all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Security Advisory: Abusing the SSM Agent as a Remote Access Trojan

Add to bookmarks
c
Oct. 2, 2023, 6:32 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally Published by Mitiga. Written by Ariel Szarf and Or Aspir. OverviewMitiga has discovered a new potential post-exploitation technique in AWS (Amazon Web Services): running AWS’s Systems Manager (SSM) agent as a Remote Access Trojan (RAT) on both Linux and Windows machines, controlling the endpoint using another AWS account. We’re sharing this advisory to raise awareness about this new way of abusing the SSM agent that our team developed during our ongoing research in cloud and SaaS (...

abusing access account advisory agent amazon amazon web services aws endpoint exploitation linux machines manager mitiga post-exploitation rat remote access remote access trojan running security security advisory services ssm systems trojan web web services windows written

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
CISOs, AI, and OT: A Balancing Act Between Innovation and Protection 1 day, 5 hours ago | cloudsecurityalliance.org
act balancing act ben ciso +19
Cl
Microsoft Copilot for Security: Everything You Need to Know 2 days, 1 hour ago | cloudsecurityalliance.org
ai-powered copilot copilot for security cybersecurity +17
Cl
Navigating the Cloud – Beyond “Best Practices” 3 days, 7 hours ago | cloudsecurityalliance.org
architectures best practices beyond businesses +17
Cl
Defining Cloud Key Management: 7 Essential Terms 1 week, 1 day ago | cloudsecurityalliance.org
access access control breaches cloud +26
Cl
How DSPM Can Help Solve Healthcare Cybersecurity Attacks 1 week, 2 days ago | cloudsecurityalliance.org
access access controls article attacks +41
Cl
Considerations When Including AI Implementations in Penetration Testing 1 week, 2 days ago | cloudsecurityalliance.org
application artificial artificial intelligence ask +15
Cl
Five Reasons Why Ransomware Still Reigns 1 week, 2 days ago | cloudsecurityalliance.org
ben ciso consent cxo +15
Cl
DevSecOps Tools 1 week, 2 days ago | cloudsecurityalliance.org
code code management development devops +18
Cl
Post-Quantum Preparedness 1 week, 3 days ago | cloudsecurityalliance.org
availability change code computers +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Engineer - Detection and Response

@ Fastly, Inc. | US (Remote)
View on infosec-jobs.com

Application Security Engineer

@ Solidigm | Zapopan, Mexico
View on infosec-jobs.com

Defensive Cyber Operations Engineer-Mid

@ ISYS Technologies | Aurora, CO, United States
View on infosec-jobs.com

Manager, Information Security GRC

@ OneTrust | Atlanta, Georgia
View on infosec-jobs.com

Senior Information Security Analyst | IAM

@ EBANX | Curitiba or São Paulo
View on infosec-jobs.com

Senior Information Security Engineer, Cloud Vulnerability Research

@ Google | New York City, USA; New York, USA
View on infosec-jobs.com
View more jobs