">Create an Access Key on an IAM User</a></td><td><a href="../AWS/aws.defense-evasion.cloudtrail-event-selectors">Disable CloudTrail Logging Through Event Selectors</a></td><td><a href="../AWS/aws.credential-access.ec2-steal-instance-credentials">Steal EC2 Instance Credentials</a></td><td><a href="../AWS/aws.discovery.ec2-download-user-data">Download EC2 Instance User Data</a></td><td><a href="../AWS/aws.lateral-movement.ec2-instance-connect">Usage of EC2 Instance Connect on multiple instances</a></td><td><a href="../AWS/aws.exfiltration.ec2-share-ami">Exfiltrate an AMI by Sharing It</a></td><td><a href="../AWS/aws.impact.s3-ransomware-batch-deletion">S3 Ransomware through batch file deletion</a></td></tr>
-<tr><td></td><td><a href="../AWS/aws.execution.ssm-send-command">Usage of ssm:SendCommand on multiple instances</a></td><td><a href="../AWS/aws.persistence.iam-create-admin-user">Create an administrative IAM User</a></td><td><a href="../AWS/aws.persistence.iam-create-admin-user">Create an administrative IAM User</a></td><td><a href="../AWS/aws.defense-evasion.cloudtrail-lifecycle-rule">CloudTrail Logs Impairment Through S3 Lifecycle Rule</a></td><td><a href="../AWS/aws.credential-access.secretsmanager-batch-retrieve-secrets">Retrieve a High Number of Secrets Manager secrets (Batch)</a></td><td><a href="../AWS/aws.discovery.ses-enumerate">Enumerate SES</a></td><td></td><td><a href="../AWS/aws.exfiltration.ec2-share-ebs-snapshot">Exfiltrate EBS Snapshot by Sharing It</a></td><td><a href="../AWS/aws.impact.s3-ransomware-client-side-encryption">S3 Ransomware through client-side encryption</a></td></tr>
-<tr><td></td><td><a href="../AWS/aws.execution.ssm-start-session">Usage of ssm:StartSession on multiple instances</a></td><td><a href="../AWS/aws.persistence.iam-create-backdoor-role">Create a backdoored IAM Role</a></td><td><a href="../AWS/aws.persistence.iam-create-user-login-profile">Create a Login Profile on an IAM User</a></td><td><a href="../AWS/aws.defense-evasion.cloudtrail-stop">Stop CloudTrail Trail</a></td><td><a href="../AWS/aws.credential-access.secretsmanager-retrieve-secrets">Retrieve a High Number of Secrets Manager secrets</a></td><td></td><td></td><td><a href="../AWS/aws.exfiltration.rds-share-snapshot">Exfiltrate RDS Snapshot by Sharing</a></td><td><a href="../AWS/aws.impact.s3-ransomware-individual-deletion">S3 Ransomware through individual file deletion</a></td></tr>
-<tr><td></td><td></td><td><a href="../AWS/aws.persistence.iam-create-user-login-profile">Create a Login Profile on an IAM User</a></td><td><a href="../AWS/aws.persistence.lambda-layer-extension">Add a Malicious Lambda Extension</a></td><td><a href="../AWS/aws.defense-evasion.dns-delete-logs">Delete DNS query logs</a></td><td><a href="../AWS/aws.credential-access.ssm-retrieve-securestring-parameters">Retrieve And Decrypt SSM Parameters</a></td><td></td><td></td><td><a href="../AWS/aws.exfiltration.s3-backdoor-bucket-policy">Backdoor an S3 Bucket via its Bucket Policy</a></td><td></td></tr>
-<tr><td></td><td></td><td><a href="../AWS/aws.persistence.lambda-backdoor-function">Backdoor Lambda Function Through Resource-Based Policy</a></td><td><a href="../AWS/aws.persistence.rolesanywhere-create-trust-anchor">Create an IAM Roles Anywhere trust anchor</a></td><td><a href="../AWS/aws.defense-evasion.organizations-leave">Attempt to Leave the AWS Organization</a></td><td></td><td></td><td></td><td></td><td></td></tr>
