August 2, 2023
More on Abusing the Amazon Web Services SSM Agent as a Remote Access TrojanImagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software signed by Amazon. Further investigation reveals that it communicated only with Amazon-owned IP addresses.
August 2, 2023
Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan Mitiga's research discovered a significant new post-exploitation security concept: involving the use of Systems Manager (SSM) agent as a Remote Access Trojan (RAT) on Linux and Windows machines, controlling them using another AWS account. We shared our research with the AWS security team and included some of their feedback to this advisory.
June 1, 2023
Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google DriveAfter gaining initial access to any platform, data theft (exfiltration) is one of the most common attack vectors used by threat actors.
January 10, 2023
CircleCI Cybersecurity Incident Hunting GuideIn response to the recent CircleCI security incident, the Mitiga Research Team shares this technical guide to assist organizational threat hunting efforts.
November 16, 2022
Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS SnapshotsA recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.
August 10, 2022
Google Workspace - Log Insights to Your Threat HuntGoogle Workspace is a popular service for document collaboration for organizations and for individual users. Threat actors note that the popularity of this service is increased, and search for ways to exploit vulnerabilities and misconfigurations, so it is important to know how to hunt for threats in Google Workspace.