Incident Response in the AWS cloud
Buy now
Learn more
Course Resources
Course References
AWS CloudTrail CheatSheet
Athena Cheat Sheet
Welcome
Course Introduction
Lab 1.0 - Getting Started
Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)
Introduction
Course Roadmap & Structure
AWS Basics
AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services
Lab 1.1 - Exploring AWS
Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)
AWS Security
AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake
Lab 1.2 - Investigating a security alert
Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)
AWS Threats
AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team
AWS Attack tools
Overview & Prowler
Demo - Prowler
CloudFox
Other tools
AWS Forensics - Log overview
AWS Forensics - Overview
Approach & Process
AWS Log overview
Log strategy
AWS Forensics - Log acquisition
Log acquisition
Lab 1.3 - Determining log availability
Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)
AWS Forensics - Log processing
Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion
AWS Forensics - Log analysis
Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch
Lab 1.4 - Using Athena for log analysis
Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)
AWS Forensics - Log analysis (CloudTrail)
Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up
Lab 1.5 - Investigating your first AWS incident
Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
AWS Forensics - Log analysis (VPC flow logs)
VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis
AWS Forensics - Log analysis (Other logs)
Route 53 logs - Analysis
Load Balancer logs - Analysis
AWS Forensics - Host forensics
Host Forensics - EC2 & Containers
Host Forensics - SSM
Host Forensics - Using Cado
Bonus Lab - Using Cado for cloud incident response
Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)
AWS Attacks
Attack Introduction & Phases
AWS Attacks - Part I
Initial Access
Discovery
Execution
Lab 1.6 - AWS Attacks Part I
Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)
AWS Attacks - Part II
Privilege Escalation
Persistence
Defense Evasion
Lab 1.7 - AWS Attacks Part II
Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)
AWS Attacks - Part III
Credential Access
Lateral Movement
Collection
Impact
Exfiltration
Lab 1.8 - AWS Attacks Part III
Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)
Cloud Incident Response Process
On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity
Cloud Incident Case Study #1 - Ransomware
Case Study - Ransomware
Cloud Incident Case Study #2 - Long compromise
Case Study - Longer Compromise
Capture the Flag (CTF) - Competition
Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password
Course wrap-up
Wrap-up & Next steps
Certificate of Completion - Request
Request certificate
Products
Course
Incident Response in the AWS cloud
Incident Response in the AWS cloud
Incident Response in the AWS cloud
Buy now
Learn more
Course Resources
Course References
AWS CloudTrail CheatSheet
Athena Cheat Sheet
Welcome
Course Introduction
Lab 1.0 - Getting Started
Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)
Introduction
Course Roadmap & Structure
AWS Basics
AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services
Lab 1.1 - Exploring AWS
Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)
AWS Security
AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake
Lab 1.2 - Investigating a security alert
Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)
AWS Threats
AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team
AWS Attack tools
Overview & Prowler
Demo - Prowler
CloudFox
Other tools
AWS Forensics - Log overview
AWS Forensics - Overview
Approach & Process
AWS Log overview
Log strategy
AWS Forensics - Log acquisition
Log acquisition
Lab 1.3 - Determining log availability
Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)
AWS Forensics - Log processing
Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion
AWS Forensics - Log analysis
Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch
Lab 1.4 - Using Athena for log analysis
Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)
AWS Forensics - Log analysis (CloudTrail)
Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up
Lab 1.5 - Investigating your first AWS incident
Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
AWS Forensics - Log analysis (VPC flow logs)
VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis
AWS Forensics - Log analysis (Other logs)
Route 53 logs - Analysis
Load Balancer logs - Analysis
AWS Forensics - Host forensics
Host Forensics - EC2 & Containers
Host Forensics - SSM
Host Forensics - Using Cado
Bonus Lab - Using Cado for cloud incident response
Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)
AWS Attacks
Attack Introduction & Phases
AWS Attacks - Part I
Initial Access
Discovery
Execution
Lab 1.6 - AWS Attacks Part I
Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)
AWS Attacks - Part II
Privilege Escalation
Persistence
Defense Evasion
Lab 1.7 - AWS Attacks Part II
Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)
AWS Attacks - Part III
Credential Access
Lateral Movement
Collection
Impact
Exfiltration
Lab 1.8 - AWS Attacks Part III
Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)
Cloud Incident Response Process
On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity
Cloud Incident Case Study #1 - Ransomware
Case Study - Ransomware
Cloud Incident Case Study #2 - Long compromise
Case Study - Longer Compromise
Capture the Flag (CTF) - Competition
Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password
Course wrap-up
Wrap-up & Next steps
Certificate of Completion - Request
Request certificate
Learn more
Buy now
Course Resources
Course References
AWS CloudTrail CheatSheet
Athena Cheat Sheet
Welcome
1 Lesson
Course Introduction
Lab 1.0 - Getting Started
2 Lessons
Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)
Introduction
1 Lesson
Course Roadmap & Structure
AWS Basics
9 Lessons
AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services
Lab 1.1 - Exploring AWS
2 Lessons
Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)
AWS Security
6 Lessons
AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake
Lab 1.2 - Investigating a security alert
2 Lessons
Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)
AWS Threats
7 Lessons
AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team
AWS Attack tools
4 Lessons
Overview & Prowler
Demo - Prowler
CloudFox
Other tools
AWS Forensics - Log overview
4 Lessons
AWS Forensics - Overview
Approach & Process
AWS Log overview
Log strategy
AWS Forensics - Log acquisition
1 Lesson
Log acquisition
Lab 1.3 - Determining log availability
2 Lessons
Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)
AWS Forensics - Log processing
6 Lessons
Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion
AWS Forensics - Log analysis
4 Lessons
Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch
Lab 1.4 - Using Athena for log analysis
2 Lessons
Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)
AWS Forensics - Log analysis (CloudTrail)
16 Lessons
Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up
Lab 1.5 - Investigating your first AWS incident
2 Lessons
Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
AWS Forensics - Log analysis (VPC flow logs)
4 Lessons
VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis
AWS Forensics - Log analysis (Other logs)
2 Lessons
Route 53 logs - Analysis
Load Balancer logs - Analysis
AWS Forensics - Host forensics
3 Lessons
Host Forensics - EC2 & Containers
Host Forensics - SSM
Host Forensics - Using Cado
Bonus Lab - Using Cado for cloud incident response
2 Lessons
Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)
AWS Attacks
1 Lesson
Attack Introduction & Phases
AWS Attacks - Part I
3 Lessons
Initial Access
Discovery
Execution
Lab 1.6 - AWS Attacks Part I
2 Lessons
Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)
AWS Attacks - Part II
3 Lessons
Privilege Escalation
Persistence
Defense Evasion
Lab 1.7 - AWS Attacks Part II
2 Lessons
Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)
AWS Attacks - Part III
5 Lessons
Credential Access
Lateral Movement
Collection
Impact
Exfiltration
Lab 1.8 - AWS Attacks Part III
2 Lessons
Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)
Cloud Incident Response Process
6 Lessons
On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity
Cloud Incident Case Study #1 - Ransomware
1 Lesson
Case Study - Ransomware
Cloud Incident Case Study #2 - Long compromise
1 Lesson
Case Study - Longer Compromise
Capture the Flag (CTF) - Competition
4 Lessons
Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password
Course wrap-up
1 Lesson
Wrap-up & Next steps
Certificate of Completion - Request
1 Lesson
Request certificate