Incident Response in the AWS cloud
- Buy now
- Learn more
- Course Resources
- Course References
- AWS CloudTrail CheatSheet
- Athena Cheat Sheet
Welcome

Course Introduction
Lab 1.0 - Getting Started

Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)
Introduction

Course Roadmap & Structure
AWS Basics

AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services
Lab 1.1 - Exploring AWS

Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)
AWS Security

AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake
Lab 1.2 - Investigating a security alert

Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)
AWS Threats

AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team
AWS Attack tools

Overview & Prowler
Demo - Prowler
CloudFox
Other tools
AWS Forensics - Log overview

AWS Forensics - Overview
Approach & Process
AWS Log overview
Log strategy
AWS Forensics - Log acquisition

Log acquisition
Lab 1.3 - Determining log availability

Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)
AWS Forensics - Log processing

Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion
AWS Forensics - Log analysis

Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch
Lab 1.4 - Using Athena for log analysis

Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)
AWS Forensics - Log analysis (CloudTrail)

Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up
Lab 1.5 - Investigating your first AWS incident

Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
AWS Forensics - Log analysis (VPC flow logs)

VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis
AWS Forensics - Log analysis (Other logs)

Route 53 logs - Analysis
Load Balancer logs - Analysis
AWS Forensics - Host forensics

Host Forensics - EC2 & Containers
Host Forensics - SSM
Bonus Lab - Using Cado for cloud incident response

Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)
AWS Attacks

Attack Introduction & Phases
AWS Attacks - Part I

Initial Access
Discovery
Execution
Lab 1.6 - AWS Attacks Part I

Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)
AWS Attacks - Part II

Privilege Escalation
Persistence
Defense Evasion
Lab 1.7 - AWS Attacks Part II

Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)
AWS Attacks - Part III

Credential Access
Lateral Movement
Collection
Impact
Exfiltration
Lab 1.8 - AWS Attacks Part III

Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)
Cloud Incident Response Process

On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity
Cloud Incident Case Study #1 - Ransomware

Case Study - Ransomware
Cloud Incident Case Study #2 - Long compromise

Case Study - Longer Compromise
Capture the Flag (CTF) - Competition

Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password
Course wrap-up

Wrap-up & Next steps
Certificate of Completion - Request

Request certificate

Incident Response in the AWS cloud

Learn how to respond to incidents in AWS! In this course you will learn how to respond to incidents in AWS environments. You will get access to a live training environment in AWS, multiple live attack & defense labs. Last but not least, two CTF challenges where you can showcase your skills!