all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan

Add to bookmarks
c
Nov. 14, 2023, 1:04 a.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Mitiga. Written by Ariel Szarf and Or Aspir. Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software signed by Amazon. Further investigation reveals that it communicated only with Amazon-owned IP addresses. Now you're faced with a decision to determine your next course of action. Will you continue inves...

abusing access agent alert amazon amazon web services analyst aws binary center ec2 find instance mitiga operations remote access remote access trojan security security operations security operations center services soc software ssm suspicious behavior trojan virustotal web web services written

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
CISOs, AI, and OT: A Balancing Act Between Innovation and Protection 21 hours ago | cloudsecurityalliance.org
act balancing act ben ciso +19
Cl
Microsoft Copilot for Security: Everything You Need to Know 1 day, 17 hours ago | cloudsecurityalliance.org
ai-powered copilot copilot for security cybersecurity +17
Cl
Navigating the Cloud – Beyond “Best Practices” 2 days, 23 hours ago | cloudsecurityalliance.org
architectures best practices beyond businesses +17
Cl
Defining Cloud Key Management: 7 Essential Terms 1 week, 1 day ago | cloudsecurityalliance.org
access access control breaches cloud +26
Cl
How DSPM Can Help Solve Healthcare Cybersecurity Attacks 1 week, 2 days ago | cloudsecurityalliance.org
access access controls article attacks +41
Cl
Considerations When Including AI Implementations in Penetration Testing 1 week, 2 days ago | cloudsecurityalliance.org
application artificial artificial intelligence ask +15
Cl
Five Reasons Why Ransomware Still Reigns 1 week, 2 days ago | cloudsecurityalliance.org
ben ciso consent cxo +15
Cl
DevSecOps Tools 1 week, 2 days ago | cloudsecurityalliance.org
code code management development devops +18
Cl
Post-Quantum Preparedness 1 week, 2 days ago | cloudsecurityalliance.org
availability change code computers +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604
View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö
View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963
View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000
View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto
View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto
View on infosec-jobs.com
View more jobs