-<tr><td></td><td></td><td><a href="../AWS/aws.persistence.lambda-layer-extension">Add a Malicious Lambda Extension</a></td><td><a href="../AWS/aws.privilege-escalation.iam-update-user-login-profile">Change IAM user password</a></td><td><a href="../AWS/aws.defense-evasion.vpc-remove-flow-logs">Remove VPC Flow Logs</a></td><td></td><td></td><td></td><td></td><td></td></tr>
-<tr><td></td><td></td><td><a href="../AWS/aws.persistence.lambda-overwrite-code">Overwrite Lambda Function Code</a></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
-<tr><td></td><td></td><td><a href="../AWS/aws.persistence.rolesanywhere-create-trust-anchor">Create an IAM Roles Anywhere trust anchor</a></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
-<tr><td></td><td></td><td><a href="../AWS/aws.persistence.sts-federation-token">Generate temporary AWS credentials using GetFederationToken</a></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
+<tr><td><a href="../Entra ID/entra-id.persistence.backdoor-application-sp">Backdoor Entra ID application through service principal</a></td><td><a href="../Entra ID/entra-id.persistence.backdoor-application-sp">Backdoor Entra ID application through service principal</a></td></tr>
+<tr><td><a href="../Entra ID/entra-id.persistence.backdoor-application">Backdoor Entra ID application</a></td><td><a href="../Entra ID/entra-id.persistence.backdoor-application">Backdoor Entra ID application</a></td></tr>
+<tr><td><a href="../Entra ID/entra-id.persistence.guest-user">Create Guest User</a></td><td><a href="../Entra ID/entra-id.persistence.new-application">Create Application</a></td></tr>
+<tr><td><a href="../Entra ID/entra-id.persistence.hidden-au">Create Hidden Scoped Role Assignment Through HiddenMembership AU</a></td><td></td></tr>
+<tr><td><a href="../Entra ID/entra-id.persistence.new-application">Create Application</a></td><td></td></tr>
+<tr><td><a href="../Entra ID/entra-id.persistence.restricted-au">Create Sticky Backdoor User Through Restricted Management AU</a></td><td></td></tr>
+</tbody>
+</table>
+</div>
+<h2>EKS</h2>
+<div class="table-container"><table>
+<thead><tr><th>Persistence</th><th>Privilege Escalation</th><th>Lateral Movement</th></tr></thead>
+<tbody>
+<tr><td><a href="../EKS/eks.persistence.backdoor-aws-auth-configmap">Backdoor aws-auth EKS ConfigMap</a></td><td><a href="../EKS/eks.persistence.backdoor-aws-auth-configmap">Backdoor aws-auth EKS ConfigMap</a></td><td><a href="../EKS/eks.lateral-movement.create-access-entry">Create Admin EKS Access Entry</a></td></tr>
 </tbody>
 </table>
 </div>
diff --git a/v2/tools/generate-coverage-matrices.go b/v2/tools/generate-coverage-matrices.go
@@ -49,9 +49,7 @@ func GenerateCoverageMatrices(index map[stratus.Platform]map[string][]*stratus.A
 	htmlContent := `
 <style>
     .table-container {
-        overflow-x: auto; /* Enables horizontal scrolling */
         max-width: 80%; /* Ensures it doesn't go beyond the page */
-        border: 1px solid #ddd;
         padding: 10px;
         margin-bottom: 20px;
     }
@@ -77,8 +75,11 @@ This provides coverage matrices of MITRE ATT&CK tactics and techniques currently
 `
 
 	// Loop through each platform and generate tables
-	for platform, tacticsMap := range index {
-		htmlContent += fmt.Sprintf("<h2 style=\"text-transform: uppercase;\">%s</h2>\n", platform)
+	allPlatforms := []stratus.Platform{stratus.AWS, stratus.Azure, stratus.GCP, stratus.Kubernetes, stratus.EntraID, stratus.EKS}
+	for _, platform := range allPlatforms {
+		platformDisplayName, _ := platform.FormatName()
+		tacticsMap := index[platform]
+		htmlContent += fmt.Sprintf("<h2>%s</h2>\n", platformDisplayName)
 		htmlContent += `<div class="table-container">` // Add scrollable div
 
 		// Start the table
