AWS - SES Post Exploitation

SES

For more information check:

{{#ref}}
../../aws-services/aws-ses-enum.md
{{#endref}}

`ses:SendEmail`

Send an email.

aws ses send-email --from sender@example.com --destination file://emails.json --message file://message.json
aws sesv2 send-email --from sender@example.com --destination file://emails.json --message file://message.json

Still to test.

`ses:SendRawEmail`

Send an email.

aws ses send-raw-email --raw-message file://message.json

Still to test.

`ses:SendTemplatedEmail`

Send an email based on a template.

aws ses  send-templated-email --source <value> --destination <value> --template <value>

Still to test.

`ses:SendBulkTemplatedEmail`

Send an email to multiple destinations

aws ses send-bulk-templated-email --source <value> --template <value>

Still to test.

`ses:SendBulkEmail`

Send an email to multiple destinations.

aws sesv2 send-bulk-email --default-content <value> --bulk-email-entries <value>

`ses:SendBounce`

Send a bounce email over a received email (indicating that the email couldn't be received). This can only be done up to 24h after receiving the email.

aws ses send-bounce --original-message-id <value> --bounce-sender <value> --bounced-recipient-info-list <value>

Still to test.

`ses:SendCustomVerificationEmail`

This will send a customized verification email. You might need permissions also to created the template email.

aws ses send-custom-verification-email --email-address <value> --template-name <value>
aws sesv2 send-custom-verification-email --email-address <value> --template-name <value>

Still to test.

WorkMail pivot to bypass SES sandbox

When ses:GetAccount shows the account is still in the SES sandbox and ses:ListIdentities returns no verified senders, attackers can pivot to WorkMail to send immediately (no sandbox and higher default quotas) by creating orgs, verifying domains, and registering mailboxes.

{{#ref}}
../aws-workmail-post-exploitation/README.md
{{#endref}}

References

Threat Actors Using AWS WorkMail in Phishing Campaigns