Data Events vs. S3 access logs

Data Events vs. S3 access logs

Preview unavailable

You must log in or sign up to view this lesson.

LoginSign up

Incident Response in the AWS cloud

Buy nowLearn more
  • Course Resources
  • Course References
  • AWS CloudTrail CheatSheet
  • Athena Cheat Sheet

Welcome

  • Course Introduction

Lab 1.0 - Getting Started

  • Lab 1.0 - Instructions
  • Lab 1.0 - Walkthrough (with solutions)

Introduction

  • Course Roadmap & Structure

AWS Basics

  • AWS Hierarchy
  • IAM Users & Groups
  • IAM - Policies
  • IAM - Roles
  • Demo - Switching a role
  • Demo - Assuming a role
  • IAM - Roles for IR
  • IAM - Access Analyzer for IR
  • Commonly attacked services

Lab 1.1 - Exploring AWS

  • Lab 1.1 - Instructions
  • Lab 1.1 - Walkthrough (with solutions)

AWS Security

  • AWS security services - Overview
  • Amazon GuardDuty
  • Amazon Inspector
  • Amazon Detective
  • AWS Security Hub
  • AWS Security Lake

Lab 1.2 - Investigating a security alert

  • Lab 1.2 - Instructions
  • Lab 1.2 - Walkthrough (with solutions)

AWS Threats

  • AWS Incidents & Common Threats
  • Common Threats - IAM & S3
  • Common Threats SES & Kubernetes
  • Threat Framework overview & MITRE
  • Hacking The Cloud
  • Stratus Red Team
  • Demo: Simulate attacks with Stratus Red Team

AWS Attack tools

  • Overview & Prowler
  • Demo - Prowler
  • CloudFox
  • Other tools

AWS Forensics - Log overview

  • AWS Forensics - Overview
  • Approach & Process
  • AWS Log overview
  • Log strategy

AWS Forensics - Log acquisition

  • Log acquisition

Lab 1.3 - Determining log availability

  • Lab 1.3 - Instructions
  • Lab 1.3 - Walkthrough (with solutions)

AWS Forensics - Log processing

  • Log destinations
  • CloudWatch
  • Athena
  • Security Lake
  • OpenSearch
  • Conclusion

AWS Forensics - Log analysis

  • Cloud native options in AWS
  • Option 1 - Athena
  • Option 2 - OpenSearch
  • Option 3 - CloudWatch

Lab 1.4 - Using Athena for log analysis

  • Lab 1.4 - Instructions
  • Lab 1.4 - Walkthrough (with solutions)

AWS Forensics - Log analysis (CloudTrail)

  • Overview & Event Types
  • Configuring Trails
  • (Advanced) Event Selectors
  • Management Events - contents
  • CloudTrail analysis - eventName
  • CloudTrail Cheatsheet
  • CloudTrail analysis - userIdentity
  • CloudTrail analysis - requestParameters & responseElements
  • CloudTrail analysis - Other fields
  • Data Events - Overview
  • Data Events vs. S3 access logs
  • CloudTrail Data events - Analysis
  • S3 access logs - Analysis
  • Insights Events
  • CloudTrail analysis - Tips
  • Cloudtrail analysis - wrap-up

Lab 1.5 - Investigating your first AWS incident

  • Lab 1.5 - Instructions
  • Lab 1.5 - Walkthrough (with solutions)

AWS Forensics - Log analysis (VPC flow logs)

  • VPC Introduction
  • VPC Flow logs
  • VPC Flow logs in Athena
  • VPC Flow logs - Analysis

AWS Forensics - Log analysis (Other logs)

  • Route 53 logs - Analysis
  • Load Balancer logs - Analysis

AWS Forensics - Host forensics

  • Host Forensics - EC2 & Containers
  • Host Forensics - SSM

AWS Attacks

  • Attack Introduction & Phases

AWS Attacks - Part I

  • Initial Access
  • Discovery
  • Execution

Lab 1.6 - AWS Attacks Part I

  • Lab 1.6 - Instructions
  • Lab 1.6 - Walkthrough (with solutions)

AWS Attacks - Part II

  • Privilege Escalation
  • Persistence
  • Defense Evasion

Lab 1.7 - AWS Attacks Part II

  • Lab 1.7 Instructions
  • Lab 1.7 - Walkthrough (with solutions)

AWS Attacks - Part III

  • Credential Access
  • Lateral Movement
  • Collection
  • Impact
  • Exfiltration

Lab 1.8 - AWS Attacks Part III

  • Lab 1.8 Instructions
  • Lab 1.8 - Walkthrough (with solutions)

Cloud Incident Response Process

  • On-premise vs. Cloud IR
  • Cloud Incident Response Process
  • Prepare
  • Detection & Analysis
  • Contaiment, Eradication & Recovery
  • Post-Incident Activity

Cloud Incident Case Study #1 - Ransomware

  • Case Study - Ransomware

Cloud Incident Case Study #2 - Long compromise

  • Case Study - Longer Compromise

Capture the Flag (CTF) - Competition

  • Mad Men (CTF) - Instructions
  • Mad Men (CTF) - CTF Password
  • Welcome to crypto (CTF) - Instructions
  • Welcome to crypto (CTF) - CTF password

Course wrap-up

  • Wrap-up & Next steps

Certificate of Completion - Request

  • Request certificate