Login
Invictus Incident Response training/Incident Response in the AWS cloud
Buy now

  • €1,650

Incident Response in the AWS cloud

  • Course
  • 117 Lessons

Learn how to respond to incidents in AWS! In this course you will learn how to respond to incidents in AWS environments. You will get access to a live training environment in AWS, multiple live attack & defense labs. Last but not least, two CTF challenges where you can showcase your skills!
Buy now

Contents

Course Resources
Course References
AWS CloudTrail CheatSheet
Athena Cheat Sheet

Welcome

Course Introduction

Lab 1.0 - Getting Started

Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)

Introduction

Course Roadmap & Structure

AWS Basics

AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services

Lab 1.1 - Exploring AWS

Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)

AWS Security

AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake

Lab 1.2 - Investigating a security alert

Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)

AWS Threats

AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team

AWS Attack tools

Overview & Prowler
Demo - Prowler
CloudFox
Other tools

AWS Forensics - Log overview

AWS Forensics - Overview
Approach & Process
AWS Log overview
Preview
Log strategy

AWS Forensics - Log acquisition

Log acquisition

Lab 1.3 - Determining log availability

Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)

AWS Forensics - Log processing

Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion

AWS Forensics - Log analysis

Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch

Lab 1.4 - Using Athena for log analysis

Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)

AWS Forensics - Log analysis (CloudTrail)

Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up

Lab 1.5 - Investigating your first AWS incident

Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
Preview

AWS Forensics - Log analysis (VPC flow logs)

VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis

AWS Forensics - Log analysis (Other logs)

Route 53 logs - Analysis
Load Balancer logs - Analysis

AWS Forensics - Host forensics

Host Forensics - EC2 & Containers
Host Forensics - SSM

Bonus Lab - Using Cado for cloud incident response

Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)

AWS Attacks

Attack Introduction & Phases

AWS Attacks - Part I

Initial Access
Discovery
Execution

Lab 1.6 - AWS Attacks Part I

Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)

AWS Attacks - Part II

Privilege Escalation
Persistence
Defense Evasion

Lab 1.7 - AWS Attacks Part II

Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)

AWS Attacks - Part III

Credential Access
Preview
Lateral Movement
Collection
Impact
Exfiltration

Lab 1.8 - AWS Attacks Part III

Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)

Cloud Incident Response Process

On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity

Cloud Incident Case Study #1 - Ransomware

Case Study - Ransomware

Cloud Incident Case Study #2 - Long compromise

Case Study - Longer Compromise

Capture the Flag (CTF) - Competition

Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password

Course wrap-up

Wrap-up & Next steps

Certificate of Completion - Request

Request certificate