Case Study - Longer Compromise

Case Study - Longer Compromise

Preview unavailable

You must log in or sign up to view this lesson.

LoginSign up

Incident Response in the AWS cloud

Buy nowLearn more
  • Course Resources
  • Course References
  • AWS CloudTrail CheatSheet
  • Athena Cheat Sheet

Welcome

  • Course Introduction

Lab 1.0 - Getting Started

  • Lab 1.0 - Instructions
  • Lab 1.0 - Walkthrough (with solutions)

Introduction

  • Course Roadmap & Structure

AWS Basics

  • AWS Hierarchy
  • IAM Users & Groups
  • IAM - Policies
  • IAM - Roles
  • Demo - Switching a role
  • Demo - Assuming a role
  • IAM - Roles for IR
  • IAM - Access Analyzer for IR
  • Commonly attacked services

Lab 1.1 - Exploring AWS

  • Lab 1.1 - Instructions
  • Lab 1.1 - Walkthrough (with solutions)

AWS Security

  • AWS security services - Overview
  • Amazon GuardDuty
  • Amazon Inspector
  • Amazon Detective
  • AWS Security Hub
  • AWS Security Lake

Lab 1.2 - Investigating a security alert

  • Lab 1.2 - Instructions
  • Lab 1.2 - Walkthrough (with solutions)

AWS Threats

  • AWS Incidents & Common Threats
  • Common Threats - IAM & S3
  • Common Threats SES & Kubernetes
  • Threat Framework overview & MITRE
  • Hacking The Cloud
  • Stratus Red Team
  • Demo: Simulate attacks with Stratus Red Team

AWS Attack tools

  • Overview & Prowler
  • Demo - Prowler
  • CloudFox
  • Other tools

AWS Forensics - Log overview

  • AWS Forensics - Overview
  • Approach & Process
  • AWS Log overview
  • Log strategy

AWS Forensics - Log acquisition

  • Log acquisition

Lab 1.3 - Determining log availability

  • Lab 1.3 - Instructions
  • Lab 1.3 - Walkthrough (with solutions)

AWS Forensics - Log processing

  • Log destinations
  • CloudWatch
  • Athena
  • Security Lake
  • OpenSearch
  • Conclusion

AWS Forensics - Log analysis

  • Cloud native options in AWS
  • Option 1 - Athena
  • Option 2 - OpenSearch
  • Option 3 - CloudWatch

Lab 1.4 - Using Athena for log analysis

  • Lab 1.4 - Instructions
  • Lab 1.4 - Walkthrough (with solutions)

AWS Forensics - Log analysis (CloudTrail)

  • Overview & Event Types
  • Configuring Trails
  • (Advanced) Event Selectors
  • Management Events - contents
  • CloudTrail analysis - eventName
  • CloudTrail Cheatsheet
  • CloudTrail analysis - userIdentity
  • CloudTrail analysis - requestParameters & responseElements
  • CloudTrail analysis - Other fields
  • Data Events - Overview
  • Data Events vs. S3 access logs
  • CloudTrail Data events - Analysis
  • S3 access logs - Analysis
  • Insights Events
  • CloudTrail analysis - Tips
  • Cloudtrail analysis - wrap-up

Lab 1.5 - Investigating your first AWS incident

  • Lab 1.5 - Instructions
  • Lab 1.5 - Walkthrough (with solutions)

AWS Forensics - Log analysis (VPC flow logs)

  • VPC Introduction
  • VPC Flow logs
  • VPC Flow logs in Athena
  • VPC Flow logs - Analysis

AWS Forensics - Log analysis (Other logs)

  • Route 53 logs - Analysis
  • Load Balancer logs - Analysis

AWS Forensics - Host forensics

  • Host Forensics - EC2 & Containers
  • Host Forensics - SSM

AWS Attacks

  • Attack Introduction & Phases

AWS Attacks - Part I

  • Initial Access
  • Discovery
  • Execution

Lab 1.6 - AWS Attacks Part I

  • Lab 1.6 - Instructions
  • Lab 1.6 - Walkthrough (with solutions)

AWS Attacks - Part II

  • Privilege Escalation
  • Persistence
  • Defense Evasion

Lab 1.7 - AWS Attacks Part II

  • Lab 1.7 Instructions
  • Lab 1.7 - Walkthrough (with solutions)

AWS Attacks - Part III

  • Credential Access
  • Lateral Movement
  • Collection
  • Impact
  • Exfiltration

Lab 1.8 - AWS Attacks Part III

  • Lab 1.8 Instructions
  • Lab 1.8 - Walkthrough (with solutions)

Cloud Incident Response Process

  • On-premise vs. Cloud IR
  • Cloud Incident Response Process
  • Prepare
  • Detection & Analysis
  • Contaiment, Eradication & Recovery
  • Post-Incident Activity

Cloud Incident Case Study #1 - Ransomware

  • Case Study - Ransomware

Cloud Incident Case Study #2 - Long compromise

  • Case Study - Longer Compromise

Capture the Flag (CTF) - Competition

  • Mad Men (CTF) - Instructions
  • Mad Men (CTF) - CTF Password
  • Welcome to crypto (CTF) - Instructions
  • Welcome to crypto (CTF) - CTF password

Course wrap-up

  • Wrap-up & Next steps

Certificate of Completion - Request

  • Request certificate