A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances. In
Tag: ssm
AWS ssm:SendCommand or network agnostic built-in RCE as root
Post-exploitation in cloud can be fun and easy if you have the right permissions. There is no other permission that I would rather have than
Security Café 