Or Aspir, Director of Research

As the Director of Research at Mitiga, Or leads the Research group. With a long history in the cybersecurity industry—working as a developer and as a security researcher—his primary mission is to bolster the cybersecurity capabilities within Mitiga’s products, ensuring they remain robust defenses in today's digital landscape Or and his group are dedicated to deepening their understanding of security within the platforms Mitiga supports, to stay ahead of emerging threats and vulnerabilities. Outside of his professional responsibilities, Or finds fulfillment in his passion for playing the piano, drawing upon his previous experience as a Salsa dancing teacher.

How Missing Logs Impact Cloud Security

Microsoft experienced an issue with internal monitoring agents, resulting in incomplete logs for some services. Get more details and recommended next steps.

October 21, 2024

Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan

Mitiga's research discovered a significant new post-exploitation security concept: involving the use of Systems Manager (SSM) agent as a Remote Access Trojan (RAT) on Linux and Windows machines, controlling them using another AWS account. We shared our research with the AWS security team and included some of their feedback to this advisory.

July 31, 2023

More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan

Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software signed by Amazon. Further investigation reveals that it communicated only with Amazon-owned IP addresses.

July 28, 2023

Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive

Mitiga's advisory highlights critical gaps in forensic visibility with Google Drive's Basic license, affecting security and incident investigations. Read on.

May 17, 2023

How Okta Passwords Can Be Compromised: Uncovering a Risk to User Data

Mitiga's research team uncovered a data risk to Okta users due to passwords that can be present in logs. This article outlines the risk and attack method.

March 21, 2023

Guide: CircleCI Breach Cybersecurity Incident Hunting Guide

Learn how to investigate the CircleCI breach with Mitiga’s technical guide to assist organizational threat hunting efforts.

January 9, 2023

Elastic IP Hijacking — A New Attack Vector in AWS

Read Mitiga research about a new post-exploitation attack method, a new way that enables adversaries to hijack public IP addresses for malicious purposes.

December 14, 2022

Uber Cybersecurity Incident: Which Logs Do IR Teams Need to Focus On?

On September the 16th, Uber announced they experienced a major breach in their organization in which malicious actor was able to log in and take over multiple services and internal tools used at Uber. What are some of the logs that IR teams should be focusing on in their investigation?

September 19, 2022

How Transit Gateway VPC Flow Logs Help Incident & Response Readiness

In this blog, we will focus on the security and forensic aspects of Transit Gateway VPC flow logs and expand the way they can be used by organizations to respond to cloud incidents.

July 20, 2022

Log4Shell - identify vulnerable external-facing workloads in AWS

Cloud-based systems should be thoroughly searched for the new Log4j vulnerability (CVE-2021-44228). But this is a daunting task, since you need to search each and every compute instance, from the biggest EC2 instance to the smallest Lambda function. This is where Mitiga can help.

December 13, 2021

Or Aspir