Incident Response in the AWS cloud
Buy now
Learn more
Course Resources
Course References
AWS CloudTrail CheatSheet
Athena Cheat Sheet
Welcome
Course Introduction
Lab 1.0 - Getting Started
Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)
Introduction
Course Roadmap & Structure
AWS Basics
AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services
Lab 1.1 - Exploring AWS
Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)
AWS Security
AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake
Lab 1.2 - Investigating a security alert
Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)
AWS Threats
AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team
AWS Attack tools
Overview & Prowler
Demo - Prowler
CloudFox
Other tools
AWS Forensics - Log overview
AWS Forensics - Overview
Approach & Process
AWS Log overview
Log strategy
AWS Forensics - Log acquisition
Log acquisition
Lab 1.3 - Determining log availability
Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)
AWS Forensics - Log processing
Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion
AWS Forensics - Log analysis
Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch
Lab 1.4 - Using Athena for log analysis
Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)
AWS Forensics - Log analysis (CloudTrail)
Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up
Lab 1.5 - Investigating your first AWS incident
Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
AWS Forensics - Log analysis (VPC flow logs)
VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis
AWS Forensics - Log analysis (Other logs)
Route 53 logs - Analysis
Load Balancer logs - Analysis
AWS Forensics - Host forensics
Host Forensics - EC2 & Containers
Host Forensics - SSM
Host Forensics - Using Cado
Bonus Lab - Using Cado for cloud incident response
Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)
AWS Attacks
Attack Introduction & Phases
AWS Attacks - Part I
Initial Access
Discovery
Execution
Lab 1.6 - AWS Attacks Part I
Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)
AWS Attacks - Part II
Privilege Escalation
Persistence
Defense Evasion
Lab 1.7 - AWS Attacks Part II
Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)
AWS Attacks - Part III
Credential Access
Lateral Movement
Collection
Impact
Exfiltration
Lab 1.8 - AWS Attacks Part III
Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)
Cloud Incident Response Process
On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity
Cloud Incident Case Study #1 - Ransomware
Case Study - Ransomware
Cloud Incident Case Study #2 - Long compromise
Case Study - Longer Compromise
Capture the Flag (CTF) - Competition
Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password
Course wrap-up
Wrap-up & Next steps
Certificate of Completion - Request
Request certificate
Products
Course
Section
Lesson
Route 53 logs - Analysis
Route 53 logs - Analysis
Incident Response in the AWS cloud
Buy now
Learn more
Course Resources
Course References
AWS CloudTrail CheatSheet
Athena Cheat Sheet
Welcome
Course Introduction
Lab 1.0 - Getting Started
Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)
Introduction
Course Roadmap & Structure
AWS Basics
AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services
Lab 1.1 - Exploring AWS
Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)
AWS Security
AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake
Lab 1.2 - Investigating a security alert
Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)
AWS Threats
AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team
AWS Attack tools
Overview & Prowler
Demo - Prowler
CloudFox
Other tools
AWS Forensics - Log overview
AWS Forensics - Overview
Approach & Process
AWS Log overview
Log strategy
AWS Forensics - Log acquisition
Log acquisition
Lab 1.3 - Determining log availability
Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)
AWS Forensics - Log processing
Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion
AWS Forensics - Log analysis
Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch
Lab 1.4 - Using Athena for log analysis
Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)
AWS Forensics - Log analysis (CloudTrail)
Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up
Lab 1.5 - Investigating your first AWS incident
Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
AWS Forensics - Log analysis (VPC flow logs)
VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis
AWS Forensics - Log analysis (Other logs)
Route 53 logs - Analysis
Load Balancer logs - Analysis
AWS Forensics - Host forensics
Host Forensics - EC2 & Containers
Host Forensics - SSM
Host Forensics - Using Cado
Bonus Lab - Using Cado for cloud incident response
Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)
AWS Attacks
Attack Introduction & Phases
AWS Attacks - Part I
Initial Access
Discovery
Execution
Lab 1.6 - AWS Attacks Part I
Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)
AWS Attacks - Part II
Privilege Escalation
Persistence
Defense Evasion
Lab 1.7 - AWS Attacks Part II
Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)
AWS Attacks - Part III
Credential Access
Lateral Movement
Collection
Impact
Exfiltration
Lab 1.8 - AWS Attacks Part III
Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)
Cloud Incident Response Process
On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity
Cloud Incident Case Study #1 - Ransomware
Case Study - Ransomware
Cloud Incident Case Study #2 - Long compromise
Case Study - Longer Compromise
Capture the Flag (CTF) - Competition
Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password
Course wrap-up
Wrap-up & Next steps
Certificate of Completion - Request
Request certificate
Lesson unavailable
Please
login to your account
or
buy the course
.