Skip to content

(fix) AWS Sagemaker Attack Technique - Use DisassociateLifecycleConfig instead of setting name to empty string#781

Merged
christophetd merged 1 commit intomainfrom
simon.marechal/stratus-fix-aws-sagemaker-cleanup
Mar 25, 2026
Merged

(fix) AWS Sagemaker Attack Technique - Use DisassociateLifecycleConfig instead of setting name to empty string#781
christophetd merged 1 commit intomainfrom
simon.marechal/stratus-fix-aws-sagemaker-cleanup

Conversation

@Minosity-VR
Copy link
Copy Markdown
Collaborator

@Minosity-VR Minosity-VR commented Mar 24, 2026

What does this PR do?

Bug Fix: Reverting the aws.execution.sagemaker-update-lifecycle-config attack fails with:

2026/03/24 10:36:46 Cleaning up aws.execution.sagemaker-update-lifecycle-config
2026/03/24 10:36:46 Reverting detonation of technique aws.execution.sagemaker-update-lifecycle-config
2026/03/24 10:36:46 Starting cleanup workflow for Notebook: stratus-red-team-update-sagemaker-config-profile-vuln-notebook and Config: priv-esc-config
2026/03/24 10:36:46 1/4. Stopping notebook instance...
2026/03/24 10:36:47    Notebook is stopped.
2026/03/24 10:36:47 2/4. Detaching lifecycle configuration...
2026/03/24 10:36:47 Cleanup failed: failed to detach lifecycle configuration: operation error SageMaker: UpdateNotebookInstance, https response error StatusCode: 400, RequestID: 35809a0b-bc50-47ec-a0dd-73cb20771198, api error ValidationException: 1 validation error detected: Value '' at 'lifecycleConfigName' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-zA-Z0-9](-*[a-zA-Z0-9])*

By using the DisassociateLifecycleConfig argument to detach the config, it succeed:

./bin/stratus cleanup aws.execution.sagemaker-update-lifecycle-config 

2026/03/24 10:42:49 Cleaning up aws.execution.sagemaker-update-lifecycle-config
2026/03/24 10:42:49 Reverting detonation of technique aws.execution.sagemaker-update-lifecycle-config
2026/03/24 10:42:49 Starting cleanup workflow for Notebook: stratus-red-team-update-sagemaker-config-profile-vuln-notebook and Config: priv-esc-config
2026/03/24 10:42:49 1/4. Stopping notebook instance...
2026/03/24 10:42:50    Notebook is stopped.
2026/03/24 10:42:50 2/4. Detaching lifecycle configuration...
2026/03/24 10:42:50    Detach request successful. Status is now 'Updating'.
2026/03/24 10:42:50 3/4. Waiting for detach update to complete...
2026/03/24 10:43:21    Detach update complete. Notebook is back in 'Stopped' status.
2026/03/24 10:43:21 4/4. Deleting the lifecycle configuration...
2026/03/24 10:43:21 Cleanup complete: Config priv-esc-config deleted.
2026/03/24 10:43:21 Cleaning up technique prerequisites with terraform destroy
+-------------------------------------------------+-----------------------------------------------------------------------------+--------+
| ID                                              | NAME                                                                        | STATUS |
+-------------------------------------------------+-----------------------------------------------------------------------------+--------+
| aws.execution.sagemaker-update-lifecycle-config | Execute Commands on SageMaker Notebook Instance via Lifecycle Configuration | COLD   |
+-------------------------------------------------+-----------------------------------------------------------------------------+--------+

@Minosity-VR Minosity-VR requested review from a team as code owners March 24, 2026 09:49
@Minosity-VR Minosity-VR changed the title Fix AWS Sagemaker Attack Technique - Use DisassociateLifecycleConfig instead of setting name to empty string (fix) AWS Sagemaker Attack Technique - Use DisassociateLifecycleConfig instead of setting name to empty string Mar 24, 2026
@Minosity-VR Minosity-VR mentioned this pull request Mar 24, 2026
Merged
@christophetd christophetd force-pushed the simon.marechal/stratus-fix-aws-sagemaker-cleanup branch from d3a2eba to 25c844e Compare March 25, 2026 12:36
This was referenced Mar 25, 2026
Closed
Merged
@christophetd christophetd force-pushed the simon.marechal/stratus-fix-aws-sagemaker-cleanup branch from 25c844e to b556d70 Compare March 25, 2026 14:41
@christophetd christophetd merged commit 1ec5593 into main Mar 25, 2026
5 checks passed
@christophetd christophetd deleted the simon.marechal/stratus-fix-aws-sagemaker-cleanup branch March 25, 2026 14:55
@campaigner-prod campaigner-prod Bot mentioned this pull request Apr 23, 2026
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@christophetd christophetd christophetd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Minosity-VR @christophetd