flynnbot@lemmy.capebreton.socialMB to Cybersecurity News@lemmy.capebreton.socialEnglish · 1 year agoHackers Abuse AWS SSM Agent to Perform Various Malicious Activitiesgbhackers.comexternal-linkmessage-square2fedilinkarrow-up12arrow-down10cross-posted to: gbhackers@zerobytes.monster
arrow-up12arrow-down1external-linkHackers Abuse AWS SSM Agent to Perform Various Malicious Activitiesgbhackers.comflynnbot@lemmy.capebreton.socialMB to Cybersecurity News@lemmy.capebreton.socialEnglish · 1 year agomessage-square2fedilinkcross-posted to: gbhackers@zerobytes.monster
minus-squaredbx12@programming.devlinkfedilinkarrow-up3·1 year agoWould be great if they went a bit more in detail how this exploit (?) works and how to defend against it. Is it a config error or just unsafe by default? Are you immediately at risk if you have the SSM agent running?
minus-squarevideodrome@lemmy.capebreton.socialMlinkfedilinkarrow-up1·1 year ago Are you immediately at risk if you have the SSM agent running? No, this is a post-exploitation and used as a way to maintain persistence. Your machine will need to be comprimised in some form first. The original post is so much better -> https://www.mitiga.io/blog/mitiga-security-advisory-abusing-the-ssm-agent-as-a-remote-access-trojan
Would be great if they went a bit more in detail how this exploit (?) works and how to defend against it. Is it a config error or just unsafe by default? Are you immediately at risk if you have the SSM agent running?
No, this is a post-exploitation and used as a way to maintain persistence. Your machine will need to be comprimised in some form first.
The original post is so much better -> https://www.mitiga.io/blog/mitiga-security-advisory-abusing-the-ssm-agent-as-a-remote-access-trojan