Incident Response in the AWS cloud
Buy now
Learn more
Course Resources
Course References
AWS CloudTrail CheatSheet
Athena Cheat Sheet
Welcome
Course Introduction
Lab 1.0 - Getting Started
Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)
Introduction
Course Roadmap & Structure
AWS Basics
AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services
Lab 1.1 - Exploring AWS
Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)
AWS Security
AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake
Lab 1.2 - Investigating a security alert
Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)
AWS Threats
AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team
AWS Attack tools
Overview & Prowler
Demo - Prowler
CloudFox
Other tools
AWS Forensics - Log overview
AWS Forensics - Overview
Approach & Process
AWS Log overview
Log strategy
AWS Forensics - Log acquisition
Log acquisition
Lab 1.3 - Determining log availability
Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)
AWS Forensics - Log processing
Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion
AWS Forensics - Log analysis
Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch
Lab 1.4 - Using Athena for log analysis
Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)
AWS Forensics - Log analysis (CloudTrail)
Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up
Lab 1.5 - Investigating your first AWS incident
Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
AWS Forensics - Log analysis (VPC flow logs)
VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis
AWS Forensics - Log analysis (Other logs)
Route 53 logs - Analysis
Load Balancer logs - Analysis
AWS Forensics - Host forensics
Host Forensics - EC2 & Containers
Host Forensics - SSM
Host Forensics - Using Cado
Bonus Lab - Using Cado for cloud incident response
Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)
AWS Attacks
Attack Introduction & Phases
AWS Attacks - Part I
Initial Access
Discovery
Execution
Lab 1.6 - AWS Attacks Part I
Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)
AWS Attacks - Part II
Privilege Escalation
Persistence
Defense Evasion
Lab 1.7 - AWS Attacks Part II
Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)
AWS Attacks - Part III
Credential Access
Lateral Movement
Collection
Impact
Exfiltration
Lab 1.8 - AWS Attacks Part III
Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)
Cloud Incident Response Process
On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity
Cloud Incident Case Study #1 - Ransomware
Case Study - Ransomware
Cloud Incident Case Study #2 - Long compromise
Case Study - Longer Compromise
Capture the Flag (CTF) - Competition
Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password
Course wrap-up
Wrap-up & Next steps
Certificate of Completion - Request
Request certificate
Products
Course
Section
Lesson
Prepare
Prepare
Incident Response in the AWS cloud
Buy now
Learn more
Course Resources
Course References
AWS CloudTrail CheatSheet
Athena Cheat Sheet
Welcome
Course Introduction
Lab 1.0 - Getting Started
Lab 1.0 - Instructions
Lab 1.0 - Walkthrough (with solutions)
Introduction
Course Roadmap & Structure
AWS Basics
AWS Hierarchy
IAM Users & Groups
IAM - Policies
IAM - Roles
Demo - Switching a role
Demo - Assuming a role
IAM - Roles for IR
IAM - Access Analyzer for IR
Commonly attacked services
Lab 1.1 - Exploring AWS
Lab 1.1 - Instructions
Lab 1.1 - Walkthrough (with solutions)
AWS Security
AWS security services - Overview
Amazon GuardDuty
Amazon Inspector
Amazon Detective
AWS Security Hub
AWS Security Lake
Lab 1.2 - Investigating a security alert
Lab 1.2 - Instructions
Lab 1.2 - Walkthrough (with solutions)
AWS Threats
AWS Incidents & Common Threats
Common Threats - IAM & S3
Common Threats SES & Kubernetes
Threat Framework overview & MITRE
Hacking The Cloud
Stratus Red Team
Demo: Simulate attacks with Stratus Red Team
AWS Attack tools
Overview & Prowler
Demo - Prowler
CloudFox
Other tools
AWS Forensics - Log overview
AWS Forensics - Overview
Approach & Process
AWS Log overview
Log strategy
AWS Forensics - Log acquisition
Log acquisition
Lab 1.3 - Determining log availability
Lab 1.3 - Instructions
Lab 1.3 - Walkthrough (with solutions)
AWS Forensics - Log processing
Log destinations
CloudWatch
Athena
Security Lake
OpenSearch
Conclusion
AWS Forensics - Log analysis
Cloud native options in AWS
Option 1 - Athena
Option 2 - OpenSearch
Option 3 - CloudWatch
Lab 1.4 - Using Athena for log analysis
Lab 1.4 - Instructions
Lab 1.4 - Walkthrough (with solutions)
AWS Forensics - Log analysis (CloudTrail)
Overview & Event Types
Configuring Trails
(Advanced) Event Selectors
Management Events - contents
CloudTrail analysis - eventName
CloudTrail Cheatsheet
CloudTrail analysis - userIdentity
CloudTrail analysis - requestParameters & responseElements
CloudTrail analysis - Other fields
Data Events - Overview
Data Events vs. S3 access logs
CloudTrail Data events - Analysis
S3 access logs - Analysis
Insights Events
CloudTrail analysis - Tips
Cloudtrail analysis - wrap-up
Lab 1.5 - Investigating your first AWS incident
Lab 1.5 - Instructions
Lab 1.5 - Walkthrough (with solutions)
AWS Forensics - Log analysis (VPC flow logs)
VPC Introduction
VPC Flow logs
VPC Flow logs in Athena
VPC Flow logs - Analysis
AWS Forensics - Log analysis (Other logs)
Route 53 logs - Analysis
Load Balancer logs - Analysis
AWS Forensics - Host forensics
Host Forensics - EC2 & Containers
Host Forensics - SSM
Host Forensics - Using Cado
Bonus Lab - Using Cado for cloud incident response
Bonus lab - Instructions
Bonus lab - Walkthrough (with solutions)
AWS Attacks
Attack Introduction & Phases
AWS Attacks - Part I
Initial Access
Discovery
Execution
Lab 1.6 - AWS Attacks Part I
Lab 1.6 - Instructions
Lab 1.6 - Walkthrough (with solutions)
AWS Attacks - Part II
Privilege Escalation
Persistence
Defense Evasion
Lab 1.7 - AWS Attacks Part II
Lab 1.7 Instructions
Lab 1.7 - Walkthrough (with solutions)
AWS Attacks - Part III
Credential Access
Lateral Movement
Collection
Impact
Exfiltration
Lab 1.8 - AWS Attacks Part III
Lab 1.8 Instructions
Lab 1.8 - Walkthrough (with solutions)
Cloud Incident Response Process
On-premise vs. Cloud IR
Cloud Incident Response Process
Prepare
Detection & Analysis
Contaiment, Eradication & Recovery
Post-Incident Activity
Cloud Incident Case Study #1 - Ransomware
Case Study - Ransomware
Cloud Incident Case Study #2 - Long compromise
Case Study - Longer Compromise
Capture the Flag (CTF) - Competition
Mad Men (CTF) - Instructions
Mad Men (CTF) - CTF Password
Welcome to crypto (CTF) - Instructions
Welcome to crypto (CTF) - CTF password
Course wrap-up
Wrap-up & Next steps
Certificate of Completion - Request
Request certificate
Lesson unavailable
Please
login to your account
or
buy the course
.