AWS - Lightsail Persistence
Lightsail
For more information check:
AWS - Lightsail EnumDownload Instance SSH keys & DB passwords
They won't be changed probably so just having them is a good option for persistence
Backdoor Instances
An attacker could get access to the instances and backdoor them:
Using a traditional rootkit for example
Adding a new public SSH key
Expose a port with port knocking with a backdoor
DNS persistence
If domains are configured:
Create a subdomain pointing your IP so you will have a subdomain takeover
Create SPF record allowing you to send emails from the domain
Configure the main domain IP to your own one and perform a MitM from your IP to the legit ones
Last updated