Hands-On Workshop: Building Better Detections | AWS Edition

  • Thursday, 16 Nov 2023 10:00AM EST (16 Nov 2023 15:00 UTC)
  • Speaker: Shaun McCullough

This is a 2-hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, we will work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process and takeaways will be:

  • Establish proper logging to detect the adversarial activity
  • Perform the attack to generate the appropriate artifacts
  • Review the log event data
  • Create an automated process to quickly discover this activity
  • Test that the automated process is working effectively by “re-attacking” the AWS account

Prerequisites: Prepare for this webcast by watching the introductory webcast Building Better Cloud Detections... By Hacking? (AWS Edition)

System Requirements:

  • Laptop with a modern web browser
  • AWS account with root access or an IAM user with Administrator Access permissions
  • If you need an AWS account, you can create a free tier account with root access at https://aws.amazon.com/free/. The cost will be minimal (pennies) to complete the workshop
  • Basic Understanding of AWS is helpful

This content supports materials and concepts from SEC541: Cloud Security Attacker Technique, Monitoring, and Threat Detection