Showing Posts About
CloudTrail
-
Alfie Champion - 21 Apr 2021
Attack Detection Fundamentals 2021: AWS - Lab #1
This article demonstrates AWS attack detection fundamentals through a lab exploring IAM reconnaissance techniques. The lab uses a deliberately misconfigured AWS environment to show how an attacker might enumerate user permissions using AWS CLI and CloudTrail log analysis with Athena. The walkthrough highlights the risks of overly permissive IAM policies and the importance of monitoring user activities in cloud environments.
- Alfie Champion
- 21 Apr 2021
Attack Detection Fundamentals 2021: AWS - Lab #2
This article details an AWS security lab demonstrating how an attacker can add an access key and login profile to a compromised user account. The lab explores using Pacu to create additional AWS credentials and gain web console access. CloudTrail log analysis reveals key detection indicators, including changes in user agent and console login without multi-factor authentication.
- Alfie Champion
- 21 Apr 2021
Attack Detection Fundamentals 2021: AWS - Lab #3
This article details an AWS security lab demonstrating an attack scenario involving unauthorized S3 bucket access. The walkthrough covers exfiltrating customer data, modifying user permissions, and deleting files in an S3 bucket. Detection methods using CloudTrail and S3 access logs are explored to track malicious activities and understand the attack's forensic evidence.