Ariel Szarf, Senior Security Researcher

Ariel Szarf works as a Senior Cloud Security Researcher at Mitiga. Prior to that, Ariel was a Cyber Security Specialist Officer in the IDF. In addition, Ariel has a Master’s degree in Computer Science. Today, Ariel researches potential attacks on cloud services and SaaS, and investigates incidents.

Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan

Mitiga's research discovered a significant new post-exploitation security concept: involving the use of Systems Manager (SSM) agent as a Remote Access Trojan (RAT) on Linux and Windows machines, controlling them using another AWS account. We shared our research with the AWS security team and included some of their feedback to this advisory.

More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan

Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software signed by Amazon. Further investigation reveals that it communicated only with Amazon-owned IP addresses.

Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive

After gaining initial access to any platform, data theft (exfiltration) is one of the most common attack vectors used by threat actors.

Guide: CircleCI Breach Cybersecurity Incident Hunting Guide

Learn how to investigate the CircleCI breach with Mitiga’s technical guide to assist organizational threat hunting efforts.

Ariel Szarf

Senior Security Researcher

Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan

More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan

Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive

Guide: CircleCI Breach Cybersecurity Incident Hunting Guide

Book a demo